CVE-2019-12614 – kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-12614
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Se descubrió un problema en dlpar_parse_cc_property en arch / powerpc / platform / pseries / dlpar.c en el kernel de Linux hasta la versión 5.1.6. Hay un kstrdup sin marcar de prop-> name, que podría permitir que un atacante provoque una denegación de servicio (desreferencia de puntero NULL y bloqueo del sistema). A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108550 https://git.kernel.org/pub/ • CWE-476: NULL Pointer Dereference •
CVE-2019-3846 – kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Se encontró un fallo que permitía a un atacante corromper la memoria y posiblemente aumentar los privilegios en el módulo del kernel mwifiex mientras se conectaba a una red inalámbrica maliciosa. A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html ht • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-12456
https://notcve.org/view.php?id=CVE-2019-12456
An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used ** EN DISPUTA ** Se detecto un problema en MPT3COMMAND case en _ctl_ioctl_main en drivers/scsi/mpt3sas/mpt3sas_ctl.c en el kernel de Linux hasta la versión 5.1.5. Permite a los usuarios locales generar una Denegación de Servicio o posiblemente tener otro impacto no especificado al cambiar el valor de ioc_number entre dos lecturas del kernel de este valor, también conocida como una vulnerabilidad de "double fetch". NOTA: un tercero informa que esto no se puede explotar porque no se utiliza el valor doblemente obtenido. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html https://bugzilla.redhat.com/show_bug.cgi?id=1717182 https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=5.3/scsi-queue&id=86e5aca7fa2927060839f3e3b40c8bd65a7e8d1e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIB •
CVE-2019-12455
https://notcve.org/view.php?id=CVE-2019-12455
An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.” ** EN DISPUTA ** Se descubrió un problema en sunxi_divs_clk_setup en drivers / clk / sunxi / clk-sunxi.c en el kernel de Linux hasta la versión 5.1.5. Existe una kstrndup no verificada de derived_name, que podría permitir a un atacante provocar una denegación de servicio (desreferencia de puntero NULL y bloqueo del sistema). • https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI https://security.netapp.com/advisory/ntap-20190710-0002 https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html • CWE-476: NULL Pointer Dereference •
CVE-2019-12454
https://notcve.org/view.php?id=CVE-2019-12454
An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case ** EN DISPUTA ** Se detecto un problema en la función wcd9335_codec_enable_dec en el archivo sound/soc/codecs/wcd9335.c en el kernel de Linux hasta la versión 5.1.5. Se usa kstrndup en lugar de kmemdup_nul, lo que permite a los atacantes tener un impacto no especificado a través de vectores desconocidos. NOTA: El proveedor niega que esto no sea una vulnerabilidad porque cambiar a kmemdup_nul() solo solucionaría un problema de seguridad si la cadena de origen no estaba NUL-terminated, lo cual no es el caso. • https://bugzilla.suse.com/show_bug.cgi?id=1136963#c1 https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=for-5.3&id=a54988113985ca22e414e132054f234fc8a92604 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI https://lkml.org/lkml/2019/5/29/705 https://support.f5.com/csp/article/K13523672 https://support.f5.com/csp/article/K13523672?utm_source=f5support&%3Butm_medium=RSS •