Login Sign Up

CVE-2019-19074

7.5 HIGH
Denial of Service

📋 TL;DR

A memory leak vulnerability in the ath9k_wmi_cmd() function in the Linux kernel's Atheros wireless driver allows attackers to cause denial of service through memory consumption. This affects Linux systems using ath9k wireless hardware through kernel version 5.3.11. The vulnerability requires local access or ability to send crafted wireless packets to the target system.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions through 5.3.11
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ath9k wireless drivers; systems without Atheros wireless hardware or with the driver disabled are not vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or unavailability due to memory exhaustion, requiring physical or remote console access to reboot.

🟠

Likely Case

Degraded system performance leading to service disruption, particularly affecting wireless functionality.

🟢

If Mitigated

Minimal impact with proper memory limits and monitoring in place; system remains functional but may experience temporary performance issues.

🌐 Internet-Facing: LOW - Requires wireless access or local system access; not directly exploitable over standard internet protocols.
🏢 Internal Only: MEDIUM - Internal attackers with wireless access or local system privileges could exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send crafted wireless packets or local system access; no public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.3.12 and later

Vendor Advisory: https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.3.12 or later. 2. For distributions with backported patches, apply security updates. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable ath9k wireless driver

linux

Prevents exploitation by disabling the vulnerable driver module

sudo modprobe -r ath9k
echo 'blacklist ath9k' | sudo tee /etc/modprobe.d/blacklist-ath9k.conf

Use alternative wireless hardware

all

Replace Atheros wireless hardware with non-vulnerable alternatives

🧯 If You Can't Patch

  • Implement strict memory limits using cgroups or ulimit to contain memory consumption
  • Monitor system memory usage and implement alerts for abnormal consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and ath9k module usage: uname -r && lsmod | grep ath9k

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.3.12 or later: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages in /var/log/kern.log
  • Abnormal memory consumption in system logs
  • Wireless interface errors

Network Indicators:

  • Unusual wireless packet patterns to ath9k interfaces

SIEM Query:

source="kernel" AND ("oom-killer" OR "ath9k" OR "memory exhaustion")

📊 Metadata

CVE ID: CVE-2019-19074
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: November 18, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19074, you might also want to check these:

CVE-2019-17340 8.8

This vulnerability in Xen hypervisor allows x86 guest OS users to cause denial of service or potenti...

Same vulnerability type (CWE-401)
CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)