CVSS: 7.1EPSS: 0%CPEs: 20EXPL: 1CVE-2019-19813 – Ubuntu Security Notice USN-4414-1
https://notcve.org/view.php?id=CVE-2019-19813
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs especialmente diseñada, realizar algunas o... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19814
https://notcve.org/view.php?id=CVE-2019-19814
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos f2fs especialmente diseñada puede causar un acceso de escritura fuera de límites en la función __remove_dirty_segment porque una matriz está limitada por parte del número de tipos sucios (8) pero el í... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19241 – Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
https://notcve.org/view.php?id=CVE-2019-19241
16 Dec 2019 — In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that conte... • https://packetstorm.news/files/id/155669 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19807 – kernel: use-after-free in sound/core/timer.c
https://notcve.org/view.php?id=CVE-2019-19807
15 Dec 2019 — In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. En el kernel de Linux versiones anteriores a la versión 5.3.11, el archivo sound/core/timer.c tiene un uso de la memoria previamente liberada causado por una refactorización... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19767 – kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
https://notcve.org/view.php?id=CVE-2019-19767
12 Dec 2019 — The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. El kernel de Linux versión anterior a 5.4.2 maneja inapropiadamente la función ext4_expand_extra_isize, como es demostrado por un error de uso de la memoria previamente liberada en las funciones __ext4_expand_extra_isize y ext4_xattr_set_entry, relacionadas con los archivos fs/ex... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19769 – Ubuntu Security Notice USN-4369-1
https://notcve.org/view.php?id=CVE-2019-19769
12 Dec 2019 — In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). En el kernel de Linux versión 5.3.10, se presenta un uso de la memoria previamente liberada en la función perf_trace_lock_acquire (relacionada con el archivo include/trace/events/lock.h). It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially... • https://bugzilla.kernel.org/show_bug.cgi?id=205705 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19770 – kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c
https://notcve.org/view.php?id=CVE-2019-19770
12 Dec 2019 — In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace ** EN DISPUTA ** En el kernel de Linux versión 4.19.83, presenta un uso de la memoria previame... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2019-19768 – kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
https://notcve.org/view.php?id=CVE-2019-19768
12 Dec 2019 — In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). En el kernel de Linux versión 5.4.0-rc2, se presenta un uso de la memoria previamente liberada en la función __blk_add_trace en el archivo kernel/trace/blktrace.c (que se usa para completar una estructura blk_io_trace y colocarla en un per-cpu sub-buffer). A use-after-free vulnerability was found ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19449 – Ubuntu Security Notice USN-5137-2
https://notcve.org/view.php?id=CVE-2019-19449
08 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). En el kernel de Linux versión 5.0.21, montando una imagen de sistema de archivos f2fs diseñada puede conllevar a un acceso de lectura fuera de límites en la función f2fs_build_segment_manager en el archivo fs/f2fs/segment.c, relacio... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2019-19448 – Ubuntu Security Notice USN-4578-1
https://notcve.org/view.php?id=CVE-2019-19448
08 Dec 2019 — In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. En el kernel de Linux versiones 5.0.21 y 5.3.11, montando una imagen de sistema de archivos btrfs diseñada, al realizar algunas operaciones y luego haciendo una llamada de sistem... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 • CWE-416: Use After Free •