CVSS: 8.3EPSS: 3%CPEs: 5EXPL: 1CVE-2019-9500 – Broadcom brcmfmac driver is vulnerable to a heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9500
15 May 2019 — The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending speciall... • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 2CVE-2019-11815 – Ubuntu Security Notice USN-4008-3
https://notcve.org/view.php?id=CVE-2019-11815
08 May 2019 — An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red. Adam Zabrocki discovered that the Intel i915 kernel mode graphics d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 1CVE-2019-10125
https://notcve.org/view.php?id=CVE-2019-10125
27 Mar 2019 — An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Se ha descubierto un problema en aio_poll() en fs/aio.c en el kernel de Linux hasta la versión 5.0.4. aio_poll_wake() podría liberar un archivo si un evento esperado se desencadena inmediatamente (por ejemplo, al cerrar un par de... • http://www.securityfocus.com/bid/107655 • CWE-416: Use After Free •