CVE-2019-15099 – kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
https://notcve.org/view.php?id=CVE-2019-15099
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath10k/usb.c en el kernel de Linux versiones hasta 5.2.8, presenta una desreferencia del puntero NULL por medio de una dirección incompleta en un descriptor de endpoint. A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the attacker to plug in a specially crafted hardware device that present endpoint descriptors that normal ath10k devices do not recognize. System availability is the highest threat with this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u https://security.netapp.com/advisory/ntap-20190905-0002 https://support.f5.com/csp/article/K76295179 https://support.f5.com/csp/article/K76295179?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 http • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2019-15090 – kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
https://notcve.org/view.php?id=CVE-2019-15090
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Se detectó un problema en el archivo drivers/scsi/qedi/qedi_dbg.c en el kernel de Linux versiones anteriores a 5.1.12. En la familia de funciones qedi_dbg_*, se presenta una lectura fuera de límites. An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qedi/qedi_dbg.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc https://security.netapp.com/advisory/ntap-20190905-0002 https://usn.ubuntu.com/4115-1 https://us • CWE-125: Out-of-bounds Read •
CVE-2019-10140 – kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c
https://notcve.org/view.php?id=CVE-2019-10140
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). Se encontró una vulnerabilidad en la implementación de overlayfs, versiones hasta 3.10, del kernel de Linux. Un atacante con acceso local puede crear una situación de denegación de servicio por medio de una desreferencia del puntero NULL en la función ovl_posix_acl_create en el archivo fs/overlayfs/dir.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 https://security.netapp.com/advisory/ntap-20190905-0002 https://access.redhat.com/security/cve/CVE-2019-10140 https://bugzilla.redhat.com/show_bug.cgi?id=1677778 • CWE-476: NULL Pointer Dereference •
CVE-2017-18509
https://notcve.org/view.php?id=CVE-2017-18509
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. • http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745 https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745 https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://lists.openwall.net/netdev/2017/12/04/40 https://pulsesecurity.co.nz/ad • CWE-20: Improper Input Validation •
CVE-2019-10207 – kernel: null-pointer dereference in hci_uart_set_flow_control
https://notcve.org/view.php?id=CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. Se encontró un fallo en la implementación Bluetooth del kernel de Linux de UART, todas las versiones del kernel 3.x.x anteriores a 4.18.0 y kernel 5.x.x. Un atacante con acceso local y permisos de escritura en el hardware de Bluetooth podría usar este fallo para emitir una llamada de función ioctl especialmente diseñada y causar que el sistema se bloquee. A flaw was found in the Linux kernel’s Bluetooth implementation of UART. • https://github.com/butterflyhack/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10207 https://security.netapp.com/advisory/ntap-20200103-0001 https://access.redhat.com/security/cve/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=1733874 • CWE-476: NULL Pointer Dereference •