CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15923
https://notcve.org/view.php?id=CVE-2019-15923
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.9. Se presenta una desreferencia del puntero NULL para una estructura de datos cd si la función alloc_disk presenta un fallo en el archivo drivers/block/paride/pf.c. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9 https://github.com/torvalds/linux/commit/f0d1762554014ce0ae347b9f0d088f2c157c8c72 https://security.netapp.com/advisory/ntap-20191004-0001 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15924 – kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c
https://notcve.org/view.php?id=CVE-2019-15924
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.11. La función fm10k_init_module en el archivo drivers/net/ethernet/intel/fm10k/fm10k_main.c presenta una desreferencia del puntero NULL porque no existe -ENOMEM tras un fallo de alloc_workqueue. A flaw was found in the way the fm10k driver in the Linux kernel reacted to memory-related errors during driver initialization. This flaw allows a local attacker to cause a denial of service and crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 https://github.com/torvalds/linux/commit/01ca667133d019edc9f0a1f70a272447c84ec41f https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://security.netapp.com/advisory/ntap-20191004-0001 https://access. • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-15916 – kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
https://notcve.org/view.php?id=CVE-2019-15916
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.0.1. Se presenta una pérdida de memoria en la función register_queue_kobjects() en el archivo net/core/net-sysfs.c, lo que causará una denegación de servicio. A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0740 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab https://security.netapp.com/advisory/ntap-20191004-0001 https://support.f5.com/csp/art • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.6EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15902
https://notcve.org/view.php?id=CVE-2019-15902
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Se descubiró un error de backporting en el kernel de Linux estable/a largo plazo en sus versiones 4.4.x hasta 4.4.190, versiones 4.9.x hasta 4.9.190, versiones 4.14.x hasta 4.14.141, versiones 4.19.x hasta 4.19.69 y versiones 5.2.x hasta 5.2 .11. El uso incorrecto del commit "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" aguas arriba reintrodujo la vulnerabilidad Spectre que se pretendía eliminar. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https://seclists.org/bugtraq/2019/Sep/41 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4157-1 https://usn.ubuntu.com/4157-2 https://usn.ubuntu.com/4162-1 http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15807 – kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
https://notcve.org/view.php?id=CVE-2019-15807
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. En el kernel de Linux versiones anteriores a 5.1.13, se presenta una pérdida de memoria en la biblioteca drivers/scsi/libsas/sas_expander.c cuando no se detecta el expansor SAS. Esto provocará un BUG y una denegación de servicio. A memory leak flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://security.netapp.com/advisory/ntap-20191004-0001 https://support.f5.com/csp/article/K52136304?utm_ • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •