CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7191 – kernel: denial of service via ioctl call in network tun handling
https://notcve.org/view.php?id=CVE-2018-7191
17 May 2019 — In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. En el subsistema tun en el kernel de Linux anterior a 4.13.14, dev_get_valid_name no es llamada antes de register_netdevice. Esto permite que los usuarios locales causen una denegación de servicio (NU... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure
https://notcve.org/view.php?id=CVE-2019-11833
15 May 2019 — fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-11884 – kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
https://notcve.org/view.php?id=CVE-2019-11884
10 May 2019 — The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. La función do_hidp_sock_ioctl en net/bluetooth/hidp/sock.c en el kernel de Linux, versiones anteriores a 5.0.15, permite a un usuario local obtener información potencialmente sensible de la memoria de la pila del kernel a través de un comando HI... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2018-20836 – kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
https://notcve.org/view.php?id=CVE-2018-20836
07 May 2019 — An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria. A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2019-11810 – kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
https://notcve.org/view.php?id=CVE-2019-11810
07 May 2019 — An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 5.0.7. Una desreferencia de puntero NULL puede ocurrir cuando falla megasas_create_frame_pool() en megasas_alloc_cmds() en drivers/scsi/megaraid/megaraid_sas_base.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2019-11487 – kernel: Count overflow in FUSE request leading to use-after-free issues.
https://notcve.org/view.php?id=CVE-2019-11487
23 Apr 2019 — The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de m... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-11486
https://notcve.org/view.php?id=CVE-2019-11486
23 Apr 2019 — The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7470
https://notcve.org/view.php?id=CVE-2013-7470
23 Apr 2019 — cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. cipso_v4_validate en include/net/cipso_ipv4. h en el kernel de Linux anterior a la versión 3.11.7, cuando CONFIG_NETLABEL está desactivado, permite a los atacantes causar una Denegación de Servicio (bucle infinito y bloqueo), como es demostrado en ic... • https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
22 Apr 2019 — A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during ... • http://www.securityfocus.com/bid/89937 • CWE-667: Improper Locking •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-11191
https://notcve.org/view.php?id=CVE-2019-11191
11 Apr 2019 — The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported ** EN DISPUTA ** En el kernel de ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •