CVE-2019-5611

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguou...

Design/Logic Flaw

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented acro...

Input validation

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguou...

FreeBSD 11.x < 11.2-RELEASE-p14 / 11.x < 11.3-RELEASE-p3 / 12.x < 12.0-RELEASE-p10 midistat Race Condition

The version of the FreeBSD kernel running on the remote host is 11.x prior to 11.2-RELEASE-p14, 11.x prior to 11.3-RELEASE-p3, or 12.x prior to 12.0-RELEASE-p10. It is, therefore, affected by an out-of-bounds memory access race condition in midistat. An authenticated attacker could exploit this,...

CVE-2019-5611

CVE-2019-5611 affects FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14.** The issue is a missing check in the mbuf chain arrangement in m_pulldown(9); if triggered, t...

CVE-2019-5611

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguou...

CVE-2019-5611

Removed by vendor...

PT-2019-17780 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.0-STABLE before r350828 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p10 FreeBSD versions 11.3-STABLE before r350829 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p3 FreeBSD versions 11.2-RELEASE before...

FreeBSD -- IPv6 remote Denial-of-Service

Problem Description: Due do a missing check in the code of mpulldown9 data returned may not be contiguous as requested by the caller. Impact: Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS denial-of-service attack with certain Ethernet...

FreeBSD -- kernel memory disclosure from /dev/midistat

Problem Description: The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact: The races allow a...

FreeBSD : FreeBSD -- IPv6 fragment reassembly panic in pf(4) (3d02520d-b309-11e9-a87f-a4badb2f4699)

A bug in the pf4 IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet. Impact : Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass. C...

kernel: Buffer overflow in hidp_process_report

A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service...

kernel: Buffer overflow in hidp_process_report

A buffer overflow due to a singed-unsigned comparsion was found in hidpprocessreport in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service...

FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access

Problem Description: The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. Impact: A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page a...

CVE-2019-13648

A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set...

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

3. Linux kernel vulnerabilities in TCP Selective Acknowledgement SACK CVE-2019-11477, CVE-2019-11478 CVE-2019-11477 - SACK Panic - A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. VMware has evaluated the severity of this issue to be in...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1668-1) (SACK Panic) (SACK Slowness)

This update for the Linux Kernel 3.12.74-6064107 fixes several issues. The following security issues were fixed : CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless netwo...

SUSE-SU-2019:1668-1 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-6064107 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless...

SUSE-SU-2019:1588-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)

Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel pani...