CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12819 – kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c
https://notcve.org/view.php?id=CVE-2019-12819
14 Jun 2019 — An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. Fue encontrado un problema en el kernel de Linux anterior a versión 5.0. La función __mdiobus_register() en el archivo drivers/net/phy/mdio_bus.c llama a put_device(), que desencadenará un uso después de liberar de fix_mdio_bus_init . • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12818
https://notcve.org/view.php?id=CVE-2019-12818
14 Jun 2019 — An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 3%CPEs: 21EXPL: 0CVE-2019-12615
https://notcve.org/view.php?id=CVE-2019-12615
03 Jun 2019 — An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Se descubrió un problema en get_vdev_port_node_info en arch / sparc / kernel / mdesc.c en el kernel de Linux hasta la versión 5.1.6. Hay un kstrdup_const sin marcar de node_info-> vdev_port.name, que podría permitir que un atac... • http://www.securityfocus.com/bid/108549 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-12614 – kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-12614
03 Jun 2019 — An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Se descubrió un problema en dlpar_parse_cc_property en arch / powerpc / platform / pseries / dlpar.c en el kernel de Linux hasta la versión 5.1.6. Hay un kstrdup sin marcar de prop-> name, que podría permitir que un atacante provoque u... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2019-3846 – kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2019-3846
03 Jun 2019 — A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Se encontró un fallo que permitía a un atacante corromper la memoria y posiblemente aumentar los privilegios en el módulo del kernel mwifiex mientras se conectaba a una red inalámbrica maliciosa. A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12456
https://notcve.org/view.php?id=CVE-2019-12456
30 May 2019 — An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used ** EN DISPUTA ** Se detecto un problema en MPT3COMMAND case en _ctl... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12455
https://notcve.org/view.php?id=CVE-2019-12455
30 May 2019 — An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to... • https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12454
https://notcve.org/view.php?id=CVE-2019-12454
30 May 2019 — An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case ** EN DISPUTA ** Se detecto un problema en la función wcd9335_codec_enable_dec e... • https://bugzilla.suse.com/show_bug.cgi?id=1136963#c1 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12382 – kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service
https://notcve.org/view.php?id=CVE-2019-12382
28 May 2019 — An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference ** EN DISPUTA ** Un problema fue encontrado en la función drm_load_edi... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12381
https://notcve.org/view.php?id=CVE-2019-12381
28 May 2019 — An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL ** EN DISPUTA ** Un problema fue encontrado en la función ip_ra_control en el archivo net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 5.1.5. Hay un kmalloc sin marcar de new_ra, que pod... • http://www.securityfocus.com/bid/108473 • CWE-476: NULL Pointer Dereference •