CVE-2019-18904: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2019-18904 is a vulnerability discovered in SUSE's RMT (Repository Mirroring Tool) server that affects the offline migrations endpoint. The vulnerability was identified in January 2020 and relates to a resource exhaustion issue where the system's CPU could be consumed entirely when processing migration requests (SUSE Bugzilla).

The vulnerability is classified as a resource exhaustion issue (CWE-400) where the offline migrations endpoint would consume 100% CPU load when processing certain migration requests. The issue occurs specifically during offline migrations from SLES 12 SP4 to SLES 15 SP1, causing the migration engine to generate an excessive number of database requests. This results in request timeouts and system hangs (SUSE Bugzilla).

When exploited, the vulnerability causes the RMT server to become unresponsive, effectively creating a denial of service condition. The issue not only prevents customers from performing system migrations but also impacts the overall RMT server functionality. Both offline and online migrations are affected, with clients experiencing read timeouts and connection failures (SUSE Bugzilla).

SUSE has released security updates to address this vulnerability. The fix was included in rmt-server version 2.5.2 and later versions. Updates were released for multiple SUSE Linux Enterprise versions including Server for SAP 15, Server 15-LTSS, Module for Server Applications 15, and High Performance Computing 15-LTSS (SUSE Bugzilla).