CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-5481 – curl: double free due to subsequent call of realloc()
https://notcve.org/view.php?id=CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5481.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-415: Double Free CWE-416: Use After Free •
CVE-2019-15538 – kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c
https://notcve.org/view.php?id=CVE-2019-15538
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Se descubrió un problema en xfs_setattr_nonsize en fs / xfs / xfs_iops.c en el kernel de Linux a través de 5.2.9. XFS se bloquea parcialmente cuando falla un chgrp debido a que no se encuentra en la cuota de disco. xfs_setattr_nonsize no puede desbloquear el ILOCK después de que la llamada xfs_qm_vop_chown_reserve falla. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://lists.fedoraproject.org/archives& • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-15211
https://notcve.org/view.php?id=CVE-2019-15211
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.6. Se presenta un uso de memoria previamente liberada causado por un dispositivo USB malicioso en el controlador drivers/media/v4l2-core/v4l2-dev.c porque el archivo drivers/media/radio/radio-raremono.c no asigna apropiadamente la memoria. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0 https://lists.debian.org/debian • CWE-416: Use After Free •
CVE-2019-15212
https://notcve.org/view.php?id=CVE-2019-15212
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.1.8. Se presenta una vulnerabilidad de doble liberación causada por un dispositivo USB malicioso en el controlador drivers/usb/misc/rio500.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3864d33943b4a76c6e64616280e98d2410b1190f https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lt • CWE-415: Double Free •