diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 19:50:37 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 19:50:37 +0100 |
commit | 260da640e862361cc6c78d244ca1676c2ffc5138 (patch) | |
tree | 58a250cec9699aef48422ce742f4ef8aefb76cb0 | |
parent | 98bf7d1af0171e7abab29e9599c0037fe8a357a4 (diff) |
dsa-texts: Fill in more issue descriptions
-rw-r--r-- | dsa-texts/3.16.84-1 | 24 | ||||
-rw-r--r-- | dsa-texts/4.19.118-2+deb10u1 | 5 | ||||
-rw-r--r-- | dsa-texts/4.9.210-1+deb9u1 | 17 |
3 files changed, 37 insertions, 9 deletions
diff --git a/dsa-texts/3.16.84-1 b/dsa-texts/3.16.84-1 index 41fa4ee6..b6546180 100644 --- a/dsa-texts/3.16.84-1 +++ b/dsa-texts/3.16.84-1 @@ -29,11 +29,19 @@ CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613 CVE-2019-5108 - Description + Mitchell Frank of Cisco discovered that when the IEEE 802.11 + (WiFi) stack was used in AP mode with roaming, it would trigger + roaming for a newly associated station before the station was + authenticated. An attacker within range of the AP could use this + to cause a denial of service, either by filling up a switching + table or by redirecting traffic away from other stations. CVE-2019-19319 - Description + Jungyeon discovered that a crafted filesystem can cause the ext4 + implementation to deallocate or reallocate journal blocks. A user + permitted to mount filesystems could use this to cause a denial of + service (crash), or possibly for privilege escalation. CVE-2019-19447 @@ -45,11 +53,19 @@ CVE-2019-19447 CVE-2019-19768 - Description + Tristan Madani reported a race condition in the blktrace debug + facility that could result in a use-after-free. A local user able + to trigger removal of block devices could possibly use this to + cause a denial of service (crash) or for privilege escalation. CVE-2019-20636 - Description + The syzkaller tool found that the input subsystem did not fully + validate keycode changes, which could result in a heap + out-of-bounds write. A local user permitted to access the device + node for an input or VT device could possibly use this to cause a + denial of service (crash or memory corruption) or for privilege + escalation. CVE-2020-0009 diff --git a/dsa-texts/4.19.118-2+deb10u1 b/dsa-texts/4.19.118-2+deb10u1 index 36740597..50514e0b 100644 --- a/dsa-texts/4.19.118-2+deb10u1 +++ b/dsa-texts/4.19.118-2+deb10u1 @@ -22,7 +22,10 @@ CVE-2019-3016 CVE-2019-19462 - Description + The syzkaller tool found a missing error check in the 'relay' + library used to implement various files under debugfs. A local + user permitted to access debugfs could use this to cause a denial + of service (crash) or possibly for privilege escalation. CVE-2020-0543 diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index 94a59056..a6c90658 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -43,19 +43,28 @@ CVE-2019-19319 CVE-2019-19462 - Description + The syzkaller tool found a missing error check in the 'relay' + library used to implement various files under debugfs. A local + user permitted to access debugfs could use this to cause a denial + of service (crash) or possibly for privilege escalation. CVE-2019-19768 - Description + Tristan Madani reported a race condition in the blktrace debug + facility that could result in a use-after-free. A local user able + to trigger removal of block devices could possibly use this to + cause a denial of service (crash) or for privilege escalation. CVE-2019-20806 - Description + A potential null pointer dereference was discovered in the tw5864 + media driver. The security impact of this is unclear. CVE-2019-20811 - Description + The Hulk Robot tool found a reference-counting bug in an error + path in the network subsystem. The security impact of this is + unclear. CVE-2020-0543 |