what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2019-6974

Status Candidate

Overview

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Related Files

Red Hat Security Advisory 2020-0103-01
Posted Jan 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0103-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-18281, CVE-2018-20856, CVE-2019-11599, CVE-2019-6974
SHA-256 | fcb90197bf847c6ebafd82de864d910086dc1d311169e67eb45ec1ca8f2ab402
Red Hat Security Advisory 2019-3967-01
Posted Nov 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3967-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-18208, CVE-2018-10902, CVE-2018-18559, CVE-2018-9568, CVE-2019-3900, CVE-2019-5489, CVE-2019-6974, CVE-2019-7221
SHA-256 | 66e722646d95d8050e8689ab877a158f944b3ed35f9ac87838daa6fb683821f9
Red Hat Security Advisory 2019-2809-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2809-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-13272, CVE-2019-5489, CVE-2019-6974
SHA-256 | 065fb6804a32c763981ec09f0933ce0630e20b3bed1485d5fd86a3a94081c7d1
Red Hat Security Advisory 2019-0818-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-6974, CVE-2019-7221
SHA-256 | 427f88a5bf4bb111b281c387156542e436bd1b24b32e98bcda295d272e82b805
Red Hat Security Advisory 2019-0833-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-6974, CVE-2019-7221
SHA-256 | e14d7ebf1d627363be450e397294ed00af591dd9d8bcfa0a76501e348e42ddb2
Ubuntu Security Notice USN-3933-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3933-2 - USN-3933-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000410, CVE-2017-18360, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7222, CVE-2019-9213
SHA-256 | 293ab65e73bf98d20f314b55630ebb7d784a521cd0ca32fe2129f80d23b2e3ac
Ubuntu Security Notice USN-3933-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3933-1 - It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information. It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000410, CVE-2017-18360, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7222, CVE-2019-9213
SHA-256 | dacdaa1df1a65a7d64811fadba0688d21342dc6a545f4369b2f3a0d1e7628320
Ubuntu Security Notice USN-3932-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3932-2 - USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213
SHA-256 | 6b04b1ca2b939f9ef77c26b11ce5669d6f7a229ddfbabf646e284686af89d8a3
Ubuntu Security Notice USN-3932-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3932-1 - It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18249, CVE-2018-14610, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14616, CVE-2018-16884, CVE-2018-9517, CVE-2019-3459, CVE-2019-3701, CVE-2019-3819, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-9213
SHA-256 | 8a9cf057269e567e457b41d6710b7b91e84287f5f6e3ab62365a668b68242bbc
Ubuntu Security Notice USN-3931-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3931-2 - USN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14678, CVE-2018-18021, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912, CVE-2019-8980, CVE-2019-9213
SHA-256 | 3da25881795c75e4bb949d560d025be98c843cd588e2826360ca5c71e4e66c69
Ubuntu Security Notice USN-3931-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3931-1 - M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service. It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service or execute arbitrary code in the host. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2018-14678, CVE-2018-18021, CVE-2018-19824, CVE-2019-3460, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912, CVE-2019-8980, CVE-2019-9213
SHA-256 | 8648907b306a30de1b668a41a8ae79574d61f4eeddb6db9b310b4966103ace78
Ubuntu Security Notice USN-3930-2
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3930-2 - USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-19824, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912, CVE-2019-8956, CVE-2019-8980, CVE-2019-9003, CVE-2019-9162, CVE-2019-9213
SHA-256 | 4102f0cd3e3625cbe62726a696226a0b078386a4844fe7aa1d3769f8d3be7544
Ubuntu Security Notice USN-3930-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3930-1 - Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-19824, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912, CVE-2019-8956, CVE-2019-8980, CVE-2019-9003, CVE-2019-9162, CVE-2019-9213
SHA-256 | 368e9dbf141a9e760054a79a440120646f0b3026e48ac5716619c4793e2820ff
Linux kvm_ioctl_create_device() Reference Flow Failure
Posted Feb 15, 2019
Authored by Jann Horn, Google Security Research

Linux kvm_ioctl_create_device() installs fd before taking reference.

tags | exploit
systems | linux
advisories | CVE-2019-6974
SHA-256 | 6033e3d8087f707cca80ae2b210063193f8832909919ef387c2905dae1a56a0d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close