CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18885
https://notcve.org/view.php?id=CVE-2019-18885
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. El archivo fs/btrfs/volumes.c en el kernel de Linux versiones anteriores a la versión 5.1, permite una desreferencia del puntero NULL de la función btrfs_verify_dev_extents por medio de una imagen btrfs especialmente diseñada porque fs_devices-)devices es manejada inapropiadamente dentro de find_device, también se conoce como CID-09ba3bc9dd15. • https://github.com/bobfuzzer/CVE-2019-18885 http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1 https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4254-1 https://usn.ubuntu.com& • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2243
https://notcve.org/view.php?id=CVE-2010-2243
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. Se presenta una vulnerabilidad en el archivo kernel/time/clocksource.c en el kernel de Linux versiones anteriores a 2.6.34, donde en sistemas non-GENERIC_TIME (GENERIC_TIME=n), acceder a /sys/devices/system/clocksource/clocksource0/current_clocksource resulta en un OOPS. • https://access.redhat.com/security/cve/cve-2010-2243 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad6759fbf35d104dbf573cd6f4c6784ad6823f7e https://security-tracker.debian.org/tracker/CVE-2010-2243 https://www.openwall.com/lists/oss-security/2010/06/25/1 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18806
https://notcve.org/view.php?id=CVE-2019-18806
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. Una pérdida de memoria en la función ql_alloc_large_buffers() en el archivo drivers/net/ethernet/qlogic/qla3xxx.c en el kernel de Linux versiones anteriores a 5.3.5, permite a usuarios locales causar una denegación de servicio (consumo de memoria) mediante la activación de fallos de la función pci_dma_mapping_error(), también se conoce como CID-1acb8f2a7a9f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18807
https://notcve.org/view.php?id=CVE-2019-18807
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11. Dos fugas de memoria en la función sja1105_static_config_upload() en el archivo drivers/net/dsa/sja1105/sja1105_spi.c en el kernel de Linux versiones anteriores a 5.3.5, permiten a atacantes causar una denegación de servicio (consumo de memoria) mediante la activación de fallos de la función static_config_buf_prepare_for_upload() o sja1105_inhibit_tx(), también se conoce como CID-68501df92d11. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68501df92d116b760777a2cfda314789f926476f https://security.netapp.com/advisory/ntap-20191205-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18808 – kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
https://notcve.org/view.php?id=CVE-2019-18808
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. Una pérdida de memoria en la función ccp_run_sha_cmd() en el archivo drivers/crypto/ccp/ccp-ops.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-128c66429247. A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://www.openwall.com/lists/oss-security/2021/09/14/1 https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubun • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •