summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-08-15 17:23:03 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2022-08-15 17:23:03 +0200
commit835cd73cfdee73f8f75e6dcb768ef30607e84515 (patch)
tree1ceca8898f5e36fff33248c433b55c78848c1a84
parentb169022bb4b16e5274b14950e7f984b602f383d5 (diff)
Add initial drafts for some CVEs fixed in 5.10.136-1
-rw-r--r--dsa-texts/5.10.136-120
1 files changed, 20 insertions, 0 deletions
diff --git a/dsa-texts/5.10.136-1 b/dsa-texts/5.10.136-1
index 5797242a..9ba8f3d4 100644
--- a/dsa-texts/5.10.136-1
+++ b/dsa-texts/5.10.136-1
@@ -7,12 +7,32 @@ leaks.
CVE-2022-2585
+ A use-after-free flaw in the implementation of POSIX CPU timers may
+ result in denial of service or in local privilege escalation.
+
CVE-2022-2586
+ A use-after-free in the Netfilter subsystem may result in local
+ privilege escalation for a user with the CAP_NET_ADMIN capability in
+ any user or network namespace.
+
CVE-2022-2588
+ Zhenpeng Lin discovered a use-after-free flaw in the cls_route
+ filter implementation which may result in local privilege escalation
+ for a user with the CAP_NET_ADMIN capability in any user or network
+ namespace.
+
CVE-2022-26373
+ It was discovered that on certain processors with Intel's Enhanced
+ Indirect Branch Restricted Speculation (eIBRS) capabilities there
+ are exceptions to the documented properties in some situations,
+ which may result in information disclosure.
+
+ Intel's explanation of the issue can be found at
+ <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html>
+
CVE-2022-29900
CVE-2022-29901

© 2014-2024 Faster IT GmbH | imprint | privacy policy