Allele Security Intelligence

ASA-2019-00641 – Linux kernel: Memory leak in af9005_identify_state()

Posted on November 26, 2019December 10, 2019 by Allele Security Intelligence in Alerts

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).

ASA-2019-00647 – Facebook WhatsApp: A stack-based buffer overflow by sending a specially crafted MP4 file

Posted on November 14, 2019November 16, 2019 by Allele Security Intelligence in Alerts

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.

ASA-2019-00640 – Linux kernel: Memory leak in komeda_wb_connector_add()

Posted on November 8, 2019November 25, 2019 by Allele Security Intelligence in Alerts

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures.

ASA-2019-00639 – Linux kernel: Memory leak in sof_set_get_large_ctrl_data()

Posted on November 8, 2019November 25, 2019 by Allele Security Intelligence in Alerts

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures.

ASA-2019-00638 – Linux kernel: Memory leak in sof_dfsentry_write()

Posted on November 8, 2019November 25, 2019 by Allele Security Intelligence in Alerts

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).

ASA-2019-00637 – Linux kernel: Memory leak in dwc3_pci_probe()

Posted on November 8, 2019November 25, 2019 by Allele Security Intelligence in Alerts

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures.

ASA-2019-00636 – Linux kernel: Use-after-free in aa_audit_rule_init()

Posted on November 8, 2019November 15, 2019 by Allele Security Intelligence in Alerts

There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.

ASA-2019-00635 – Linux kernel: Signed integer overflow in tcp_ack_update_rtt()

Posted on November 7, 2019December 5, 2019 by Allele Security Intelligence in Alerts

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact.