CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de enteros y lectura fuera de límites. Puede ser activado por un usuario local sin privilegios cuando se ha insertado un disquete. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https& • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20856 – kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
https://notcve.org/view.php?id=CVE-2018-20856
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443. A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation. • http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://access.redhat.com/errata/RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3217 https://access&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20855
https://notcve.org/view.php?id=CVE-2018-20855
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. Se detectó un problema en el kernel de Linux anterior a versión 4.18.7. En create_qp_common en archivo drivers/infiniband/hw/mlx5/qp.c, la función mlx5_ib_create_qp_resp nunca fue inicializada, resultando en una pérdida de memoria de pila en el espacio de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00 https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00 https://security.netapp.com/advisory/ntap-20190905-0002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20854
https://notcve.org/view.php?id=CVE-2018-20854
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read. Se detectó un problema en el kernel de Linux anterior a versión 4.20. El archivo drivers/phy/mscc/phy-ocelot-serdes.c presenta un error por un paso (off-by-one) con un resultado de lectura fuera de límites de ctrl-)phys. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1 https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1 https://security.netapp.com/advisory/ntap-20190905-0002 https://support.f5.com/csp/article/K32450233 https://support.f5.com/csp/article/K32450233?utm_source=f5support&%3Butm_medium=RSS • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13648 – kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
https://notcve.org/view.php?id=CVE-2019-13648
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una denegación de servicio (excepción de TM Bad Thing y bloqueo del sistema) por medio de una llamada de sistema de la función sigreturn() que envía una trama de señal diseñada. Esto afecta a los archivos arch/powerpc/kernel/signal_32.c y arch/powerpc/kernel/signal_64.c. A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/07/30/1 https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •