Page 61 of 733 results (0.012 seconds)

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-15917 – kernel: use-after-free in drivers/bluetooth/hci_ldisc.c

https://notcve.org/view.php?id=CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.5. Se presenta un problema de uso de la memoria previamente liberada cuando la función hci_uart_register_dev() presenta un fallo en función hci_uart_set_proto() en el archivo drivers/bluetooth/hci_ldisc.c A flaw was found in the Linux kernel's implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5 https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-15919 – kernel: use-after-free in SMB2_write function in fs/cifs/smb2pdu.c

https://notcve.org/view.php?id=CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_write en el archivo fs/cifs/smb2pdu.c presenta un uso de la memoria previamente liberada. An flaw was discovered in the Linux kernel's CIFS client implementation. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://github.com/torvalds/linux/commit/6a3eb3360667170988f8a6477f6686242061488a https://security.netapp.com/advisory/ntap-20191004-0001 https://access.redhat.com/security/cve/CVE-2019-15919 https://bugzilla.redhat.com/show_bug.cgi?id=1750410 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-15920 – kernel: use-after-free information leak in SMB2_read

https://notcve.org/view.php?id=CVE-2019-15920

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_read en el archivo fs/cifs/smb2pdu.c presenta un uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://github.com/torvalds/linux/commit/088aaf17aa79300cab14dbee2569c58cfafd7d6e https://security.netapp.com/advisory/ntap-20191004-0001 https://access.redhat.com/security/cve/CVE-2019-15920 https://bugzilla.redhat.com/show_bug.cgi?id=1760864 • CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-15921 – kernel: memory leak in genl_register_family() in net/netlink/genetlink.c

https://notcve.org/view.php?id=CVE-2019-15921

An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.6. Se presenta un problema de pérdida de memoria cuando la función idr_alloc() presenta un fallo en la función genl_register_family() en el archivo net/netlink/genetlink.c. A flaw was found in the genl_register_family function in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6 https://github.com/torvalds/linux/commit/ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2 https://security.netapp.com/advisory/ntap-20191004-0001 https://access.redhat.com/security/cve/CVE-2019-15921 https://bugzilla.redhat.com/show_bug.cgi?id=1760958 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.6EPSS: 0%CPEs: 14EXPL: 1

CVE-2019-15902

https://notcve.org/view.php?id=CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Se descubiró un error de backporting en el kernel de Linux estable/a largo plazo en sus versiones 4.4.x hasta 4.4.190, versiones 4.9.x hasta 4.9.190, versiones 4.14.x hasta 4.14.141, versiones 4.19.x hasta 4.19.69 y versiones 5.2.x hasta 5.2 .11. El uso incorrecto del commit "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" aguas arriba reintrodujo la vulnerabilidad Spectre que se pretendía eliminar. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https://seclists.org/bugtraq/2019/Sep/41 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4157-1 https://usn.ubuntu.com/4157-2 https://usn.ubuntu.com/4162-1 http • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •