CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20855
https://notcve.org/view.php?id=CVE-2018-20855
26 Jul 2019 — An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. Se detectó un problema en el kernel de Linux anterior a versión 4.18.7. En create_qp_common en archivo drivers/infiniband/hw/mlx5/qp.c, la función mlx5_ib_create_qp_resp nunca fue inicializada, resultando en una pérdida de memoria de pila en el espacio de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20854
https://notcve.org/view.php?id=CVE-2018-20854
26 Jul 2019 — An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. Se detectó un problema en el kernel de Linux anterior a versión 4.20. El archivo drivers/phy/mscc/phy-ocelot-serdes.c presenta un error por un paso (off-by-one) con un resultado de lectura fuera de límites de ctrl-)phys. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13648 – kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
https://notcve.org/view.php?id=CVE-2019-13648
19 Jul 2019 — In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una dene... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13631 – kernel: OOB writes in parse_hid_report_descriptor in drivers/input/tablet/gtco.c
https://notcve.org/view.php?id=CVE-2019-13631
17 Jul 2019 — In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. En la función parse_hid_report_descriptor en el archivo drivers/input/tablet/gtco.c en el kernel de Linux hasta versión 5.2.1, un dispositivo USB malicioso puede enviar un informe HID que desencadena una escritura fuera de límites durante la generación de mensajes de depuración. A flaw was ... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 25CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2019-13272
16 Jul 2019 — In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect mar... • https://www.exploit-db.com/exploits/47133 • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10639 – Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
https://notcve.org/view.php?id=CVE-2019-10639
05 Jul 2019 — The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10638 – Kernel: net: weak IP ID generation leads to remote device tracking
https://notcve.org/view.php?id=CVE-2019-10638
05 Jul 2019 — In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. En el kern... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13233 – kernel: use-after-free in arch/x86/lib/insn-eval.c
https://notcve.org/view.php?id=CVE-2019-13233
04 Jul 2019 — In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. En arch/x86/lib/insn-eval.c en el kernel de Linux en versiones anteriores a la 5.1.9, hay un uso de memoria previamente liberada para acceder a una entrada LDT debido a una condición de carrera entre modify_ldt () y una excepción #BR para una violación de los límites de MPX. A vulnerability was fou... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12984
https://notcve.org/view.php?id=CVE-2019-12984
26 Jun 2019 — A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. Una vulnerabilidad de desreferencia del puntero NULL en la función nfc_genl_deactivate_target() en net/nfc/netlink.c en el kernel de Linux antes de la versión 5.1.13 puede ser desencadenada por un programa malintencionado en modo de usuario que omite ciert... • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
24 Jun 2019 — arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-787: Out-of-bounds Write •