CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16239
https://notcve.org/view.php?id=CVE-2019-16239
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. La función process_http_response en OpenConnect versiones anteriores a 8.05, presenta un desbordamiento de búfer cuando un servidor malicioso utiliza la codificación fragmentada HTTP con tamaños de fragmento especialmente diseñados. • http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 1CVE-2019-15031 – kernel: powerpc: local user can read vector registers of other users' processes via an interrupt
https://notcve.org/view.php?id=CVE-2019-15031
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. En el kernel de Linux versiones hasta 5.2.14 en la plataforma powerpc, un usuario local puede leer los registros vectoriales de los procesos de otros usuarios por medio de una interrupción. Para explotar la venerabilidad, un usuario local inicia una transacción (por medio de la instrucción de memoria transaccional de hardware tbegin) y luego accede a los registros vectoriales. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/09/10/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4135-1 https://usn.ubuntu.com/4135-2 https://access.redhat.com/security/cve/CVE-2019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-662: Improper Synchronization •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 1CVE-2019-15030 – kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
https://notcve.org/view.php?id=CVE-2019-15030
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. En el kernel de Linux versiones hasta 5.2.14 en la plataforma powerpc, un usuario local puede leer registros vectoriales de los procesos de otros usuarios por medio de una excepción Facility Unavailable. Para explotar la venerabilidad, un usuario local inicia una transacción (por medio de la instrucción de memoria transaccional de hardware tbegin) y entonces accede a los registros vectoriales. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/09/10/3 https://access.redhat.com/errata/RHSA-2020:0740 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4135-1 https://usn.ubuntu.com/4135-2& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16231 – kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
https://notcve.org/view.php?id=CVE-2019-16231
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/fjes/fjes_main.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html https://lkml.org/lkml/2019/9/9/487 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4225-2 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://access.redhat.com/security/cve/CVE-2019-16231 https://bugz • CWE-476: NULL Pointer Dereference •