CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9857
https://notcve.org/view.php?id=CVE-2019-9857
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. En el kernel de Linux hasta la versión 5.0.2, la función inotify_update_existing_watch() en fs/notify/inotify/inotify_user.c no llama a fsnotify_put_mark() con IN_MASK_CREATE tras fsnotify_find_mark(), lo que provocará una fuga de memoria, también conocida como filtrado de refcount. Finalmente, esto provocará una denegación de servicio. • http://www.securityfocus.com/bid/107527 https://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs.git/commit/?h=fsnotify&id=62c9d2674b31d4c8a674bee86b7edc6da2803aea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXLZ2V2ES37A3J7DMK4MZYIWV2LEZFLM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PPH3B7FJOMWD5JWUPZKB6T44KNT4PX2L https://patchwork.kernel.org/patch/10836283 https://security.netapp.com/advisory/ntap-20190404-0002 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 4CVE-2019-9213 – Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
https://notcve.org/view.php?id=CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. En el kernel de Linux, en versiones anteriores a la 4.20.14, expand_downwards en mm/mmap.c carece de una comprobación para la dirección mínima de mmap, lo que facilita que los atacantes exploten desreferencias de puntero NULL en el kernel en plataformas que no son SMAP. Esto esto está relacionado con una comprobación de capacidades para la tarea equivocada. A flaw was found in mmap in the Linux kernel allowing the process to map a null page. • https://www.exploit-db.com/exploits/46502 https://www.exploit-db.com/exploits/47957 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html http://www.securityfocus.com/bid/107296 https&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2018-20784 – kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service
https://notcve.org/view.php?id=CVE-2018-20784
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. En el kernel de Linux, en versiones anteriores a la 4.20.2, kernel/sched/fair.c gestiona leaf cfs_rq de manera incorrecta, lo que permite que los atacantes provoquen una denegación de servicio (bucle infinito en update_blocked_averages) o, posiblemente, otro impacto sin especificar induciendo una carga alta. The CFS Linux kernel scheduler mishandles handling of leaf cfs_rq's in the kernel/sched/fair.c code, which allows a local unprivileged attacker to cause a denial of service (DoS) by entering an infinite loop in update_blocked_averages() function by inducing a high load on a system. Due to the nature of the flaw, a remote network attack (by initiating a magnitude of remote requests) cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2 https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0 https://usn.ubuntu.com/4115-1 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4211-1 https://usn.ubuntu.com/4211-2 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2019-8980 – kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
https://notcve.org/view.php?id=CVE-2019-8980
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. Una fuga de memoria en la función kernel_read_file en fs/exec.c en el kernel de Linux, hasta la versión 4.20.11, permite que los atacantes provoquen una denegación de servicio (consumo de memoria) desencadenando errores en vfs_read. A kernel memory leak was found in the kernel_read_file() function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://www.securityfocus.com/bid/107120 https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://support.f5.com/csp/article/K56480726 https://usn.ubuntu.com/3930-1 https://usn.ubuntu.com/3930-2 https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html https://www.mail-archive.com/linux-kernel%40vg • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-8912 – kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr
https://notcve.org/view.php?id=CVE-2019-8912
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. En el kernel de Linux, hasta la versión 4.20.11, af_alg_release() en crypto/af_alg.c no establece un valor NULL para cierto miembro de estructura, lo que conduce a un uso de memoria previamente liberada en sockfs_setattr. In the Linux kernel af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free (UAF) in sockfs_setattr. A local attacker can use this flaw to escalate privileges and take control of the system. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://patchwork.ozlabs.org/patch/1042902 http://www.securityfocus.com/bid/107063 https://access.redhat.com/errata/RHSA-2020:0174 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-8912 https://usn.ubuntu.com/3930-1 https://usn.ubuntu.com/3930-2 https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://access.redhat.com/security/cve/CVE-2019-8912 https://bugzilla.redhat.c • CWE-416: Use After Free •