CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure
https://notcve.org/view.php?id=CVE-2019-11833
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108372 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVE-2019-5018 – sqlite: Use-after-free in window function leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-5018
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en la función de ventana de Sqlite3 3.26.0. Un comando SQL especialmente diseñado puede causar un uso de memoria previamente liberada, resultando en la ejecución remota del código. • http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html http://www.securityfocus.com/bid/108294 https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190521-0001 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777 https://usn.ubuntu.com/4205-1 https://access.redhat.com/security/cve/CVE-2019-5018 https://bugzilla.redhat.com/show_bug.cgi?id=1708301 • CWE-416: Use After Free •
CVE-2019-2054
https://notcve.org/view.php?id=CVE-2019-2054
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 En la implementation seccomp anterior a la versión 4.8 del kernel, se presenta una posible omisión del componente seccomp a causa de las políticas seccomp, que permiten el uso de ptrace. Esto conllevaría a una escalada local de privilegios sin necesidad de privilegios adicionales de ejecución. • http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://source.android.com/security/bulletin/2019-05-01 https://usn.ubuntu.com/4076-1 https://usn.ubuntu.com/4095-2 •
CVE-2019-11815
https://notcve.org/view.php?id=CVE-2019-11815
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://www.securityfocus.com/bid/108283 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-11810 – kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
https://notcve.org/view.php?id=CVE-2019-11810
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 5.0.7. Una desreferencia de puntero NULL puede ocurrir cuando falla megasas_create_frame_pool() en megasas_alloc_cmds() en drivers/scsi/megaraid/megaraid_sas_base.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://www.securityfocus.com/bid/108286 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2736 https://access.redhat.com/errata/RHSA-2019:2837 https • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •