CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
https://notcve.org/view.php?id=CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el kernel de Linux anterior a mainline 5.3. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200204-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 https://usn.ubuntu.com • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •
CVE-2019-19922 – kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
https://notcve.org/view.php?id=CVE-2019-19922
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) El archivo kernel/sched/fair.c en el kernel de Linux versiones anteriores a 5.3.9, cuando la función cpu.cfs_quota_us es usada (por ejemplo, con Kubernetes), permite a atacantes causar una denegación de servicio contra aplicaciones no vinculadas a la CPU al generar una carga de trabajo que desencadena vencimiento de corte no deseado, también se conoce como CID-de53fd7aedb1. (En otras palabras, aunque esta caducidad de corte se vería típicamente con cargas de trabajo benignas, es posible que un atacante pueda calcular cuántas peticiones extraviadas se requieren para forzar a un clúster Kubernetes completo a un estado de bajo rendimiento causado por la caducidad de corte, y garantizar que un ataque DDoS envió esa cantidad de peticiones perdidas. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 https://github.com/kubernetes/kubernetes/issues/67577 https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://relistan.com/the-kernel-may-be-slowing-down-your-app https://security.netapp.com/advisory/ntap-20200204-0002 https:/& • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-19535
https://notcve.org/view.php?id=CVE-2019-19535
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. En el kernel de Linux versiones anteriores a 5.2.9, hay un bug de filtrado de información que puede ser causado por un dispositivo USB malicioso en el controlador del archivo drivers/net/can/usb/peak_usb/pcan_usb_fd.c, también se conoce como CID-30a8beeb3042. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://www.openwall.com/lists/oss-security/2019/12/03/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://www.oracle.com/security-alerts/cpuApr2021.html • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVE-2019-19063 – kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
https://notcve.org/view.php?id=CVE-2019-19063
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Dos pérdidas de memoria en la función rtl_usb_probe() en el archivo drivers/net/wireless/realtek/rtlwifi/usb.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-3f9361695113. A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://seclists.org/bugtraq/2020/Jan • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19052
https://notcve.org/view.php?id=CVE-2019-19052
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Una pérdida de memoria en la función gs_can_open() en el archivo drivers/net/can/usb/gs_usb.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID -fb5be6a7b486. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4225-2 https://usn.ubunt • CWE-401: Missing Release of Memory after Effective Lifetime •