CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13233 – kernel: use-after-free in arch/x86/lib/insn-eval.c
https://notcve.org/view.php?id=CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. En arch/x86/lib/insn-eval.c en el kernel de Linux en versiones anteriores a la 5.1.9, hay un uso de memoria previamente liberada para acceder a una entrada LDT debido a una condición de carrera entre modify_ldt () y una excepción #BR para una violación de los límites de MPX. A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromium.org/p/project-zero/issues/detail?id=1879 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12984
https://notcve.org/view.php?id=CVE-2019-12984
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. Una vulnerabilidad de desreferencia del puntero NULL en la función nfc_genl_deactivate_target() en net/nfc/netlink.c en el kernel de Linux antes de la versión 5.1.13 puede ser desencadenada por un programa malintencionado en modo de usuario que omite ciertos atributos NFC, lo que conduce a la denegación de servicio. • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://www.securityfocus.com/bid/108905 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51 https://seclists.org/bugtraq/2019/Aug/13 https://security.netapp.com/advisory/ntap-20190806-0001 https://usn.ubuntu.com/4093-1 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4117-1 https://usn. • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ciertas condiciones por medio de un mmap superior a 512 TB. Sólo un subconjunto de sistemas powerpc están afectados. A flaw was found in the way the Linux kernel's memory subsystem on certain 64-bit PowerPCs with the hash page table MMU handled memory above 512TB. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://www.openwall.com/lists/oss-security/2019/06/24/5 http://www.securityfocus.com/bid/108884 https://access.redhat.com/errata/RHSA-2019:2703 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messag • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3896 – kernel: Double free in lib/idr.c
https://notcve.org/view.php?id=CVE-2019-3896
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). Puede suceder una vulnerabilidad de doble liberación en la función idr_remove_all() en el archivo lib/idr.c en la sección del kernel de Linux versión 2.6. Un atacante local sin privilegios puede usar este defecto para una escalada de privilegios o para un bloqueo del sistema y una denegación de servicio (DoS). A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel. • http://www.securityfocus.com/bid/108814 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896 https://security.netapp.com/advisory/ntap-20190710-0002 https://support.f5.com/csp/article/K04327111 https://access.redhat.com/security/cve/CVE-2019-3896 https://bugzilla.redhat.com/show_bug.cgi?id=1694812 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 97%CPEs: 96EXPL: 0CVE-2019-11479 – kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service
https://notcve.org/view.php?id=CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Jonathan Looney descubrió que el tamaño máximo de segmento (MSS) por defecto del kernel de Linux está codificado a 48 bytes. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/108818 https://access.redhat.com/errata/RHSA-2019:1594 https://access.redhat.com/errata/RHSA-2019:1602 https://access.redhat.com/errata/RHSA-2019:1699 https://access.redhat.com/security/vulnerabili • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •