CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras manejaba los paquetes entrantes en handle_rx(). Puede ocurrir cuando un extremo envía los paquetes más rápido de lo que el otro extremo los procesa. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108076 https://access.redhat.com/errata/RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3836 http • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-11487 – kernel: Count overflow in FUSE request leading to use-after-free issues.
https://notcve.org/view.php?id=CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de memoria después de su liberación, si existen alrededor de 140 GiB de RAM. Esto está relacionado con fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, y mm/hugetlb.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.securityfocus.com/bid/108054 https://access.redhat.com/errata/RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2020:0174 https://bugs.chrom • CWE-416: Use After Free •
CVE-2019-11486
https://notcve.org/view.php?id=CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.openwall.com/lists/oss-security/2019/04/29/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-7470
https://notcve.org/view.php?id=CVE-2013-7470
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. cipso_v4_validate en include/net/cipso_ipv4. h en el kernel de Linux anterior a la versión 3.11.7, cuando CONFIG_NETLABEL está desactivado, permite a los atacantes causar una Denegación de Servicio (bucle infinito y bloqueo), como es demostrado en icmpsic, una vulnerabilidad diferente a CVE-2013-0310. • https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://support.f5.com/csp/article/K21914362 https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. Una condición de carrera en la función perf_event_open() permite a los atacantes locales filtrar datos confidenciales desde los programas setuid. Como no se mantienen bloqueos relevantes (en particular, la función cred_guard_mutex) durante la llamada ptrace_may_access(), es posible que la tarea de destino especificada realice un syscall execve() con la ejecución setuid anterior a que perf_event_alloc() realmente se conecte, permitiendo que un atacante omita la comprobación ptrace_may_access() y la llamada perf_event_exit_task(current) que se realiza en install_exec_creds() durante las llamadas privilegiadas execve(). • http://www.securityfocus.com/bid/89937 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901 https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://security.netapp.com/advisory/ntap-20190517-0005 https://access.redhat.com/security/cve/CVE-2019-3901 https://bugzilla.redhat.com/show_bug.cgi?id=1701245 • CWE-667: Improper Locking •