CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
https://notcve.org/view.php?id=CVE-2019-5108
23 Dec 2019 — An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentic... • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-19922 – kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
https://notcve.org/view.php?id=CVE-2019-19922
22 Dec 2019 — kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-perfo... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19535
https://notcve.org/view.php?id=CVE-2019-19535
03 Dec 2019 — In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. En el kernel de Linux versiones anteriores a 5.2.9, hay un bug de filtrado de información que puede ser causado por un dispositivo USB malicioso en el controlador del archivo drivers/net/can/usb/peak_usb/pcan_usb_fd.c, también se conoce como CID-30a8beeb3042. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2019-19052 – Ubuntu Security Notice USN-4228-1
https://notcve.org/view.php?id=CVE-2019-19052
18 Nov 2019 — A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Una pérdida de memoria en la función gs_can_open() en el archivo drivers/net/can/usb/gs_usb.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función us... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-14821 – Kernel: KVM: OOB memory access via mmio ring buffer
https://notcve.org/view.php?id=CVE-2019-14821
19 Sep 2019 — An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potenti... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15218 – Ubuntu Security Notice USN-4147-1
https://notcve.org/view.php?id=CVE-2019-15218
19 Aug 2019 — An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.1.8. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador drivers/media/usb/siano/smsusb.c. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1CVE-2019-1010238 – pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-1010238
19 Jul 2019 — Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. Pango versión 1.42 y posterior de Gnome, está afectada por: Desbordamiento de Búfer. • https://access.redhat.com/errata/RHBA-2019:2824 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
25 Apr 2019 — An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras ma... • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •