CVE-2019-3882 – kernel: denial of service vector through vfio DMA mappings
https://notcve.org/view.php?id=CVE-2019-3882
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bloqueada del usuario. Si un dispositivo está vinculado a un controlador vfio, como vfio-pci, y al atacante local se le otorga la propiedad del dispositivo, puede provocar un agotamiento de la memoria del sistema y, por lo tanto, una Denegación de Servicio( DoS) (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882 https://l • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-11487 – kernel: Count overflow in FUSE request leading to use-after-free issues.
https://notcve.org/view.php?id=CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. El kernel de Linux, en versiones anteriores a 5.1-rc5, permite el desbordamiento de la cuenta de referencia de página->_refcount, con los consiguientes problemas de uso de memoria después de su liberación, si existen alrededor de 140 GiB de RAM. Esto está relacionado con fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, y mm/hugetlb.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.securityfocus.com/bid/108054 https://access.redhat.com/errata/RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2020:0174 https://bugs.chrom • CWE-416: Use After Free •
CVE-2019-11486
https://notcve.org/view.php?id=CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.openwall.com/lists/oss-security/2019/04/29/1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-7470
https://notcve.org/view.php?id=CVE-2013-7470
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. cipso_v4_validate en include/net/cipso_ipv4. h en el kernel de Linux anterior a la versión 3.11.7, cuando CONFIG_NETLABEL está desactivado, permite a los atacantes causar una Denegación de Servicio (bucle infinito y bloqueo), como es demostrado en icmpsic, una vulnerabilidad diferente a CVE-2013-0310. • https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b https://support.f5.com/csp/article/K21914362 https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-3901 – kernel: perf_event_open() and execve() race in setuid programs allows a data leak
https://notcve.org/view.php?id=CVE-2019-3901
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. Una condición de carrera en la función perf_event_open() permite a los atacantes locales filtrar datos confidenciales desde los programas setuid. Como no se mantienen bloqueos relevantes (en particular, la función cred_guard_mutex) durante la llamada ptrace_may_access(), es posible que la tarea de destino especificada realice un syscall execve() con la ejecución setuid anterior a que perf_event_alloc() realmente se conecte, permitiendo que un atacante omita la comprobación ptrace_may_access() y la llamada perf_event_exit_task(current) que se realiza en install_exec_creds() durante las llamadas privilegiadas execve(). • http://www.securityfocus.com/bid/89937 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901 https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://security.netapp.com/advisory/ntap-20190517-0005 https://access.redhat.com/security/cve/CVE-2019-3901 https://bugzilla.redhat.com/show_bug.cgi?id=1701245 • CWE-667: Improper Locking •