Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-11487 CVE-2019-11486 CVE-2019-11599

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Linux kernel: multiple issues

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Jann Horn &lt;jannhorn () googlemail com&gt;

Date: Mon, 29 Apr 2019 14:56:06 -0400

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Here are several issues that became public somewhat recently:

== page-&gt;_refcount overflow via FUSE with ~140GiB RAM usage ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
CVE-2019-11487
NOTE: not relevant (AFAIK) on machines with normal amounts of physical memory

== missing locking in Siemens R3964 line discipline ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c7084edc3f6d67750f50d4183134c4fb5712a5c8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
CVE-2019-11486
NOTE: Rather than fixing the various issues in the driver, the commit
marks the driver as BROKEN to keep people from building it. If you
actually use the Siemens R3964 line discipline for talking to
Programmable Logic Controllers, or something like that, you may want
to reach out to gregkh and help test things - see the commit message.

== missing locking between ELF coredump code and userfaultfd VMA modification ==
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11599

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Linux kernel: multiple issues Jann Horn (Apr 29)

Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 29)

Re: Linux kernel: multiple issues Salvatore Bonaccorso (Apr 30)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Linux kernel: multiple issues

Vulmon Search

About

Products

Connect