How severe is CVE-2019-20794?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2019-20794?

This is classified as CWE-772, which is a common weakness in software security.

CVE-2019-20794 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.

Related Vulnerabilities

CVE-2017-3803

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue t...

CWE-7722017

CVE-2021-0132

MEDIUM

CVSS:4.9(Medium)

Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network acce...

CWE-7722021

CVE-2021-47389

MEDIUM

CVSS:5.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sev_decommission in sev_receive_start DECOMMISSION the current SEV context if binding an ASID fails after RECE...

CWE-7722021

CVE-2010-5321

MEDIUM

CVSS:4.3(Medium)

Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /d...

CWE-7722010

CVE-2017-1283

MEDIUM

CVSS:4.3(Medium)

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM...

CWE-7722017

CVE-2018-18443

MEDIUM

CVSS:4.3(Medium)

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.

CWE-7722018