CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-14898 – kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
https://notcve.org/view.php?id=CVE-2019-14898
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. La corrección para el CVE-2019-11599, que afectaba al kernel de Linux versiones anteriores a 5.0.10, no estaba completa. Un usuario local podría usar este fallo para conseguir infomación confidencial, causar una denegación de servicio o posiblemente tener otros impactos no especificados al desencadenar una condición de carrera on llamadas de mmget_not_zero o get_task_mm. The fix for CVE-2019-11599 was not complete. • https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://security.netapp.com/advisory/ntap-20200608-0001 https://www.oracle.com/security-alerts/cpuApr2021.html https://access.redhat.com/security/cve/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8428
https://notcve.org/view.php?id=CVE-2020-8428
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. El archivo fs/namei.c en el kernel de Linux versiones anteriores a 5.5, presenta una vulnerabilidad de uso de la memoria previamente liberada en la función may_create_in_sticky, que permite a usuarios locales causar una denegación de servicio (OOPS) u obtener información confidencial de la memoria del kernel, también se conoce como CID-d0cb50185ae9. Un vector de ataque puede ser una llamada de sistema abierta para un socket del dominio UNIX, si el socket está siendo movido hacia un nuevo directorio padre y su antiguo directorio padre está siendo eliminado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html http://www.openwall.com/lists/oss-security/2020/01/28/4 http://www.openwall.com/lists/oss-security/2020/02/02/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6 https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6 https://lists.debian.org/deb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20422
https://notcve.org/view.php?id=CVE-2019-20422
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. En el kernel de Linux versiones anteriores a 5.3.4, la función fib6_rule_lookup en el archivo net/ipv6/ip6_fib.c maneja inapropiadamente el flag RT6_LOOKUP_F_DST_NOREF en una decisión de conteo de referencias, lo que conlleva a (por ejemplo) un bloqueo que fue identificado por syzkaller, también se conoce como CID-7b09c2d052db. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa https://security.netapp.com/advisory/ntap-20200313-0003 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2019-18282 – kernel: The flow_dissector feature allows device tracking
https://notcve.org/view.php?id=CVE-2019-18282
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. La función flow_dissector en el kernel de Linux 4.3 a 5.x anterior a la versión 5.3.10 tiene una vulnerabilidad de seguimiento del dispositivo, también conocida como CID-55667441c84f. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://www.computer.org/csdl/proceedings-article/sp/2020/349700b594/1j2LgrHDR2o https://access.redhat.com/security/cve/CVE-2019-18282 https://bugzilla.redhat.com/show_bug.cgi?id=1796360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7053 – kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c
https://notcve.org/view.php?id=CVE-2020-7053
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. En el kernel de Linux versión 4.14 a largo plazo versiones hasta 4.14.165 y versiones 4.19 a largo plazo hasta 4.19.96 (y versiones 5.x anteriores a 5.2), se presenta un uso de la memoria previamente liberada (escribir) en la función i915_ppgtt_close en el archivo drivers/gpu/drm/i915/i915_gem_gtt.c, también se conoce como CID-7dc40713618c. Esto está relacionado con la función i915_gem_context_destroy_ioctl en el archivo drivers/gpu/drm/i915/i915_gem_context.c. A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310 https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks%40canonical.com https://security. • CWE-416: Use After Free •