CVSS: 4.7EPSS: 0%CPEs: 24EXPL: 1CVE-2019-19965 – Ubuntu Security Notice USN-4284-1
https://notcve.org/view.php?id=CVE-2019-19965
25 Dec 2019 — In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. En el kernel de Linux versiones hasta 5.4.6, se presenta una desreferencia del puntero NULL en el archivo drivers/scsi/libsas/sas_discover.c debido a un manejo inapropiado de la desconexión del puerto durante la detección, relacionado con una condición de carrera baja PHY, tambié... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 1CVE-2019-19966
https://notcve.org/view.php?id=CVE-2019-19966
25 Dec 2019 — In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. En el kernel de Linux versiones anteriores a 5.1.6, se presenta un uso de la memoria previamente liberada de la función cpia2_exit() en el archivo drivers/media/usb/cpia2/cpia2_v4l.c que causará una denegación de servicio, también se conoce como CID-dea37a972655. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0CVE-2019-19947 – Ubuntu Security Notice USN-4427-1
https://notcve.org/view.php?id=CVE-2019-19947
23 Dec 2019 — In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. En el kernel de Linux versiones hasta 5.4.6, se presenta un filtrado de información de la memoria no inicializada hacia un dispositivo USB en el archivo controlador drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c, también se conoce como CID-da2311a6385c. Timothy Michaud discovered that the i915 graphics driver in the Lin... • http://www.openwall.com/lists/oss-security/2019/12/24/1 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
https://notcve.org/view.php?id=CVE-2019-5108
23 Dec 2019 — An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentic... • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-19922 – kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
https://notcve.org/view.php?id=CVE-2019-19922
22 Dec 2019 — kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-perfo... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 1CVE-2019-19816 – Ubuntu Security Notice USN-4709-1
https://notcve.org/view.php?id=CVE-2019-19816
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c,... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 1%CPEs: 20EXPL: 1CVE-2019-19813 – Ubuntu Security Notice USN-4414-1
https://notcve.org/view.php?id=CVE-2019-19813
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs especialmente diseñada, realizar algunas o... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2019-19448 – Ubuntu Security Notice USN-4578-1
https://notcve.org/view.php?id=CVE-2019-19448
08 Dec 2019 — In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. En el kernel de Linux versiones 5.0.21 y 5.3.11, montando una imagen de sistema de archivos btrfs diseñada, al realizar algunas operaciones y luego haciendo una llamada de sistem... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 2CVE-2019-19447 – kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
https://notcve.org/view.php?id=CVE-2019-19447
08 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. En el kernel de Linux versión 5.0.21, montando una imagen de sistema de archivos ext4 diseñada, al realizar algunas operaciones y desmontarla puede conllevar a un uso de la memoria previamente liberada en la función ext4_put_super en el archivo fs/ext4/super.c, relacionado con la fun... • https://github.com/Trinadh465/linux-4.19.72_CVE-2019-19447 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 1CVE-2019-19318 – Ubuntu Security Notice USN-4414-1
https://notcve.org/view.php?id=CVE-2019-19318
27 Nov 2019 — In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la f... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •