diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-24 19:17:32 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-24 19:17:32 +0200 |
commit | a986aaf6a9a07409f3d6c7e68c3830db0c116628 (patch) | |
tree | 5168a8b61aaca7481cb0abcad217c42a34a91f6e | |
parent | 780ec9c908bce3f333968ca5d06150f4d0364151 (diff) |
Add first set of CVE descriptions
-rw-r--r-- | dsa-texts/5.10.46-5 | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/dsa-texts/5.10.46-5 b/dsa-texts/5.10.46-5 index 1aaed86d..1b0494c2 100644 --- a/dsa-texts/5.10.46-5 +++ b/dsa-texts/5.10.46-5 @@ -55,19 +55,29 @@ CVE-2021-38160 CVE-2021-38166 - Description + An integer overflow flaw in the BPF subsystem could allow a local + attacker able to cause a denial of service or potentially the + execution of arbitrary code. This flaw is mitigated by default in + Debian as unprivileged calls to bpf() are disabled. CVE-2021-38199 - Description + Michael Wakabayashi reported a flaw in the NFSv4 client + subsystem where incorrect connection-setup ordering allows + operations of a remote NFSv4 server to cause a denial of service + (hanging of mounts). CVE-2021-40490 - Description + A race condition was discovered in the ext4 subsystem when writing + to an inline_data file while its xattrs are changing, which could + result in denial of service. CVE-2021-41073 - Description + Valentina Palmiotti discovered a flaw in io_uring allowing a local + attacker to escalate privileges by using IORING_OP_PROVIDE_BUFFERS + to trigger a free of a kernel buffer. For the stable distribution (bullseye), these problems have been fixed in version 5.10.46-5. |