Showing 1 - 4 of 4

CVE-2019-3701

Status Candidate

Overview

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Related Files

Ubuntu Security Notice USN-4115-2: Posted Sep 11, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4115-2 - USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. Various other issues were also addressed.; tags | advisory, kernel, vulnerability; systems | linux, ubuntu; advisories | CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900; SHA-256 | 05acda341e120b77b16aad0ba3eb54346f60a3e3997eca4a108689927624648c; Download | Favorite | View

Ubuntu Security Notice USN-4115-1: Posted Sep 2, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, kernel, local; systems | linux, ubuntu; advisories | CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900; SHA-256 | 08121c3db54d152e12d06507d23ec168fbb76db1ad82346d206b3edabc68482d; Download | Favorite | View

Ubuntu Security Notice USN-3932-2: Posted Apr 3, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, kernel, local, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213; SHA-256 | 6b04b1ca2b939f9ef77c26b11ce5669d6f7a229ddfbabf646e284686af89d8a3; Download | Favorite | View

Ubuntu Security Notice USN-3932-1: Posted Apr 3, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, kernel, local; systems | linux, ubuntu; advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213; SHA-256 | 8a9cf057269e567e457b41d6710b7b91e84287f5f6e3ab62365a668b68242bbc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 173 files
Ubuntu 70 files
Debian 26 files
Google Security Research 14 files
malvuln 11 files
Gentoo 10 files
nu11secur1ty 6 files
Julien Ahrens 3 files
Hangjun Go 3 files
George Tsimpidas 3 files

File Archives

Systems

AIX (426)
Apple (1,926)
BSD (370)
CentOS (55)
Cisco (1,917)
Debian (6,630)
Fedora (1,690)
FreeBSD (1,242)
Gentoo (4,272)
HPUX (878)
iOS (330)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (44,234)
Mac OS X (684)
Mandriva (3,105)
NetBSD (255)
OpenBSD (479)
RedHat (12,412)
Slackware (941)
Solaris (1,607)
SUSE (1,444)
Ubuntu (8,180)
UNIX (9,156)
UnixWare (185)
Windows (6,508)
Other

CVE-2019-3701

Overview

Related Files

File Archive:

December 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems