CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18813
https://notcve.org/view.php?id=CVE-2019-18813
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. Una pérdida de memoria en la función dwc3_pci_probe() en el archivo drivers/usb/dwc3/dwc3-pci.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) mediante la activación de fallos de la función platform_device_add_properties(), también se conoce como CID -9bbfceea12a8. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4225-2 https://usn.ubuntu.com/4226-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 2CVE-2019-18804
https://notcve.org/view.php?id=CVE-2019-18804
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. DjVuLibre versión 3.5.27, presenta una desreferencia del puntero NULL en la función DJVU::filter_fv en el archivo IW44EncodeCodec.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AW • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18786
https://notcve.org/view.php?id=CVE-2019-18786
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. En el kernel de Linux versiones hasta 5.3.8, f->fmt.sdr.reserved no se inicializa en la función rcar_drif_g_fmt_sdr_cap en el archivo drivers/media/platform/rcar_drif.c, lo que podría causar un problema de divulgación de memoria. • https://patchwork.linuxtv.org/patch/59542 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5068
https://notcve.org/view.php?id=CVE-2019-5068
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Existe una vulnerabilidad de permisos de memoria compartida explotable en la funcionalidad de X11 de Mesa 3D Graphics Library versión 19.1.2. Un atacante puede acceder a la memoria compartida sin ningún permiso específico para activar esta vulnerabilidad. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 https://usn.ubuntu.com/4271-1 • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3CVE-2019-18683
https://notcve.org/view.php?id=CVE-2019-18683
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •