CVE-2019-9445

Vulnerability Summary

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel prior to 5.3.9 allows malicious users to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061) A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel up to and including 5.3.11 allows malicious users to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. (CVE-2019-19074) In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445) A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel up to and including 5.3.11 allows malicious users to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054) In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016) The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel up to and including 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043) In the Linux kernel up to and including 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. ( CVE-2020-15393 ) A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel up to and including 5.3.9 allows malicious users to cause a denial of service (memory consumption), aka CID-128c66429247. (CVE-2019-18808) The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel up to and including 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (CVE-2018-10323) An issue exists in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel up to and including 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655) Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel up to and including 5.3.11 allow malicious users to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073) The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232) The Serial Attached SCSI (SAS) implementation in the Linux kernel up to and including 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232) A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)

Vulnerability Trend

Vendor Advisories

References