CVE-2019-11599 – Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification
https://notcve.org/view.php?id=CVE-2019-11599
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. La implementación del coredump en el kernel de Linux en versiones anteriores a 5.0.10, no utiliza mecanismos de bloqueo u otros mecanismos para evitar cambios en el layout de vma o en los flags vma mientras se ejecuta, lo que permite a los usuarios locales obtener información sensible, causar una denegación de servicio o posiblemente tener otro impacto no especificado al activar una condición de carrera con llamadas mmget_not_zero o get_task_mm. Esto está relacionado con fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, y drivers/infiniband/core/uverbs_main.c A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. • https://www.exploit-db.com/exploits/46781 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.openwall.com/lists/oss-security/2019/04/29/2 http://www& • CWE-667: Improper Locking •
CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras manejaba los paquetes entrantes en handle_rx(). Puede ocurrir cuando un extremo envía los paquetes más rápido de lo que el otro extremo los procesa. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108076 https://access.redhat.com/errata/RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3836 http • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-11487 – kernel: Count overflow in FUSE request leading to use-after-free issues.
https://notcve.org/view.php?id=CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de memoria después de su liberación, si existen alrededor de 140 GiB de RAM. Esto está relacionado con fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, y mm/hugetlb.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.securityfocus.com/bid/108054 https://access.redhat.com/errata/RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2020:0174 https://bugs.chrom • CWE-416: Use After Free •
CVE-2019-11486
https://notcve.org/view.php?id=CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.openwall.com/lists/oss-security/2019/04/29/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-7470
https://notcve.org/view.php?id=CVE-2013-7470
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. cipso_v4_validate en include/net/cipso_ipv4. h en el kernel de Linux anterior a la versión 3.11.7, cuando CONFIG_NETLABEL está desactivado, permite a los atacantes causar una Denegación de Servicio (bucle infinito y bloqueo), como es demostrado en icmpsic, una vulnerabilidad diferente a CVE-2013-0310. • https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://support.f5.com/csp/article/K21914362 https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40 • CWE-400: Uncontrolled Resource Consumption •