CVE-2019-9857
https://notcve.org/view.php?id=CVE-2019-9857
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. En el kernel de Linux hasta la versión 5.0.2, la función inotify_update_existing_watch() en fs/notify/inotify/inotify_user.c no llama a fsnotify_put_mark() con IN_MASK_CREATE tras fsnotify_find_mark(), lo que provocará una fuga de memoria, también conocida como filtrado de refcount. Finalmente, esto provocará una denegación de servicio. • http://www.securityfocus.com/bid/107527 https://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs.git/commit/?h=fsnotify&id=62c9d2674b31d4c8a674bee86b7edc6da2803aea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXLZ2V2ES37A3J7DMK4MZYIWV2LEZFLM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PPH3B7FJOMWD5JWUPZKB6T44KNT4PX2L https://patchwork.kernel.org/patch/10836283 https://security.netapp.com/advisory/ntap-20190404-0002 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-7221 – Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer
https://notcve.org/view.php?id=CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene un uso de memoria previamente liberada. A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html http://www.openwall.com/lists/oss-security/2019/02/18/2 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4058 https://bugs.chromiu • CWE-416: Use After Free •
CVE-2019-7222 – Kernel: KVM: leak of uninitialized stack contents to guest
https://notcve.org/view.php?id=CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene una fuga de información. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html http://www.openwall.com/lists/oss-security/2019/02/18/2 http://www.securityfocus.com/bid/106963 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-7308 – Linux Insufficient eBPF Spectre V1 Mitigation
https://notcve.org/view.php?id=CVE-2019-7308
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. En el kernel de Linux, en versiones anteriores a la 4.20.6, "kernel/bpf/verifier.c" realiza especulaciones fuera de límites no deseables en la aritmética de punteros en varias ocasiones, incluyendo casos de diferentes ramas con distintos estados o límites que hay que sanear, conduciendo a ataques de canal lateral. It has been discovered that the Linux eBPF Spectre v1 mitigation is insufficient. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://www.securityfocus.com/bid/106827 https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6 https://github.com/torvalds/ • CWE-189: Numeric Errors •
CVE-2016-10741 – kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c
https://notcve.org/view.php?id=CVE-2016-10741
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. En el kernel de Linux, en versiones anteriores a la 4.9.3, "fs/xfs/xfs_aops.c" permite a los usuarios locales provocar una denegación de servicio (cierre inesperado del sistema) debido a que hay una condición de carrera entre el I/O directo y el mapeado con la memoria (asociado con un agujero) que se maneja con BUG_ON en vez de un fallo I/O. It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598 http://www.securityfocus.com/bid/106822 https://bugzilla.suse.com/show_bug.cgi?id=1124010 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3 https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://access. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-369: Divide By Zero •