CVE-2018-18690 – kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change
https://notcve.org/view.php?id=CVE-2018-18690
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. En el kernel de Linux en versiones anteriores a la 4.17, un atacante local que sea capaz de establecer atributos en un sistema de archivos xfs podría hacer que este sistema de archivos no esté operativo hasta el siguiente montaje desencadenando una condición de error no marcada. Esto se debe a que xfs_attr_shortform_addname en fs/xfs/libxfs/xfs_attr.c gestiona de manera incorrecta las operaciones ATTR_REPLACE con la conversión de un attr de forma corta a forma larga. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c http://www.securityfocus.com/bid/105753 https://bugzilla.kernel.org/show_bug.cgi?id=199119 https://bugzilla.suse.com/show_bug.cgi?id=1105025 https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian- • CWE-391: Unchecked Error Condition CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2018-18559 – kernel: Use-after-free due to race condition in AF_PACKET implementation
https://notcve.org/view.php?id=CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0188 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2020:0174 https://blogs.securiteam.com/index.php/archives/3731 https://access.redhat.com/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2018-18386 – kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service
https://notcve.org/view.php?id=CVE-2018-18386
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. drivers/tty/n_tty.c en el kernel de Linux en versiones anteriores a la 4.14.11 permite que atacantes locales (que pueden acceder a los pseudoterminales) bloqueen el uso de dispositivos pseudoterminal debido a una confusión EXTPROC versus ICANON en TIOCINQ. A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348 https://access.redhat.com/errata/RHSA-2019:0831 https://bugzilla.suse.com/show_bug.cgi?id=1094825 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348 https://usn.ubuntu.com/3849-1 https://usn.ubuntu.com/3849-2 https://access.redhat.com/security/cve/CVE-2018-18386 https://bugzilla& • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-18445 – kernel: Faulty computation of numberic bounds in the BPF verifier
https://notcve.org/view.php?id=CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. En el kernel de Linux 4.14.x, 4.15.x, 4.16.x, 4.17.x y versiones 4.18.x anteriores a la 4.18.13, el cálculo incorrecto de enlaces numéricos en el verificador BPF permite accesos a la memoria fuera de límites debido a que adjust_scalar_min_max_vals en kernel/bpf/verifier.c gestiona de manera incorrecta los desplazamientos a la derecha de 32 bits. A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user ("root") this can lead to a system panic and a denial of service or other unspecified impact. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https:/ • CWE-125: Out-of-bounds Read •
CVE-2018-14656
https://notcve.org/view.php?id=CVE-2018-14656
A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. La falta de una comprobación de direcciones en los llamantes de show_opcodes() en el kernel de Linux permite que un atacante vuelque la memoria del kernel en una dirección arbitraria del kernel en el registro dmesg. • http://www.securitytracker.com/id/1041804 https://bugs.chromium.org/p/project-zero/issues/detail?id=1650 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4 https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T https://seclists.org/oss-sec/2018/q4/9 • CWE-20: Improper Input Validation •