
CVE-2019-10220 – Ubuntu Security Notice USN-4226-1
https://notcve.org/view.php?id=CVE-2019-10220
27 Nov 2019 — Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. La implementación CIFS del kernel de Linux, versión 4.9.0, es vulnerable a una inyección de rutas relativas en las listas de entradas de directorio. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-bas... • https://github.com/Trinadh465/linux-3.0.35_CVE-2019-10220 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2019-15793 – Mishandling of file-system uid/gid with namespaces in shiftfs
https://notcve.org/view.php?id=CVE-2019-15793
13 Nov 2019 — In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly b... • https://packetstorm.news/files/id/155341 • CWE-276: Incorrect Default Permissions CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •

CVE-2019-17666 – kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
https://notcve.org/view.php?id=CVE-2019-17666
17 Oct 2019 — rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. En la función rtl_p2p_noa_ie en el archivo drivers/net/wireless/realtek/rtlwifi/ps.c en el kernel de Linux versiones hasta 5.3.6, carece de una cierta comprobación de límite superior, lo que conlleva a un desbordamiento del búfer. A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) d... • https://github.com/uthrasri/CVE-2019-17666 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2019-16746 – kernel: buffer-overflow hardening in WiFi beacon validation code.
https://notcve.org/view.php?id=CVE-2019-16746
24 Sep 2019 — An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. Se detectó un problema en el archivo net/wireless/nl80211.c en el kernel de Linux versiones hasta 5.2.17. No comprueba la longitud de los elementos variables en un beacon head, lo que provoca un desbordamiento del búfer. A flaw in the Linux kernel's WiFi beacon validation code was discovered. • https://github.com/uthrasri/CVE-2019-16746 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2019-15292 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-15292
21 Aug 2019 — An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. Se descubrió un problema en el kernel de Linux en versiones anteriores a 5.0.9. Hay un uso posterior libre en atalk_proc_exit, relacionado con net / appletalk / atalk_proc.c, net / appletalk / ddp.c y net / appletalk / sysctl_net_atalk.c. It was discovered that the alarmtimer implementation in the Linux kerne... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-416: Use After Free •

CVE-2019-3846 – kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2019-3846
03 Jun 2019 — A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Se encontró un fallo que permitía a un atacante corromper la memoria y posiblemente aumentar los privilegios en el módulo del kernel mwifiex mientras se conectaba a una red inalámbrica maliciosa. A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2019-9500 – Broadcom brcmfmac driver is vulnerable to a heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9500
15 May 2019 — The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending speciall... • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2019-11815 – Ubuntu Security Notice USN-4008-3
https://notcve.org/view.php?id=CVE-2019-11815
08 May 2019 — An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red. Adam Zabrocki discovered that the Intel i915 kernel mode graphics d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVE-2019-10125
https://notcve.org/view.php?id=CVE-2019-10125
27 Mar 2019 — An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Se ha descubierto un problema en aio_poll() en fs/aio.c en el kernel de Linux hasta la versión 5.0.4. aio_poll_wake() podría liberar un archivo si un evento esperado se desencadena inmediatamente (por ejemplo, al cerrar un par de... • http://www.securityfocus.com/bid/107655 • CWE-416: Use After Free •