CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13233 – kernel: use-after-free in arch/x86/lib/insn-eval.c
https://notcve.org/view.php?id=CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. En arch/x86/lib/insn-eval.c en el kernel de Linux en versiones anteriores a la 5.1.9, hay un uso de memoria previamente liberada para acceder a una entrada LDT debido a una condición de carrera entre modify_ldt () y una excepción #BR para una violación de los límites de MPX. A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromium.org/p/project-zero/issues/detail?id=1879 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12984
https://notcve.org/view.php?id=CVE-2019-12984
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service. Una vulnerabilidad de desreferencia del puntero NULL en la función nfc_genl_deactivate_target() en net/nfc/netlink.c en el kernel de Linux antes de la versión 5.1.13 puede ser desencadenada por un programa malintencionado en modo de usuario que omite ciertos atributos NFC, lo que conduce a la denegación de servicio. • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://www.securityfocus.com/bid/108905 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 https://github.com/torvalds/linux/commit/385097a3675749cbc9e97c085c0e5dfe4269ca51 https://seclists.org/bugtraq/2019/Aug/13 https://security.netapp.com/advisory/ntap-20190806-0001 https://usn.ubuntu.com/4093-1 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4117-1 https://usn. • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ciertas condiciones por medio de un mmap superior a 512 TB. Sólo un subconjunto de sistemas powerpc están afectados. A flaw was found in the way the Linux kernel's memory subsystem on certain 64-bit PowerPCs with the hash page table MMU handled memory above 512TB. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://www.openwall.com/lists/oss-security/2019/06/24/5 http://www.securityfocus.com/bid/108884 https://access.redhat.com/errata/RHSA-2019:2703 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messag • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12881
https://notcve.org/view.php?id=CVE-2019-12881
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0. La función i915_gem_userptr_get_pages en el archivo drivers/gpu/drm/i915/i915_gem_userptr.c en el kernel de Linux versión 4.15.0 sobre Ubuntu versión 18.04.2, permite que los usuarios locales causen una denegación de servicio (desreferencia del puntero NULL y un BUG) o posiblemente tengan otro impacto no especificado por medio de una llamada ioctl al /dev/dri/card0. • http://www.securityfocus.com/bid/108873 https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520 https://security.netapp.com/advisory/ntap-20190710-0002 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 97%CPEs: 91EXPL: 0CVE-2019-11477 – Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
https://notcve.org/view.php?id=CVE-2019-11477
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. • http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en http://www.openwall.com/lists/oss-security/2019/06/20/3 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss&# • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •