CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15220 – Ubuntu Security Notice USN-4147-1
https://notcve.org/view.php?id=CVE-2019-15220
19 Aug 2019 — An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.1. Se presenta un uso de memoria previamente liberada causado por un dispositivo USB malicioso en el controlador drivers/net/wireless/intersil/p54/p54usb.c . It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vu... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 1CVE-2019-15222
https://notcve.org/view.php?id=CVE-2019-15222
19 Aug 2019 — An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.8. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador sound/usb/helper.c (motu_microbookii). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15117 – Ubuntu Security Notice USN-4147-1
https://notcve.org/view.php?id=CVE-2019-15117
16 Aug 2019 — parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. La función parse_audio_mixer_unit en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente un descriptor corto, conllevando a un acceso a la memoria fuera de límites. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vuln... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-15118 – Ubuntu Security Notice USN-4147-1
https://notcve.org/view.php?id=CVE-2019-15118
16 Aug 2019 — check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. La función check_input_term en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente la recursión, conllevando al agotamiento de la pila del kernel. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate att... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-674: Uncontrolled Recursion •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15098 – Ubuntu Security Notice USN-4184-2
https://notcve.org/view.php?id=CVE-2019-15098
16 Aug 2019 — drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath6kl/usb.c en el kernel de Linux versiones hasta 5.2.9 presenta una desreferencia del puntero NULL mediante una dirección incompleta en un descriptor de endpoint. USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. A... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-15099 – kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
https://notcve.org/view.php?id=CVE-2019-15099
16 Aug 2019 — drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath10k/usb.c en el kernel de Linux versiones hasta 5.2.8, presenta una desreferencia del puntero NULL por medio de una dirección incompleta en un descriptor de endpoint. A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the at... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10207 – kernel: null-pointer dereference in hci_uart_set_flow_control
https://notcve.org/view.php?id=CVE-2019-10207
12 Aug 2019 — A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. Se encontró un fallo en la implementación Bluetooth del kernel de Linux de UART, todas las versiones del kernel 3.x.x anteriores a 4.18.0 y kernel 5.x.x. Un atacante con acceso local y permisos de escrit... • https://github.com/butterflyhack/CVE-2019-10207 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14284 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-14284
26 Jul 2019 — In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-369: Divide By Zero •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
26 Jul 2019 — In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13648 – kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
https://notcve.org/view.php?id=CVE-2019-13648
19 Jul 2019 — In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una dene... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •