CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19985 – kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
https://notcve.org/view.php?id=CVE-2018-19985
31 Jan 2019 — The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. La función hso_get_config_data en drivers/net/usb/hso.c en el kernel de Linux, hasta la versión 4.19.8, lee if_num desde el dispositivo USB (como un u8) y lo emplea para indexar un array pequeño, lo que resulta en una lectur... • http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-18360 – kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2017-18360
31 Jan 2019 — In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. En change_port_settings en drivers/usb/serial/io_ti.c en el kernel de Linux, en versiones anteriores a la 4.11.3, los usuarios locales podrían provocar una denegación de servicio (DoS) por medio de una división entre cero en la capa del dispositivo en serie intentando establecer tasas de baud... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b • CWE-369: Divide By Zero •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16880
https://notcve.org/view.php?id=CVE-2018-16880
29 Jan 2019 — A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. Se ha encontrado un error en la función handle_rx() del controlador [vhost_net] en el kernel de Linux. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5489 – Kernel: page cache side channel attacks
https://notcve.org/view.php?id=CVE-2019-5489
07 Jan 2019 — The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. La implementación mincore() en mm/mincore.c en el kernel de Linux hasta la versión... • https://github.com/mmxsrup/CVE-2019-5489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16885 – kernel: out-of-bound read in memcpy_fromiovecend()
https://notcve.org/view.php?id=CVE-2018-16885
03 Jan 2019 — A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. Se ha detectado un fallo en el kernel de Linux que permite al espacio de usuario llamar a memcpy_fromiovecend() y fu... • http://www.securityfocus.com/bid/106296 • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3701
https://notcve.org/view.php?id=CVE-2019-3701
03 Jan 2019 — An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16882
https://notcve.org/view.php?id=CVE-2018-16882
03 Jan 2019 — A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versi... • http://www.securityfocus.com/bid/106254 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20511
https://notcve.org/view.php?id=CVE-2018-20511
27 Dec 2018 — An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.11. La función ipddp_ioctl en drivers/net/appletalk/ipddp.c permite que los usuarios locales obtengan información sensible del kernel apro... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16884 – kernel: nfs: use-after-free in svc_process_common()
https://notcve.org/view.php?id=CVE-2018-16884
18 Dec 2018 — A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2018-20169 – kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
https://notcve.org/view.php?id=CVE-2018-20169
17 Dec 2018 — An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.19.9. El subsistema USB gestiona de manera incorrecta las comprobaciones de tamaño durante la lectura de un descriptor extra, relacionado con __usb_get_extra_descriptor en drivers/usb/core/usb.c. A flaw was discovered in the... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •