CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2019-3460 – kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
https://notcve.org/view.php?id=CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Se ha descubierto una fuga de información en múltiples ubicaciones en memoria dinámica, incluyendo L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. • http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat. • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-8956
https://notcve.org/view.php?id=CVE-2019-8956
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. En el kernel de Linux, en versiones anteriores a las 4.20.8 y 4.19.21, un error de uso de memoria previamente liberada en la función "sctp_sendmsg()" (net/sctp/socket.c) al gestionar la marca SCTP_SENDALL puede explotarse para corromper memoria • https://github.com/butterflyhack/CVE-2019-8956 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8 https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0 https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5 https://support.f5.com/csp/article/K12671141 https://usn.ubuntu.com/3930-1 https://usn.ubuntu.com/3930-2 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 1CVE-2019-10125
https://notcve.org/view.php?id=CVE-2019-10125
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Se ha descubierto un problema en aio_poll() en fs/aio.c en el kernel de Linux hasta la versión 5.0.4. aio_poll_wake() podría liberar un archivo si un evento esperado se desencadena inmediatamente (por ejemplo, al cerrar un par de tuberías) tras el retorno de vfs_poll(); esto provocará un uso de memoria previamente liberada. • http://www.securityfocus.com/bid/107655 https://patchwork.kernel.org/patch/10828359 https://security.netapp.com/advisory/ntap-20190411-0003 https://support.f5.com/csp/article/K29215970 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20669
https://notcve.org/view.php?id=CVE-2018-20669
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Se ha descubierto un problema por el cual una dirección proporcionada con access_ok() no se comprueba en i915_gem_execbuffer2_ioctl en drivers/gpu/drm/i915/i915_gem_execbuffer.c en el kernel de Linux hasta la versión 4.19.13. Un atacante local puede manipular una llamada de función IOCTL para sobrescribir memoria arbitraria del kernel, lo que resulta en una denegación de servicio (DoS) o el escalado de privilegios. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://www.openwall.com/lists/oss-security/2019/01/23/6 http://www.securityfocus.com/bid/106748 https://access.redhat.com/security/cve/cve-2018-20669 https://security.netapp.com/advisory/ntap-20190404-0002 https://support.f5.com/csp/article/K32059550 https://usn.ubuntu.com/4485-1 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9857
https://notcve.org/view.php?id=CVE-2019-9857
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service. En el kernel de Linux hasta la versión 5.0.2, la función inotify_update_existing_watch() en fs/notify/inotify/inotify_user.c no llama a fsnotify_put_mark() con IN_MASK_CREATE tras fsnotify_find_mark(), lo que provocará una fuga de memoria, también conocida como filtrado de refcount. Finalmente, esto provocará una denegación de servicio. • http://www.securityfocus.com/bid/107527 https://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs.git/commit/?h=fsnotify&id=62c9d2674b31d4c8a674bee86b7edc6da2803aea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXLZ2V2ES37A3J7DMK4MZYIWV2LEZFLM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PPH3B7FJOMWD5JWUPZKB6T44KNT4PX2L https://patchwork.kernel.org/patch/10836283 https://security.netapp.com/advisory/ntap-20190404-0002 • CWE-401: Missing Release of Memory after Effective Lifetime •