what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2019-11599

Status Candidate

Overview

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Related Files

Ubuntu Security Notice USN-4115-2
Posted Sep 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4115-2 - USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900
MD5 | f3c403ca6993818b3a6b46a2dc892b23
Ubuntu Security Notice USN-4118-1
Posted Sep 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4118-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-13053, CVE-2018-13093, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14614, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511, CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11085, CVE-2019-11487, CVE-2019-11599
MD5 | 606239d761ad7f615ccb6ead5cc82c96
Ubuntu Security Notice USN-4115-1
Posted Sep 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900
MD5 | d33b91a9062e22127c5fc65115ec33fe
Ubuntu Security Notice USN-4095-1
Posted Aug 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4095-1 - Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-11599, CVE-2019-12614, CVE-2019-13272, CVE-2019-3846
MD5 | ff726cc76288b070879d39966cb18209
Red Hat Security Advisory 2019-2043-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2043-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222
MD5 | 396c021234e85bd85be4ed53ce333c58
Red Hat Security Advisory 2019-2029-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2029-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222
MD5 | 91bf814ce959e44a2c4748ee469254c3
Ubuntu Security Notice USN-4069-2
Posted Jul 31, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4069-2 - USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11487, CVE-2019-11599, CVE-2019-11833, CVE-2019-11884
MD5 | eed12995fb3ecba8be58c706282a29f2
Ubuntu Security Notice USN-4069-1
Posted Jul 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4069-1 - It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-11487, CVE-2019-11599, CVE-2019-11833, CVE-2019-11884
MD5 | 6df771797de75dc230e8feb33ae00aae
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Jul 22, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-16597, CVE-2019-10126, CVE-2019-11599, CVE-2019-13272, CVE-2019-3846, CVE-2019-3892
MD5 | dcc164dee87e520c21919a34673ad54b
Debian Security Advisory 4465-1
Posted Jun 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2019-10126, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11486, CVE-2019-11599, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-3846, CVE-2019-5489, CVE-2019-9500, CVE-2019-9503
MD5 | a2e7d7ad8cd5265b8a90186bcd82ff4d
Linux Missing Lockdown
Posted Apr 29, 2019
Authored by Jann Horn, Google Security Research

Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.

tags | exploit
systems | linux
advisories | CVE-2019-11599
MD5 | 6e83b659aeebd1f611e769f9fff5b64b
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close