CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2020-8649 – kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
https://notcve.org/view.php?id=CVE-2020-8649
06 Feb 2020 — There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función vgacon_invert_region en el archivo drivers/video/console/vgacon.c. A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds r... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14898 – kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
https://notcve.org/view.php?id=CVE-2019-14898
04 Feb 2020 — The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. La corrección para el CVE-2019-11599, que afectaba al kernel de Linux versiones anteriores a 5.0.10, no estaba completa. Un usuario local podría usar este fallo para conseguir infomación confidencial, causar una dene... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8428
https://notcve.org/view.php?id=CVE-2020-8428
28 Jan 2020 — fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. El archivo fs/namei.c en el kernel de Linux versiones anteriores a 5.5, presenta una vulnerabilidad de uso de ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20422
https://notcve.org/view.php?id=CVE-2019-20422
27 Jan 2020 — In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. En el kernel de Linux versiones anteriores a 5.3.4, la función fib6_rule_lookup en el archivo net/ipv6/ip6_fib.c maneja inapropiadamente el flag RT6_LOOKUP_F_DST_NOREF en una decisión de conteo de referencias, lo que conlleva a (por ejemplo) un bloqueo que fue identificado po... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2019-18282 – kernel: The flow_dissector feature allows device tracking
https://notcve.org/view.php?id=CVE-2019-18282
16 Jan 2020 — The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a ... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7053 – kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c
https://notcve.org/view.php?id=CVE-2020-7053
14 Jan 2020 — In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. En el kernel de Linux versión 4.14 a largo plazo versiones hasta 4.14.165 y versiones 4.19 a largo plazo hasta 4.19.96 (y versiones 5.x anteriores a 5.2), se presenta un uso de la me... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19338 – Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
https://notcve.org/view.php?id=CVE-2019-19338
09 Jan 2020 — A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW m... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-19332 – Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
https://notcve.org/view.php?id=CVE-2019-19332
09 Jan 2020 — An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Se encontró un problema de escritura de memoria fuera de límites en el kernel de Linux, versiones 3.13 hasta 5.4, en la manera en que el... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19927
https://notcve.org/view.php?id=CVE-2019-19927
31 Dec 2019 — In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. En el kernel de Linux versión 5.0.0-rc7 (distribuido en ubuntu/linux.git en kernel.ubuntu.com), montar una imagen de sistema de archivos f2fs especialmente diseñada y llevar a cabo algunas operaciones pued... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2019-20095 – kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
https://notcve.org/view.php?id=CVE-2019-20095
30 Dec 2019 — mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. La función mwifiex_tm_cmd en el archivo drivers/net/wireless/marvell/mwifiex/cfg80211.c en el kernel de Linux versiones anteriores a la versión 5.1.6 tiene algunos casos de manejo de errores que no liberaron la memoria hostcmd asignada, también se conoce como CID-... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •