CVE-2019-14814 – kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS
https://notcve.org/view.php?id=CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento de búfer en la región heap de la memoria en el kernel de Linux, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente ejecutar código arbitrario. A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAP_NET_ADMIN or administrative privileges to possibly cause a Denial Of Service (DOS) by corrupting memory and possible code execution. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/08/28/1 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0328 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-14816 – kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
https://notcve.org/view.php?id=CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento del búfer en la región heap de la memoria en el kernel, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente ejecutar código arbitrario. A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/08/28/1 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0204 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-14821 – Kernel: KVM: OOB memory access via mmio ring buffer
https://notcve.org/view.php?id=CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Se encontró un problema de acceso fuera de límites en el kernel de Linux, todas las versiones hasta 5.3, en la manera en que el hipervisor KVM del kernel de Linux implementa la operación de escritura MMIO Coalesced. Opera en un objeto MMIO ring buffer "struct kvm_coalesced_mmio", en donde los índices de escritura "ring-)first" y "ring-)last" podrían ser suministrados por un proceso de espacio de usuario del host. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/09/20/1 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 • CWE-787: Out-of-bounds Write •
CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todos los objetos Java. Sin embargo, no se esta usando esta característica por defecto de PropertyUtilsBean. A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e https://access.redhat.com/errata/RHSA-2019:4317 https://access.redhat.com/errata/RHSA-2020:0057 https://access.redhat.com/errata/RHSA-2020:0194 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 • CWE-502: Deserialization of Untrusted Data •