CVE-2019-15916: High severity ibm data risk manager vulnerability

Q: What is the severity of CVE-2019-15916?

CVE-2019-15916 is classified as a high severity vulnerability due to its potential to leak kernel memory and cause a denial of service.

Q: How do I fix CVE-2019-15916?

To resolve CVE-2019-15916, upgrade to a kernel version that is patched, such as kernel-rt 0:3.10.0-1127.rt56.1093.el7 or kernel-alt 0:4.14.0-115.18.1.el7a.

Q: What systems are affected by CVE-2019-15916?

CVE-2019-15916 affects various Linux kernel versions prior to 5.0.1, specifically those in the Red Hat ecosystem.

Q: Can CVE-2019-15916 lead to data breaches?

Yes, CVE-2019-15916 can potentially lead to sensitive data exposure through kernel memory leaks.

Q: What is the impact of CVE-2019-15916 on system stability?

CVE-2019-15916 can cause system instability, resulting in kernel panics and denial of service scenarios.

Published Sep 4, 2019

Updated

A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system.

Other sources

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in registerqueuekobjects() in net/core/net-sysfs.c, which will cause denial of service.

An issue was discovered in the Linux kernels network tun/tap device creation. An attacker with local account can issue an ioctl to a device which can cause a small memory leak which can not be reclaimed. Each time this attack is repeated additional memory is leaked and this may eventually consume all memory in the system causing a denial of service DOS.

Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab

— Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a memory leak in registerqueuekobjects() in net/core/net-sysfs.c. A local attacker could exploit this vulnerability to cause the system to crash.

— IBM

Affected Software

16 affected componentsFixes available

redhat/kernel-rt<0:3.10.0-1127.rt56.1093.el7

0:3.10.0-1127.rt56.1093.el7

redhat/kernel-alt<0:4.14.0-115.18.1.el7a

0:4.14.0-115.18.1.el7a

redhat/kernel<0:3.10.0-1127.el7

0:3.10.0-1127.el7

redhat/kernel<0:3.10.0-957.56.1.el7

0:3.10.0-957.56.1.el7

redhat/kernel<0:3.10.0-1062.26.1.el7

0:3.10.0-1062.26.1.el7

redhat/kernel-rt<0:4.18.0-147.rt24.93.el8

0:4.18.0-147.rt24.93.el8

redhat/kernel<0:4.18.0-147.el8

0:4.18.0-147.el8

IBM Data Risk Manager<=2.0.6

Linux Linux kernel>=2.6.38<3.16.70

Linux Linux kernel>=3.17<3.18.137

Linux Linux kernel>=3.19<4.4.177

Linux Linux kernel>=4.5<4.9.163

Linux Linux kernel>=4.10<4.14.106

Linux Linux kernel>=4.15<4.19.28

Linux Linux kernel>=4.20<4.20.15

Linux Linux kernel>=5.0<5.0.1

Remediation

Patch Available

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab

Event History

Sep 4, 2019

CVE Published

12:00 AM

CVE Published

via MITRE·02:58 PM

Data Sourced

via MITRE·02:58 PM

Description

Sep 10, 2019

Data Sourced

via Red Hat·02:05 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is the severity of CVE-2019-15916?

CVE-2019-15916 is classified as a high severity vulnerability due to its potential to leak kernel memory and cause a denial of service.

How do I fix CVE-2019-15916?