CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de enteros y lectura fuera de límites. Puede ser activado por un usuario local sin privilegios cuando se ha insertado un disquete. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https& • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13648 – kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
https://notcve.org/view.php?id=CVE-2019-13648
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c. En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una denegación de servicio (excepción de TM Bad Thing y bloqueo del sistema) por medio de una llamada de sistema de la función sigreturn() que envía una trama de señal diseñada. Esto afecta a los archivos arch/powerpc/kernel/signal_32.c y arch/powerpc/kernel/signal_64.c. A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/07/30/1 https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13631 – kernel: OOB writes in parse_hid_report_descriptor in drivers/input/tablet/gtco.c
https://notcve.org/view.php?id=CVE-2019-13631
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. En la función parse_hid_report_descriptor en el archivo drivers/input/tablet/gtco.c en el kernel de Linux hasta versión 5.2.1, un dispositivo USB malicioso puede enviar un informe HID que desencadena una escritura fuera de límites durante la generación de mensajes de depuración. A flaw was found in the Linux kernel's implementation of GTCO tablet/digitizer's version of the parse_hid_report_descriptor in drivers. An attacker with local access could use this flaw to create a specially crafted USB device inserted into the host to corrupt memory, trigger an out-of-bounds write during the generation of debugging messages, or possibly escalate the privileges of a process. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/109291 https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 21EXPL: 0CVE-2019-12615
https://notcve.org/view.php?id=CVE-2019-12615
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Se descubrió un problema en get_vdev_port_node_info en arch / sparc / kernel / mdesc.c en el kernel de Linux hasta la versión 5.1.6. Hay un kstrdup_const sin marcar de node_info-> vdev_port.name, que podría permitir que un atacante provoque una denegación de servicio (desreferencia de puntero NULL y bloqueo del sistema). • http://www.securityfocus.com/bid/108549 https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f https://security.netapp.com/advisory/ntap-20190710-0002 https://support.f5.com/csp/article/K60924046 https://support.f5.com/csp/article/K60924046?utm_source=f5support&%3Butm_medium=RSS https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras manejaba los paquetes entrantes en handle_rx(). Puede ocurrir cuando un extremo envía los paquetes más rápido de lo que el otro extremo los procesa. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108076 https://access.redhat.com/errata/RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3836 http • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •