CVE-2019-19338 – Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
https://notcve.org/view.php?id=CVE-2019-19338
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19338 https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort https://www.openwall.com/lists/oss-security/2019/12/10/3 https://access.redhat.com/security/cve/CVE-2019-19338 https://bugzilla.redhat.com/show_bug.cgi?id=1781514 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVE-2019-19332 – Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
https://notcve.org/view.php?id=CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Se encontró un problema de escritura de memoria fuera de límites en el kernel de Linux, versiones 3.13 hasta 5.4, en la manera en que el hipervisor KVM del kernel de Linux manejó la petición "KVM_GET_EMULATED_CPUID" ioctl(2) para obtener las funcionalidades de CPUID emuladas por el hipervisor KVM. Un usuario o proceso capaz de acceder al dispositivo "/dev/kvm" podría usar este fallo para bloquear el sistema, resultando en una denegación de servicio. An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com https://security.netapp.com/advisory/ntap-20200204-0002 https: • CWE-787: Out-of-bounds Write •
CVE-2019-19927
https://notcve.org/view.php?id=CVE-2019-19927
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. En el kernel de Linux versión 5.0.0-rc7 (distribuido en ubuntu/linux.git en kernel.ubuntu.com), montar una imagen de sistema de archivos f2fs especialmente diseñada y llevar a cabo algunas operaciones puede conllevar a un acceso de lectura fuera de límites en la función ttm_put_pages en el archivo drivers/gpu/drm/ttm/ttm_page_alloc.c. Esto está relacionado con el módulo vmwgfx o ttm. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927 https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428 https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39 https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4 https://security.netapp.com/advisory/ntap-20200204-0002 • CWE-125: Out-of-bounds Read •
CVE-2019-20095 – kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
https://notcve.org/view.php?id=CVE-2019-20095
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. La función mwifiex_tm_cmd en el archivo drivers/net/wireless/marvell/mwifiex/cfg80211.c en el kernel de Linux versiones anteriores a la versión 5.1.6 tiene algunos casos de manejo de errores que no liberaron la memoria hostcmd asignada, también se conoce como CID-003b686ace82. Esto causará una pérdida de memoria y una denegación de servicio. A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in "Test Mode." • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc https://security.netapp.com/advisory/ntap-20200204-0002 https://access.redhat.com/security/cve/CVE-2019-20095 https://bugzilla.redhat.com/show_bug.cgi?id=1791954 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2019-20096
https://notcve.org/view.php?id=CVE-2019-20096
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. En el kernel de Linux versiones anteriores a la versión 5.1, hay una pérdida de memoria en la función __feat_register_sp() en el archivo net/dccp/feat.c, lo que puede causar una denegación de servicio, también se conoce como CID-1d3ff0950e2b. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d3ff0950e2b40dc861b1739029649d03f591820 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4286-1 https://usn& • CWE-401: Missing Release of Memory after Effective Lifetime •