fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64.
Tag: Denial of Service (DoS)
ASA-2019-00631 – ClamAV: Zip Bomb Vulnerability
ClamAV versions prior to 0.101.4 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
ASA-2019-00641 – Linux kernel: Memory leak in af9005_identify_state()
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
ASA-2019-00647 – Facebook WhatsApp: A stack-based buffer overflow by sending a specially crafted MP4 file
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.
ASA-2019-00640 – Linux kernel: Memory leak in komeda_wb_connector_add()
A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures.
ASA-2019-00639 – Linux kernel: Memory leak in sof_set_get_large_ctrl_data()
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures.
ASA-2019-00638 – Linux kernel: Memory leak in sof_dfsentry_write()
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
ASA-2019-00637 – Linux kernel: Memory leak in dwc3_pci_probe()
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures.