A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. CREATE(Triage):(User=admin) [CVE-2019-19066|https://nvd.nist.gov/vuln/detail/CVE-2019-19066]