CVE-2019-3459 – kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
https://notcve.org/view.php?id=CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Se descubrió una fuga de información de direcciones en memoria dinámica mientras se usaba L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. • http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat. • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-3460 – kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
https://notcve.org/view.php?id=CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Se ha descubierto una fuga de información en múltiples ubicaciones en memoria dinámica, incluyendo L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. • http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat. • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-7222 – Kernel: KVM: leak of uninitialized stack contents to guest
https://notcve.org/view.php?id=CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene una fuga de información. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html http://www.openwall.com/lists/oss-security/2019/02/18/2 http://www.securityfocus.com/bid/106963 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •