CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19767 – kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
https://notcve.org/view.php?id=CVE-2019-19767
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. El kernel de Linux versión anterior a 5.4.2 maneja inapropiadamente la función ext4_expand_extra_isize, como es demostrado por un error de uso de la memoria previamente liberada en las funciones __ext4_expand_extra_isize y ext4_xattr_set_entry, relacionadas con los archivos fs/ext4/inode.c y fs/ext4/super.c, también se conoce como CID-4ea99936a163. A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=205609 https://bugzilla.kernel.org/show_bug.cgi?id=205707 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html h • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19769
https://notcve.org/view.php?id=CVE-2019-19769
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). En el kernel de Linux versión 5.3.10, se presenta un uso de la memoria previamente liberada en la función perf_trace_lock_acquire (relacionada con el archivo include/trace/events/lock.h). • https://bugzilla.kernel.org/show_bug.cgi?id=205705 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF4PQZBEPNXDSK5DOBMW54OCLP25FTCD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJSIZWKW7RDHKU3CHC5BFAQI43NVHLUQ https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4368-1 https://usn.ubuntu.com/4369-1 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19770 – kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c
https://notcve.org/view.php?id=CVE-2019-19770
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace ** EN DISPUTA ** En el kernel de Linux versión 4.19.83, presenta un uso de la memoria previamente liberada en la función debugfs_remove en el archivo fs/debugfs/inode.c (que se usa para eliminar un archivo o directorio en debugfs que se creó previamente con una llamada a otra función debugfs como debugfs_create_file). NOTA: Los desarrolladores del kernel de Linux disputan este problema como no un problema con debugfs, sino que es un problema con el mal uso de debugfs dentro de blktrace. A use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://bugzilla.kernel.org/show_bug.cgi?id=205713 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org https://security.netapp.com/advisory/ntap-20200103-0001 https://access.redhat.com/security/cve/CVE-2019-19770 https://bugzilla.redhat.com/show_bug.cgi?id=1786179 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-19602 – kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS
https://notcve.org/view.php?id=CVE-2019-19602
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. La función fpregs_state_valid en el archivo arch/x86/include/asm/fpu/internal.h en el kernel de Linux versiones anteriores a 5.4.2, cuando es usado GCC versión 9, permite a atacantes dependiendo del contexto causar una denegación de servicio (corrupción de memoria) o posiblemente tener otros impactos no especificados debido a un almacenamiento en caché incorrecto de fpu_fpregs_owner_ctx, como es demostrado por el manejo inapropiado de la preferencia no cooperativa basada en señal en Go versiones 1.14 preliminares a amd64, también se conoce como CID-59c4 anywhere53abc. A flaw was found in the Linux kernel. When compiled with GCC 9, a vector register corruption occurs on return from a signal handler where the top page of the signal stack had not yet been paged in which can allow a local attacker with special user privilege (or root) to leak kernel internal information. The highest threat from this vulnerability is to data confidentiality. • https://bugzilla.kernel.org/show_bug.cgi?id=205663 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 https://github.com/golang/go/issues/35777#issuecomment-561935388 https://github.com/torvalds/linux/commit/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4284-1 https://access.redhat.com/security/cve/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19543 – kernel: use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c
https://notcve.org/view.php?id=CVE-2019-19543
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. En el kernel de Linux versiones anteriores a 5.1.6, se presenta un uso de la memoria previamente liberada en la función serial_ir_init_module() en el archivo drivers/media/rc/serial_ir.c. A flaw was found in the Linux kernel’s infrared serial module. An attacker could use this flaw to corrupt memory and possibly escalate privileges. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56cd26b618855c9af48c8301aa6754ced8dd0beb https://security.netapp.com/advisory/ntap-20200924-0005 https://access.redhat.com/security/cve/CVE-2019-19543 https://bugzilla.redhat.com/show_bug.cgi?id=1781810 • CWE-416: Use After Free •