CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19536
https://notcve.org/view.php?id=CVE-2019-19536
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. En el kernel de Linux versiones anteriores a la versión 5.2.9, hay un bug de filtrado de información que puede ser causado por un dispositivo USB malicioso en el controlador del archivo drivers/net/can/usb/peak_usb/pcan_usb_pro.c, también se conoce como CID-ead16e53c2f0. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://www.openwall.com/lists/oss-security/2019/12/03/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ead16e53c2f0ed946d82d4037c630e2f60f4ab69 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html • CWE-909: Missing Initialization of Resource •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19537 – kernel: race condition caused by a malicious USB device in the USB character device driver layer
https://notcve.org/view.php?id=CVE-2019-19537
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. En el kernel de Linux versiones anteriores a 5.2.10, se presenta un bug de condición de carrera que puede ser causado por un dispositivo USB malicioso en la capa del controlador del dispositivo de caracteres USB, también se conoce como CID-303911cfc5b9. Esto afecta al archivo drivers/usb/core/file.c. A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://www.openwall.com/lists/oss-security/2019/12/03/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://access.redhat.com/security/cve& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-19462
https://notcve.org/view.php?id=CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net https://security.netapp.com/advisory/ntap-20210129-0004 https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8 https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531 https://syzkaller&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19377
https://notcve.org/view.php?id=CVE-2019-19377
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs diseñada, realizar algunas operaciones y desmontarlas puede conllevar a un uso de la memoria previamente liberada en la función btrfs_queue_work en el archivo fs/btrfs/async-thread.c. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4367-1 https://usn.ubuntu.com/4369-1 https://usn.ubuntu.com/4414-1 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-14897
https://notcve.org/view.php?id=CVE-2019-14897
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. Se encontró un desbordamiento de búfer en la región stack de la memoria en el kernel de Linux, versión kernel-2.6.32, en el controlador del chip WiFi de Marvell. Un atacante es capaz de causar una denegación de servicio (bloqueo del sistema) o, posiblemente, ejecutar código arbitrario, cuando una STA funciona en modo IBSS (permite conectar estaciones juntas sin el uso de un AP) y se conecta a otra STA. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •