CVE-2019-19462
https://notcve.org/view.php?id=CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net https://security.netapp.com/advisory/ntap-20210129-0004 https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8 https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531 https://syzkaller • CWE-476: NULL Pointer Dereference •
CVE-2019-18276 – bash: when effective UID is not equal to its real UID the saved UID is not dropped
https://notcve.org/view.php?id=CVE-2019-18276
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. • https://github.com/M-ensimag/CVE-2019-18276 https://github.com/SABI-Ensimag/CVE-2019-18276 http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security.gentoo.org/glsa/202105-34 https://security.netapp.com/advisory/ntap-20200430-0003 https://www.oracle.com/security-alerts/cp • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVE-2019-19318
https://notcve.org/view.php?id=CVE-2019-19318
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la función rwsem_owner_flags devuelve un puntero ya liberado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318 https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4414-1 • CWE-416: Use After Free •
CVE-2019-19069
https://notcve.org/view.php?id=CVE-2019-19069
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. Una pérdida de memoria en la función fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función dma_get_sgtable(), también se conoce como CID-fc739a058d99. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19063 – kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
https://notcve.org/view.php?id=CVE-2019-19063
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Dos pérdidas de memoria en la función rtl_usb_probe() en el archivo drivers/net/wireless/realtek/rtlwifi/usb.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-3f9361695113. A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://seclists.org/bugtraq/2020/Jan • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •