CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
26 Jul 2019 — In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13648 – kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
https://notcve.org/view.php?id=CVE-2019-13648
19 Jul 2019 — In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una dene... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13631 – kernel: OOB writes in parse_hid_report_descriptor in drivers/input/tablet/gtco.c
https://notcve.org/view.php?id=CVE-2019-13631
17 Jul 2019 — In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. En la función parse_hid_report_descriptor en el archivo drivers/input/tablet/gtco.c en el kernel de Linux hasta versión 5.2.1, un dispositivo USB malicioso puede enviar un informe HID que desencadena una escritura fuera de límites durante la generación de mensajes de depuración. A flaw was ... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 25CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2019-13272
16 Jul 2019 — In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect mar... • https://www.exploit-db.com/exploits/47133 • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10639 – Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
https://notcve.org/view.php?id=CVE-2019-10639
05 Jul 2019 — The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10638 – Kernel: net: weak IP ID generation leads to remote device tracking
https://notcve.org/view.php?id=CVE-2019-10638
05 Jul 2019 — In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. En el kern... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13233 – kernel: use-after-free in arch/x86/lib/insn-eval.c
https://notcve.org/view.php?id=CVE-2019-13233
04 Jul 2019 — In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. En arch/x86/lib/insn-eval.c en el kernel de Linux en versiones anteriores a la 5.1.9, hay un uso de memoria previamente liberada para acceder a una entrada LDT debido a una condición de carrera entre modify_ldt () y una excepción #BR para una violación de los límites de MPX. A vulnerability was fou... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12984
https://notcve.org/view.php?id=CVE-2019-12984
26 Jun 2019 — A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. Una vulnerabilidad de desreferencia del puntero NULL en la función nfc_genl_deactivate_target() en net/nfc/netlink.c en el kernel de Linux antes de la versión 5.1.13 puede ser desencadenada por un programa malintencionado en modo de usuario que omite ciert... • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
24 Jun 2019 — arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 96%CPEs: 91EXPL: 1CVE-2019-11477 – Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
https://notcve.org/view.php?id=CVE-2019-11477
17 Jun 2019 — Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de ... • https://github.com/sasqwatch/cve-2019-11477-poc • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •