CVE-2019-20422
https://notcve.org/view.php?id=CVE-2019-20422
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. En el kernel de Linux versiones anteriores a 5.3.4, la función fib6_rule_lookup en el archivo net/ipv6/ip6_fib.c maneja inapropiadamente el flag RT6_LOOKUP_F_DST_NOREF en una decisión de conteo de referencias, lo que conlleva a (por ejemplo) un bloqueo que fue identificado por syzkaller, también se conoce como CID-7b09c2d052db. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa https://security.netapp.com/advisory/ntap-20200313-0003 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-18282 – kernel: The flow_dissector feature allows device tracking
https://notcve.org/view.php?id=CVE-2019-18282
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a la versión 5.3.10 tiene una vulnerabilidad de seguimiento del dispositivo, también conocida como CID-55667441c84f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o https://access.redhat.com/security/cve/CVE-2019-18282 https://bugzilla.redhat.com/show_bug.cgi?id=1796360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVE-2019-19338 – Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
https://notcve.org/view.php?id=CVE-2019-19338
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338 https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort https://www.openwall.com/lists/oss-security/2019/12/10/3 https://access.redhat.com/security/cve/CVE-2019-19338 https://bugzilla.redhat.com/show_bug.cgi?id=1781514 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVE-2019-19332 – Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
https://notcve.org/view.php?id=CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Se encontró un problema de escritura de memoria fuera de límites en el kernel de Linux, versiones 3.13 hasta 5.4, en la manera en que el hipervisor KVM del kernel de Linux manejó la petición "KVM_GET_EMULATED_CPUID" ioctl(2) para obtener las funcionalidades de CPUID emuladas por el hipervisor KVM. Un usuario o proceso capaz de acceder al dispositivo "/dev/kvm" podría usar este fallo para bloquear el sistema, resultando en una denegación de servicio. An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com https://security.netapp.com/advisory/ntap-20200204-0002 https: • CWE-787: Out-of-bounds Write •
CVE-2019-20095 – kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
https://notcve.org/view.php?id=CVE-2019-20095
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. La función mwifiex_tm_cmd en el archivo drivers/net/wireless/marvell/mwifiex/cfg80211.c en el kernel de Linux versiones anteriores a la versión 5.1.6 tiene algunos casos de manejo de errores que no liberaron la memoria hostcmd asignada, también se conoce como CID-003b686ace82. Esto causará una pérdida de memoria y una denegación de servicio. A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in "Test Mode." • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc https://security.netapp.com/advisory/ntap-20200204-0002 https://access.redhat.com/security/cve/CVE-2019-20095 https://bugzilla.redhat.com/show_bug.cgi?id=1791954 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •