CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15090 – kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
https://notcve.org/view.php?id=CVE-2019-15090
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Se detectó un problema en el archivo drivers/scsi/qedi/qedi_dbg.c en el kernel de Linux versiones anteriores a 5.1.12. En la familia de funciones qedi_dbg_*, se presenta una lectura fuera de límites. An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qedi/qedi_dbg.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc https://security.netapp.com/advisory/ntap-20190905-0002 https://usn.ubuntu.com/4115-1 https://us • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10207 – kernel: null-pointer dereference in hci_uart_set_flow_control
https://notcve.org/view.php?id=CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. Se encontró un fallo en la implementación Bluetooth del kernel de Linux de UART, todas las versiones del kernel 3.x.x anteriores a 4.18.0 y kernel 5.x.x. Un atacante con acceso local y permisos de escritura en el hardware de Bluetooth podría usar este fallo para emitir una llamada de función ioctl especialmente diseñada y causar que el sistema se bloquee. A flaw was found in the Linux kernel’s Bluetooth implementation of UART. • https://github.com/butterflyhack/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10207 https://security.netapp.com/advisory/ntap-20200103-0001 https://access.redhat.com/security/cve/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=1733874 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14763
https://notcve.org/view.php?id=CVE-2019-14763
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. En el kernel de Linux anterior a versión 4.16.4, un error de doble bloqueo en el archivo drivers/usb/dwc3/gadget.c puede causar un punto muerto con f_hid. • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c91815b596245fd7da349ecc43c8def670d2269e https://github.com/torvalds/linux/commit/072684e8c58d17e853f8e8b9f6d9ce2e58d2b036 https://github.com/torvalds/linux/commit/c91815b596245fd7da349ecc43c8def670d2269e https://usn.ubuntu.com/4115-1 https://usn.ubuntu.com/4118-1 https • CWE-667: Improper Locking •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2018-20961
https://notcve.org/view.php?id=CVE-2018-20961
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. En el kernel de Linux anterior a versión 4.16.4, una vulnerabilidad de doble liberación en la función f_midi_set_alt en el archivo drivers/usb/gadget/function/f_midi.c en el controlador f_midi puede permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado. • http://packetstormsecurity.com/files/154228/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f https://seclists.org/bugtraq/2019/Aug/48 https://security& • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2018-16871 – kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
https://notcve.org/view.php?id=CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Se detectó un fallo en la implementación de NFS del kernel de Linux, todas las versiones 3.x y todas las versiones 4.x hasta 4.20. • https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2020:0740 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871 https://security.netapp.com/advisory/ntap-20211004-0002 https://support.f5.com/csp/article/K18657134 https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2018-16871 https://bugzilla.redhat.com/show_b • CWE-476: NULL Pointer Dereference •