{"id":"CVE-2019-19049","details":"A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot","modified":"2026-03-12T23:07:58.602694Z","published":"2019-11-18T06:15:11.640Z","related":["SUSE-SU-2019:3200-1","SUSE-SU-2019:3289-1","SUSE-SU-2019:3316-1","SUSE-SU-2019:3317-1","SUSE-SU-2019:3371-1","SUSE-SU-2019:3372-1","SUSE-SU-2019:3381-1","SUSE-SU-2020:0093-1","SUSE-SU-2020:0599-1","SUSE-SU-2020:0613-1","openSUSE-SU-2019:2675-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1157173"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.17"},{"fixed":"4.4.200"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.200"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.153"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.83"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.3.10"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19049.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}