CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2019-3460 – kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
https://notcve.org/view.php?id=CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Se ha descubierto una fuga de información en múltiples ubicaciones en memoria dinámica, incluyendo L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. • http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat. • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-8956
https://notcve.org/view.php?id=CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. En el kernel de Linux, en versiones anteriores a las 4.20.8 y 4.19.21, un error de uso de memoria previamente liberada en la función "sctp_sendmsg()" (net/sctp/socket.c) al gestionar la marca SCTP_SENDALL puede explotarse para corromper memoria • https://github.com/butterflyhack/CVE-2019-8956 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8 https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0 https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5 https://support.f5.com/csp/article/K12671141 https://usn.ubuntu.com/3930-1 https://usn.ubuntu.com/3930-2 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 1CVE-2019-10125
https://notcve.org/view.php?id=CVE-2019-10125
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Se ha descubierto un problema en aio_poll() en fs/aio.c en el kernel de Linux hasta la versión 5.0.4. aio_poll_wake() podría liberar un archivo si un evento esperado se desencadena inmediatamente (por ejemplo, al cerrar un par de tuberías) tras el retorno de vfs_poll(); esto provocará un uso de memoria previamente liberada. • http://www.securityfocus.com/bid/107655 https://patchwork.kernel.org/patch/10828359 https://security.netapp.com/advisory/ntap-20190411-0003 https://support.f5.com/csp/article/K29215970 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3874 – kernel: SCTP socket buffer memory leak leading to denial of service
https://notcve.org/view.php?id=CVE-2019-3874
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. El búfer del socket SCTP utilizado por una aplicación de espacio de usuario no es tenido en cuenta por el subsistema de cgroups. Un atacante podría explotar este error para lanzar un ataque de denegación de servicio. • https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://security.netapp.com/advisory/ntap-20190411-0003 https://usn.ubuntu.com/3979-1 https://usn.ubuntu.com/3980-1 https://usn.ubuntu.com/3980-2 https://usn.ubuntu.com/3981-1 https://usn.ubuntu.com/3981-2 https://usn.ubuntu.com/398 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20669
https://notcve.org/view.php?id=CVE-2018-20669
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Se ha descubierto un problema por el cual una dirección proporcionada con access_ok() no se comprueba en i915_gem_execbuffer2_ioctl en drivers/gpu/drm/i915/i915_gem_execbuffer.c en el kernel de Linux hasta la versión 4.19.13. Un atacante local puede manipular una llamada de función IOCTL para sobrescribir memoria arbitraria del kernel, lo que resulta en una denegación de servicio (DoS) o el escalado de privilegios. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://www.openwall.com/lists/oss-security/2019/01/23/6 http://www.securityfocus.com/bid/106748 https://access.redhat.com/security/cve/cve-2018-20669 https://security.netapp.com/advisory/ntap-20190404-0002 https://support.f5.com/csp/article/K32059550 https://usn.ubuntu.com/4485-1 • CWE-20: Improper Input Validation •