Expand notes on CVE-2021-3736

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-04 13:04:11 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-04 13:04:50 +0100
commit: a4ee1253898e00e9a4ca58d46b6293286eb1c757 (patch)
tree: 3b4716e4725d472124845e765304cbb48c92ec5a /active/CVE-2021-3736
parent: 627135500d592359eb00fa7d35244a1c1179a133 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/active/CVE-2021-3736 b/active/CVE-2021-3736
index 8874cacd..cf7b5817 100644
--- a/active/CVE-2021-3736
+++ b/active/CVE-2021-3736
@@ -3,7 +3,11 @@ References:
  https://bugzilla.redhat.com/show_bug.cgi?id=1995570
 Notes:
  carnil> As of 2021-11-04 no further information yet provided in
- carnil> RHBZ#1995570.
+ carnil> RHBZ#1995570. The description reads as "A memory leak problem
+ carnil> was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in
+ carnil> Virtual Function I/O (VFIO) Mediated devices. This flaw could
+ carnil> allow a local attacker to leak internal kernel information."
+ carnil> and so relates to changes in samples/vfio-mdev/mbochs.c .
 Bugs:
 upstream:
 5.10-upstream-stable:
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-04 13:04:11 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-04 13:04:50 +0100
commit	a4ee1253898e00e9a4ca58d46b6293286eb1c757 (patch)
tree	3b4716e4725d472124845e765304cbb48c92ec5a /active/CVE-2021-3736
parent	627135500d592359eb00fa7d35244a1c1179a133 (diff)