CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16232 – Ubuntu Security Notice USN-4904-1
https://notcve.org/view.php?id=CVE-2019-16232
11 Sep 2019 — drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/wireless/marvell/libertas/if_sdio.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A l... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 13%CPEs: 42EXPL: 0CVE-2019-15538 – kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c
https://notcve.org/view.php?id=CVE-2019-15538
25 Aug 2019 — An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Se descubrió un problema en xfs_setattr_nonsize en fs / xfs / xfs_iops.c en el kernel de ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 75%CPEs: 43EXPL: 29CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2019-13272
16 Jul 2019 — In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect mar... • https://packetstorm.news/files/id/165051 • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
24 Jun 2019 — arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-12614 – kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-12614
03 Jun 2019 — An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Se descubrió un problema en dlpar_parse_cc_property en arch / powerpc / platform / pseries / dlpar.c en el kernel de Linux hasta la versión 5.1.6. Hay un kstrdup sin marcar de prop-> name, que podría permitir que un atacante provoque u... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2019-3846 – kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2019-3846
03 Jun 2019 — A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Se encontró un fallo que permitía a un atacante corromper la memoria y posiblemente aumentar los privilegios en el módulo del kernel mwifiex mientras se conectaba a una red inalámbrica maliciosa. A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure
https://notcve.org/view.php?id=CVE-2019-11833
15 May 2019 — fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-11884 – kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
https://notcve.org/view.php?id=CVE-2019-11884
10 May 2019 — The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. La función do_hidp_sock_ioctl en net/bluetooth/hidp/sock.c en el kernel de Linux, versiones anteriores a 5.0.15, permite a un usuario local obtener información potencialmente sensible de la memoria de la pila del kernel a través de un comando HI... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
25 Apr 2019 — An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras ma... • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3882 – kernel: denial of service vector through vfio DMA mappings
https://notcve.org/view.php?id=CVE-2019-3882
24 Apr 2019 — A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bl... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •