Unrated severityNVD Advisory· Published Nov 7, 2019· Updated Aug 5, 2024

CVE-2019-18811

Description

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.

Affected products

Linux/Linux kerneldescription
osv-coords
pkg:rpm/almalinux/kernel-tools-libs-devel
Range: < 4.18.0-305.el8

Patches

45c1380358b1

ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data

https://github.com/torvalds/linuxNavid EmamdoostOct 27, 2019via osv

commit

1 file changed · +3 −1

sound/soc/sof/ipc.c+3 −1 modified

@@ -572,8 +572,10 @@ static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev,
 	else
 		err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata,
 					       sparams);
-	if (err < 0)
+	if (err < 0) {
+		kfree(partdata);
 		return err;
+	}
 
 	msg_bytes = sparams->msg_bytes;
 	pl_size = sparams->pl_size;

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/4284-1/mitrevendor-advisoryx_refsource_UBUNTU
github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34abmitrex_refsource_MISC
security.netapp.com/advisory/ntap-20191205-0001/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000