CVE-2016-10764
https://notcve.org/view.php?id=CVE-2016-10764
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. En el kernel de Linux anterior a versión 4.9.6, se presenta una desactivación de una en la función en el archivo drivers/mtd/spi-nor/cadence-quadspi.c en la función cqspi_setup_flash(). Existen elementos CQSPI_MAX_CHIPSELECT en la matriz -)f_pdata por lo que mayor que ")" debería ser mayor o igual que ")=" en su lugar. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=193e87143c290ec16838f5368adc0e0bc94eb931 https://github.com/torvalds/linux/commit/193e87143c290ec16838f5368adc0e0bc94eb931 https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 https://support.f5.com/csp/article/K24444495 https://support.f5.com/csp/article/K24444495?utm_source=f5support&%3Butm_medium=RSS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-14284
https://notcve.org/view.php?id=CVE-2019-14284
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https& • CWE-369: Divide By Zero •
CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de enteros y lectura fuera de límites. Puede ser activado por un usuario local sin privilegios cuando se ha insertado un disquete. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https& • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVE-2018-20856 – kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
https://notcve.org/view.php?id=CVE-2018-20856
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443. A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation. • http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://access.redhat.com/errata/RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3217 https://access • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2018-20855
https://notcve.org/view.php?id=CVE-2018-20855
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. Se detectó un problema en el kernel de Linux anterior a versión 4.18.7. En create_qp_common en archivo drivers/infiniband/hw/mlx5/qp.c, la función mlx5_ib_create_qp_resp nunca fue inicializada, resultando en una pérdida de memoria de pila en el espacio de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00 https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00 https://security.netapp.com/advisory/ntap-20190905-0002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •