CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-15920 – kernel: use-after-free information leak in SMB2_read
https://notcve.org/view.php?id=CVE-2019-15920
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_read en el archivo fs/cifs/smb2pdu.c presenta un uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 1CVE-2019-15921 – kernel: memory leak in genl_register_family() in net/netlink/genetlink.c
https://notcve.org/view.php?id=CVE-2019-15921
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.6. Se presenta un problema de pérdida de memoria cuando la función idr_alloc() presenta un fallo en la función genl_register_family() en el archivo net/netlink/genetlink.c. A flaw was found in the genl_register_family function in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15922
https://notcve.org/view.php?id=CVE-2019-15922
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.9. Se presenta una desreferencia del puntero NULL para una estructura de datos pf si la función alloc_disk presenta un fallo en el archivo drivers/block/paride/pf.c. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15923
https://notcve.org/view.php?id=CVE-2019-15923
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.9. Se presenta una desreferencia del puntero NULL para una estructura de datos cd si la función alloc_disk presenta un fallo en el archivo drivers/block/paride/pf.c. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15924 – kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c
https://notcve.org/view.php?id=CVE-2019-15924
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.11. La función fm10k_init_module en el archivo drivers/net/ethernet/intel/fm10k/fm10k_main.c presenta una desreferencia del puntero NULL porque no existe -ENOMEM tras un fallo de alloc_workqueue. A flaw was found in the wa... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-15916 – kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
https://notcve.org/view.php?id=CVE-2019-15916
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.0.1. Se presenta una pérdida de memoria en la función register_queue_kobjects() en el archivo net/core/net-sysfs.c, lo que causará una denegación de servicio. A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker w... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.6EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15902
https://notcve.org/view.php?id=CVE-2019-15902
04 Sep 2019 — A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Se descubiró... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15807 – kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
https://notcve.org/view.php?id=CVE-2019-15807
29 Aug 2019 — In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. En el kernel de Linux versiones anteriores a 5.1.13, se presenta una pérdida de memoria en la biblioteca drivers/scsi/libsas/sas_expander.c cuando no se detecta el expansor SAS. Esto provocará un BUG y una denegación de servicio. A memory leak flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15666 – kernel: out-of-bounds array access in __xfrm_policy_unlink
https://notcve.org/view.php?id=CVE-2019-15666
27 Aug 2019 — An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. Se descubrió un fallo en el núcleo de Linux en versiones anteriores a 5.0.19. Hay un acceso a array fuera de límites en __xfrm_policy_unlink, lo que causará una denegación del servicio, ya que verify_newpolicy_info en net/xfrm/xfrm_user.c gestiona mal la validación ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 42EXPL: 0CVE-2019-15538 – kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c
https://notcve.org/view.php?id=CVE-2019-15538
25 Aug 2019 — An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Se descubrió un problema en xfs_setattr_nonsize en fs / xfs / xfs_iops.c en el kernel de ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-400: Uncontrolled Resource Consumption •