Page 479 of 2550 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12380

https://notcve.org/view.php?id=CVE-2019-12380

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”. ** EN DISPUTA ** Se descubrió un problema en el subsistema efi en el kernel de Linux hasta la versión 5.1.5. phys_efi_set_virtual_address_map en arch / x86 / platform / efi / efi.c y efi_call_phys_prolog en arch / x86 / platform / efi / efi_64.c manejan mal los errores de asignación de memoria. NOTA: Esta identificación se disputa por no ser un problema porque “Todo el código tocado por el commit referenciado solo se ejecuta en el arranque, antes de que se inicien los procesos del usuario. Por lo tanto, no hay posibilidad de que un usuario sin privilegios lo controle ". • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.securityfocus.com/bid/108477 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI https://lists.fedo • CWE-388: 7PK - Errors •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12379

https://notcve.org/view.php?id=CVE-2019-12379

An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue * DISPUTADO ** Se descubrió un problema en con_insert_unipair en drivers / tty / vt / consolemap.c en el kernel de Linux hasta 5.1.5. Hay una pérdida de memoria en un caso determinado de un resultado ENOMEM de kmalloc. NOTA: Este ID Se ha cuestionado porque no es un problema. • http://www.securityfocus.com/bid/108478 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-next&id=84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=15b3cd8ef46ad1b100e0d3c7e38774f330726820 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HO • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-12378

https://notcve.org/view.php?id=CVE-2019-12378

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue ** EN DISPUTA ** Un problema fue encontrado en la función ip6_ra_control en el archivo net/pv6 / ipv6_sockglue.c en el kernel de Linux hasta la versión 5.1.5. Hay un kmalloc sin marcar de new_ra, que podría permitir que un atacante provoque una Denegación de Servicio (desreferencia de puntero NULL y bloqueo del sistema). NOTA: Esto ha sido discutido y no es una incidencia. • http://www.securityfocus.com/bid/108475 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE https://lkml.org/lkml/2019/5/25/229 • CWE-476: NULL Pointer Dereference •

CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 1

CVE-2019-9500 – Broadcom brcmfmac driver is vulnerable to a heap buffer overflow

https://notcve.org/view.php?id=CVE-2019-9500

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff https://kb.cert.org/vuls/id/166939 https://access.redhat.com/security/cve/CVE-2019-9500 https://bugzilla.redhat.com/show_bug.cgi?id=1701224 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0

CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure

https://notcve.org/view.php?id=CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108372 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •