Page 487 of 4920 results (0.014 seconds)

CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0

CVE-2019-18282 – kernel: The flow_dissector feature allows device tracking

https://notcve.org/view.php?id=CVE-2019-18282

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a la versión 5.3.10 tiene una vulnerabilidad de seguimiento del dispositivo, también conocida como CID-55667441c84f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o https://access.redhat.com/security/cve/CVE-2019-18282 https://bugzilla.redhat.com/show_bug.cgi?id=1796360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-4774

https://notcve.org/view.php?id=CVE-2007-4774

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process. El kernel de Linux versiones anteriores a 2.4.36-rc1, presenta una condición de carrera. Fue posible omitir las políticas systrace mediante la inundación del proceso ptraced con señales SIGCONT, lo que puede activar un proceso PTRACED. • http://taviso.decsystem.org/research.html https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60 https://security.netapp.com/advisory/ntap-20200204-0002 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-7053 – kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c

https://notcve.org/view.php?id=CVE-2020-7053

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. En el kernel de Linux versión 4.14 a largo plazo versiones hasta 4.14.165 y versiones 4.19 a largo plazo hasta 4.19.96 (y versiones 5.x anteriores a 5.2), se presenta un uso de la memoria previamente liberada (escribir) en la función i915_ppgtt_close en el archivo drivers/gpu/drm/i915/i915_gem_gtt.c, también se conoce como CID-7dc40713618c. Esto está relacionado con la función i915_gem_context_destroy_ioctl en el archivo drivers/gpu/drm/i915/i915_gem_context.c. A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310 https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks%40canonical.com https://security. • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-19338 – Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

https://notcve.org/view.php?id=CVE-2019-19338

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338 https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort https://www.openwall.com/lists/oss-security/2019/12/10/3 https://access.redhat.com/security/cve/CVE-2019-19338 https://bugzilla.redhat.com/show_bug.cgi?id=1781514 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2

CVE-2019-19332 – Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid

https://notcve.org/view.php?id=CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Se encontró un problema de escritura de memoria fuera de límites en el kernel de Linux, versiones 3.13 hasta 5.4, en la manera en que el hipervisor KVM del kernel de Linux manejó la petición "KVM_GET_EMULATED_CPUID" ioctl(2) para obtener las funcionalidades de CPUID emuladas por el hipervisor KVM. Un usuario o proceso capaz de acceder al dispositivo "/dev/kvm" podría usar este fallo para bloquear el sistema, resultando en una denegación de servicio. An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com https://security.netapp.com/advisory/ntap-20200204-0002 https: • CWE-787: Out-of-bounds Write •