CVE-2019-19050
https://notcve.org/view.php?id=CVE-2019-19050
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. Una pérdida de memoria en la función crypto_reportstat() en el archivo crypto/crypto_user_stat.c en el kernel de Linux versiones hasta 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función crypto_reportstat_alg(), también se conoce como CID-c03b04dcdba1. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19044
https://notcve.org/view.php?id=CVE-2019-19044
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. Dos pérdidas de memoria en la función v3d_submit_cl_ioctl() en el archivo drivers/gpu/drm/v3d/v3d_gem.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función kcalloc() o v3d_job_init(), también se conoce como CID-29cd13cfd762. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4225-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-18805 – kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2019-18805
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. Se detectó un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la función tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegación de servicio o posiblemente a otro impacto no especificado, también se conoce como CID -19fad20d15a6. A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) is set incorrectly. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html https://access.redhat.com/errata/RHSA-2020:0740 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 https://security.netapp.com/advisory/ntap-20191205-0001 https://access.redhat.com/security/cve/CVE-2019-18805 https: • CWE-190: Integer Overflow or Wraparound •
CVE-2019-18683
https://notcve.org/view.php?id=CVE-2019-18683
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-2215 – Android Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevación de privilegios desde una aplicación en el kernel de Linux. No es requerida una interacción del usuario para explotar esta vulnerabilidad, sin embargo, la explotación necesita de la instalación de una aplicación local maliciosa o una vulnerabilidad separada en una aplicación de red. Producto: Android; ID de Android: A-141720095 Android suffers from a use-after-free vulnerability in the binder driver at /drivers/android/binder.c. Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. • https://www.exploit-db.com/exploits/48129 https://www.exploit-db.com/exploits/47463 https://github.com/timwr/CVE-2019-2215 https://github.com/LIznzn/CVE-2019-2215 https://github.com/ATorNinja/CVE-2019-2215 https://github.com/stevejubx/CVE-2019-2215 https://github.com/c3r34lk1ll3r/CVE-2019-2215 https://github.com/qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215 https://github.com/mufidmb38/CVE-2019-2215 https://github.com/Byte-Master-101/CVE-2019-2215 https: • CWE-416: Use After Free •