Page 485 of 2551 results (0.017 seconds)

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-19985 – kernel: oob memory read in hso_probe in drivers/net/usb/hso.c

https://notcve.org/view.php?id=CVE-2018-19985

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. La función hso_get_config_data en drivers/net/usb/hso.c en el kernel de Linux, hasta la versión 4.19.8, lee if_num desde el dispositivo USB (como un u8) y lo emplea para indexar un array pequeño, lo que resulta en una lectura de objetos fuera de límites (OOB) que podría permitir la lectura arbitraria en el espacio de direcciones del kernel. A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://hexhive.epfl.ch/projects/perifuzz https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-an • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-16880

https://notcve.org/view.php?id=CVE-2018-16880

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. Se ha encontrado un error en la función handle_rx() del controlador [vhost_net] en el kernel de Linux. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://www.securityfocus.com/bid/106735 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880 https://support.f5.com/csp/article/K03593314 https://usn.ubuntu.com/3903-1 https://usn.ubuntu.com/3903-2 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-5489 – Kernel: page cache side channel attacks

https://notcve.org/view.php?id=CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. La implementación mincore() en mm/mincore.c en el kernel de Linux hasta la versión 4.19.13 permitía a los atacantes observar patrones de acceso a las páginas de caché de otros procesos en el mismo sistema, permitiendo el esnifado de información secreta. (Su arreglo afecta a la salida del programa fincore.) • https://github.com/mmxsrup/CVE-2019-5489 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en http://www.securityfocus.com/bid/106478 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

CVE-2019-3701

https://notcve.org/view.php?id=CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html http://www.securityfocus.com/bid/106443 https://bugzilla.suse.com/show_bug.cgi?id=1120386 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68 https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html https://m • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-16882

https://notcve.org/view.php?id=CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. Se ha detectado un uso de memoria previamente liberada en la manera en la que el hypervisor KVM del kernel de Linux procesa las interrupciones publicadas cuando la virtualización "nested(=1)" se encuentra habilitada. • http://www.securityfocus.com/bid/106254 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16882 https://lwn.net/Articles/775720 https://lwn.net/Articles/775721 https://marc.info/?l=kvm&m=154514994222809&w=2 https://support.f5.com/csp/article/K80557033 https://usn.ubuntu.com/3871-1 https://usn.ubuntu.com/3871-3 https://usn.ubuntu.com/3871-4 https://usn.ubuntu.com/3871-5 https://usn.ubuntu.com/3872-1 https://usn.ubuntu.com/3878-1 https • CWE-416: Use After Free •