Page 259 of 2811 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-20812 – kernel: af_packet: TPACKET_V3: invalid timer timeout on error

https://notcve.org/view.php?id=CVE-2019-20812

An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. Se detectó un problema en el kernel de Linux versiones anteriores a 5.4.7. La función prb_calc_retire_blk_tmo() en el archivo net/packet/af_packet.c puede resultar en una denegación de servicio (consumo de CPU y bloqueo suave) en un caso de fallo que involucra TPACKET_V3, también se conoce como CID-b43d1f9f7067. A flaw was found in the way the af_packet functionality in the Linux kernel handled the retirement timer setting for TPACKET_v3 when getting settings from the underlying network device errors out. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b43d1f9f7067c6759b1051e8ecb84e82cef569fe https://www.oracle.com/security-alerts/cpuApr2021.html https://access.redhat.com/security/cve/CVE-2019-20812 https://bugzilla.redhat.com/show_bug.cgi?id=1846462 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-20810

https://notcve.org/view.php?id=CVE-2019-20810

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. La función go7007_snd_init en el archivo driversdrivers/media/usb/go7007/snd-go7007.c en el kernel de Linux versiones anteriores a 5.6, no llama a snd_card_free para una ruta de fallo, lo que causa una pérdida de memoria, también se conoce como CID-9453264ef586. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://usn.ubuntu.com/4427-1 https://usn.ubuntu.com/4439-1 https://usn.ubuntu.com/4440 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-20806

https://notcve.org/view.php?id=CVE-2019-20806

An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. Se descubrió un problema en el kernel de Linux versiones anteriores a la versión 5.2. Tiene una desreferencia del puntero NULL en la función tw5864_handle_frame() en el archivo drivers/media/pci/tw5864/tw5864-video.c, que puede causar una denegación de servicio, también se conoce como CID-2e7682ebfc75. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e7682ebfc750177a4944eeb56e97a3f05734528 https://github.com/torvalds/linux/commit/2e7682ebfc750177a4944eeb56e97a3f05734528 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200619-0001 https://www.debian.org/security/2020/dsa-4698 • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0

CVE-2020-12888 – Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

https://notcve.org/view.php?id=CVE-2020-12888

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado. A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://www.openwall.com/lists/oss-security/2020/05/19/6 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0

CVE-2020-10711 – Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic

https://notcve.org/view.php?id=CVE-2020-10711

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •