CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19068 – kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19068
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Una pérdida de memoria en la función rtl8xxxu_submit_int_urb() en el archivo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID-a2cdd07488e6. A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19066
https://notcve.org/view.php?id=CVE-2019-19066
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Una pérdida de memoria en la función bfad_im_get_stats() en el archivo drivers/scsi/bfa/bfad_attr.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función de bfa_port_get_stats(), también se conoce como CID-0e62395da2bd. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19062 – kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
https://notcve.org/view.php?id=CVE-2019-19062
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. Una pérdida de memoria en la función crypto_report() en el archivo crypto/crypto_user_base.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función crypto_report_alg(), también se conoce como CID-ffdde5932042. A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https:// • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 757EXPL: 0CVE-2019-0155 – hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
https://notcve.org/view.php?id=CVE-2019-0155
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. Un control de acceso insuficiente en un subsistema para Intel® processor graphics en 6th, 7th, 8th and 9th Generation Intel® Core(TM) Processor Families; Intel® Pentium® Processor J, N, Silver y Gold Series; Intel® Celeron® Processor J, N, G3900 y G4900 Series; Intel® Atom® Processor A y E3900 Series; Intel® Xeon® Processor E3-1500 v5 y v6, E-2100 y E-2200 Processor Families; Intel® Graphics Driver para versiones de Windows anteriores a 26.20.100.6813 (DCH) o 26.20.100.6812 y versiones anteriores a 21.20.x.5077 (también se conoce como 15.45.5077), i915 Linux Driver para Intel® Processor Graphics versiones anteriores a 5.4-rc7, 5.3. 11, 4.19.84, 4.14.154, 4.9.201, 4.4.201, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local. A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly. • http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3887 https://access.redhat.com/errata/RHSA-2019:3889 https://access.redhat.com/errata/RHSA-2019:3908 https://access.redhat.com/errata/RHSA-2020:0204 https://seclists.org/bugtraq/2019/Nov/26 https://security.netapp.com/advisory/ntap-20200320-0005 https://support.f5.com/csp/article/K73659122 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 2CVE-2019-14866 – cpio: improper input validation when writing tar header fields leads to unexpected tar generation
https://notcve.org/view.php?id=CVE-2019-14866
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. En todas las versiones de cpio anteriores a la versión 2.13, no comprueba apropiadamente los archivos de entrada cuando se generan archivos TAR. Cuando cpio es usado para crear archivos TAR desde rutas en las que un atacante puede escribir, el archivo resultante puede contener archivos con permisos que el atacante no tenía o en rutas a las que no tenía acceso. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866 https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html https://access.redhat.com/security/cve/CVE-2019-14866 https://bugzilla.redhat.com/show_bug.cgi?id=1765511 • CWE-20: Improper Input Validation •