CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20096
https://notcve.org/view.php?id=CVE-2019-20096
30 Dec 2019 — In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. En el kernel de Linux versiones anteriores a la versión 5.1, hay una pérdida de memoria en la función __feat_register_sp() en el archivo net/dccp/feat.c, lo que puede causar una denegación de servicio, también se conoce como CID-1d3ff0950e2b. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-20054 – kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
https://notcve.org/view.php?id=CVE-2019-20054
28 Dec 2019 — In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. En el kernel de Linux versiones anteriores a la versión 5.0.6, hay una desreferencia del puntero NULL en la función drop_sysctl_table() en el archivo fs/proc/proc_sysctl.c, relacionado con put_links, también se conoce como CID-23da9588037e. A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has a... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-1474
https://notcve.org/view.php?id=CVE-2011-1474
26 Dec 2019 — A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash. Se encontró una vulnerabilidad de DOS explotable localmente en pax-linux versiones 2.6.32.33-test79.patch, 2.6.38-test3.patch y 2.6.3... • http://seclists.org/oss-sec/2011/q1/579 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.7EPSS: 0%CPEs: 24EXPL: 1CVE-2019-19965
https://notcve.org/view.php?id=CVE-2019-19965
25 Dec 2019 — In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. En el kernel de Linux versiones hasta 5.4.6, se presenta una desreferencia del puntero NULL en el archivo drivers/scsi/libsas/sas_discover.c debido a un manejo inapropiado de la desconexión del puerto durante la detección, relacionado con una condición de carrera baja PHY, tambié... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 1CVE-2019-19966
https://notcve.org/view.php?id=CVE-2019-19966
25 Dec 2019 — In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. En el kernel de Linux versiones anteriores a 5.1.6, se presenta un uso de la memoria previamente liberada de la función cpia2_exit() en el archivo drivers/media/usb/cpia2/cpia2_v4l.c que causará una denegación de servicio, también se conoce como CID-dea37a972655. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0CVE-2019-19947
https://notcve.org/view.php?id=CVE-2019-19947
23 Dec 2019 — In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. En el kernel de Linux versiones hasta 5.4.6, se presenta un filtrado de información de la memoria no inicializada hacia un dispositivo USB en el archivo controlador drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c, también se conoce como CID-da2311a6385c. • http://www.openwall.com/lists/oss-security/2019/12/24/1 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
https://notcve.org/view.php?id=CVE-2019-5108
23 Dec 2019 — An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentic... • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-19922 – kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
https://notcve.org/view.php?id=CVE-2019-19922
22 Dec 2019 — kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-perfo... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 1CVE-2019-19816
https://notcve.org/view.php?id=CVE-2019-19816
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c,... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19241 – Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
https://notcve.org/view.php?id=CVE-2019-19241
16 Dec 2019 — In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that conte... • https://www.exploit-db.com/exploits/47779 •