Memory Leak Vulnerability in spi_gpio_probe() Function in Linux Kernel

Memory Leak Vulnerability in spi_gpio_probe() Function in Linux Kernel

CVE-2019-19070 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.