When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. When using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate Data Streams attack mentioned in CVE-2019-1352 where files would be written to the `.git/` directory using a synonymous directory name), it was possible to "squat" on the `git~1` shortname on NTFS drives, opening attacks via `git~2`. This also affects Git when run as a Linux application inside the Windows Subsystem for Linux.
Tag: Linux
ASA-2019-00644 – Linux kernel: A memory leak in ql_alloc_large_buffers()
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures.
ASA-2019-00643 – Linux kernel: Two memory leaks in sja1105_static_config_upload()
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures.
ASA-2019-00642 – Linux kernel: A memory leak in ccp_run_sha_cmd()
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
ASA-2019-00636 – Linux kernel: Use-after-free in aa_audit_rule_init()
There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.