CVE-2019-15117
https://notcve.org/view.php?id=CVE-2019-15117
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. La función parse_audio_mixer_unit en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente un descriptor corto, conllevando a un acceso a la memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-15118
https://notcve.org/view.php?id=CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. La función check_input_term en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente la recursión, conllevando al agotamiento de la pila del kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https:& • CWE-674: Uncontrolled Recursion •
CVE-2019-15098
https://notcve.org/view.php?id=CVE-2019-15098
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath6kl/usb.c en el kernel de Linux versiones hasta 5.2.9 presenta una desreferencia del puntero NULL mediante una dirección incompleta en un descriptor de endpoint. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/09/27/1 http://www.openwall.com/lists/oss-security/2019/09/27/2 http://www.openwall.com/lists/oss-security/2019/09/27/3 https://lists.debian.org/debian-lts-announce/2020/01/msg00013& • CWE-476: NULL Pointer Dereference •
CVE-2019-15090 – kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
https://notcve.org/view.php?id=CVE-2019-15090
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Se detectó un problema en el archivo drivers/scsi/qedi/qedi_dbg.c en el kernel de Linux versiones anteriores a 5.1.12. En la familia de funciones qedi_dbg_*, se presenta una lectura fuera de límites. An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qedi/qedi_dbg.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc https://security.netapp.com/advisory/ntap-20190905-0002 https://usn.ubuntu.com/4115-1 https://us • CWE-125: Out-of-bounds Read •
CVE-2019-10140 – kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c
https://notcve.org/view.php?id=CVE-2019-10140
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). Se encontró una vulnerabilidad en la implementación de overlayfs, versiones hasta 3.10, del kernel de Linux. Un atacante con acceso local puede crear una situación de denegación de servicio por medio de una desreferencia del puntero NULL en la función ovl_posix_acl_create en el archivo fs/overlayfs/dir.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 https://security.netapp.com/advisory/ntap-20190905-0002 https://access.redhat.com/security/cve/CVE-2019-10140 https://bugzilla.redhat.com/show_bug.cgi?id=1677778 • CWE-476: NULL Pointer Dereference •