Jakub Jirasek

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.6 **Description** A null pointer dereference issue was addressed through improved validation. **Recommendations** For versions prior to 10.13.6, update to macOS High Sierra 10.13.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to 4.20.8 Linux Kernel versions prior to 4.19.21 **Description** A use-after-free error in the `sctp sendmsg()` function when handling the `SCTP SENDALL` flag can be exploited to corrupt memory, potentially allowing an attacker to cause a denial of service or elevate their privileges. The issue is related to the implementation of the SCTP protocol in the Linux Kernel. **Recommendations** For Linux Kernel versions prior to 4.20.8, update to version 4.20.8 or later to resolve the issue. For Linux Kernel versions prior to 4.19.21, update to version 4.19.21 or later to resolve the issue. As a temporary workaround, consider disabling the `sctp sendmsg()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 11.2-STABLE(r340854) and prior to 11.2-RELEASE-p5 **Description** An integer overflow error can occur when handling the client address length field in an NFSv4 request, allowing unprivileged remote users with access to the NFS server to crash the system by sending a specially crafted NFSv4 request. **Recommendations** For versions prior to 11.2-STABLE(r340854), update to 11.2-STABLE(r340854) or later. For versions prior to 11.2-RELEASE-p5, update to 11.2-RELEASE-p5 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 11.2-STABLE(r340854) and prior to 11.2-RELEASE-p5 **Description** The issue is caused by an integer overflow error when handling opcodes, which can lead to memory corruption. This can be triggered by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. **Recommendations** For versions prior to 11.2-STABLE(r340854), update to 11.2-STABLE(r340854) or later. For versions prior to 11.2-RELEASE-p5, update to 11.2-RELEASE-p5 or later.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 11.2-STABLE(r338986) FreeBSD versions prior to 11.2-RELEASE-p4 FreeBSD versions prior to 11.1-RELEASE-p15 FreeBSD versions prior to 10.4-STABLE(r338985) FreeBSD versions prior to 10.4-RELEASE-p13 **Description** The issue is related to errors in pointer dereferencing, which can lead to a crash of the application when exploited. Specifically, in FreeBSD, improper maintenance of IPv6 protocol control block flags through various failure paths can cause a NULL pointer dereference, leading to a kernel crash. An unprivileged authenticated local user may be able to exploit this issue. **Recommendations** For versions prior to 11.2-STABLE(r338986), update to 11.2-STABLE(r338986) or later. For versions prior to 11.2-RELEASE-p4, update to 11.2-RELEASE-p4 or later. For versions prior to 11.1-RELEASE-p15, update to 11.1-RELEASE-p15 or later. For versions prior to 10.4-STABLE(r338985), update to 10.4-STABLE(r338985) or later. For versions prior to 10.4-RELEASE-p13, update to 10.4-RELEASE-p13 or later.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.16.11 Linux Kernel versions prior to 4.14.43 Linux Kernel versions prior to 4.9.102 Linux Kernel versions prior to 4.4.133 Description: The issue is related to multiple race condition errors when handling probe, disconnect, and rebind operations. These errors can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. Recommendations: For Linux Kernel versions prior to 4.16.11, update to version 4.16.11 or later. For Linux Kernel versions prior to 4.14.43, update to version 4.14.43 or later. For Linux Kernel versions prior to 4.9.102, update to version 4.9.102 or later. For Linux Kernel versions prior to 4.4.133, update to version 4.4.133 or later.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.4.114 Description: The issue allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. Recommendations: For versions prior to 4.14.8, update to version 4.14.8 or later. For versions prior to 4.4.114, update to version 4.4.114 or later.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.15.8 Linux Kernel versions prior to 4.14.25 Linux Kernel versions prior to 4.9.87 Linux Kernel versions prior to 4.4.121 Linux Kernel versions prior to 4.1.51 Linux Kernel versions prior to 3.2.102 Description: The issue is related to an error in the ` sctp make chunk()` function when handling SCTP packets length, which can be exploited to cause a kernel crash. Recommendations: For versions prior to 4.15.8, update to version 4.15.8 or later. For versions prior to 4.14.25, update to version 4.14.25 or later. For versions prior to 4.9.87, update to version 4.9.87 or later. For versions prior to 4.4.121, update to version 4.4.121 or later. For versions prior to 4.1.51, update to version 4.1.51 or later. For versions prior to 3.2.102, update to version 3.2.102 or later.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.9.71 Linux Kernel versions prior to 4.4.114 Description: The issue is related to the `stub recv cmd submit()` function in the Linux Kernel, which can be exploited by attackers to cause a denial of service via a specially crafted USB over IP packet. This is due to a buffer overflow in memory operations. The exploitation of this issue may allow a remote attacker to cause a denial of service. Recommendations: For Linux Kernel versions prior to 4.14.8, update to version 4.14.8 or later. For Linux Kernel versions prior to 4.9.71, update to version 4.9.71 or later. For Linux Kernel versions prior to 4.4.114, update to version 4.4.114 or later. As a temporary workaround, consider disabling the `stub recv cmd submit()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.9.71 Linux Kernel versions prior to 4.4.114 Description: The issue is related to the `get pipe()` function in the Linux Kernel, specifically in the `drivers/usb/usbip/stub rx.c` file. It involves an out-of-bounds read in memory, which can be exploited by a remote attacker using a specially crafted USB over IP packet. This exploitation can lead to a denial of service. Recommendations: For Linux Kernel versions prior to 4.14.8, update to version 4.14.8 or later. For Linux Kernel versions prior to 4.9.71, update to version 4.9.71 or later. For Linux Kernel versions prior to 4.4.114, update to version 4.4.114 or later.

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.14.8 Linux Kernel versions prior to 4.9.71 Linux Kernel versions prior to 4.1.49 Linux Kernel versions prior to 4.4.107 Description: The issue is related to errors in handling null pointer dereferences in the `stub send ret submit()` function, located in the `drivers/usb/usbip/stub tx.c` file of the Linux Kernel. This can be exploited by a remote attacker using a specially crafted USB over IP packet, potentially leading to a denial of service. Recommendations: For Linux Kernel versions prior to 4.14.8, update to version 4.14.8 or later. For Linux Kernel versions prior to 4.9.71, update to version 4.9.71 or later. For Linux Kernel versions prior to 4.1.49, update to version 4.1.49 or later. For Linux Kernel versions prior to 4.4.107, update to version 4.4.107 or later.