CVE-2020-8648 – kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
https://notcve.org/view.php?id=CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=206361 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200924-0004 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4345-1 • CWE-416: Use After Free •
CVE-2019-19063 – kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
https://notcve.org/view.php?id=CVE-2019-19063
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Dos pérdidas de memoria en la función rtl_usb_probe() en el archivo drivers/net/wireless/realtek/rtlwifi/usb.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-3f9361695113. A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://seclists.org/bugtraq/2020/Jan • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19061
https://notcve.org/view.php?id=CVE-2019-19061
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4526-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19060
https://notcve.org/view.php?id=CVE-2019-19060
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4210-1 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4364-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19057 – kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19057
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. Dos fugas de memoria en la función mwifiex_pcie_init_evt_ring() en el archivo drivers/net/wireless/marvell/mwifiex/pcie.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función mwifiex_map_pci_memory(), también se conoce como CID-d10dcb615c8e. Two memory leak flaws were found in the Linux kernel's mwifiex_pcie_init_evt_ring() function. A local attacker, able to reload the kernel module or hotplug Marvell WiFi hardware using this driver, can cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https:// • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •