CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5489 – Kernel: page cache side channel attacks
https://notcve.org/view.php?id=CVE-2019-5489
07 Jan 2019 — The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. La implementación mincore() en mm/mincore.c en el kernel de Linux hasta la versión... • https://github.com/mmxsrup/CVE-2019-5489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16885 – kernel: out-of-bound read in memcpy_fromiovecend()
https://notcve.org/view.php?id=CVE-2018-16885
03 Jan 2019 — A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. Se ha detectado un fallo en el kernel de Linux que permite al espacio de usuario llamar a memcpy_fromiovecend() y fu... • http://www.securityfocus.com/bid/106296 • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2019-3701
https://notcve.org/view.php?id=CVE-2019-3701
03 Jan 2019 — An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16882
https://notcve.org/view.php?id=CVE-2018-16882
03 Jan 2019 — A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versi... • http://www.securityfocus.com/bid/106254 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20511
https://notcve.org/view.php?id=CVE-2018-20511
27 Dec 2018 — An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.18.11. La función ipddp_ioctl en drivers/net/appletalk/ipddp.c permite que los usuarios locales obtengan información sensible del kernel apro... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0CVE-2018-16884 – kernel: nfs: use-after-free in svc_process_common()
https://notcve.org/view.php?id=CVE-2018-16884
18 Dec 2018 — A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2018-20169 – kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
https://notcve.org/view.php?id=CVE-2018-20169
17 Dec 2018 — An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. Se ha descubierto un problema en el kernel de Linux hasta antes de la versión 4.19.9. El subsistema USB gestiona de manera incorrecta las comprobaciones de tamaño durante la lectura de un descriptor extra, relacionado con __usb_get_extra_descriptor en drivers/usb/core/usb.c. A flaw was discovered in the... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1CVE-2018-18397 – kernel: userfaultfd bypasses tmpfs file permissions
https://notcve.org/view.php?id=CVE-2018-18397
12 Dec 2018 — The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demos... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-9568 – kernel: Memory corruption due to incorrect socket cloning
https://notcve.org/view.php?id=CVE-2018-9568
06 Dec 2018 — In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. • https://access.redhat.com/errata/RHSA-2019:0512 • CWE-122: Heap-based Buffer Overflow CWE-704: Incorrect Type Conversion or Cast •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19854 – kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c
https://notcve.org/view.php?id=CVE-2018-19854
04 Dec 2018 — An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). Se ha descubierto un problema en el kern... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43f39958beb206b53292801e216d9b8a660f087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •