diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-18 17:06:00 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-18 17:07:41 +0200 |
commit | 872d8bb0a40122543fa1d1a65aea8dedd96085e5 (patch) | |
tree | 283133804442403fa6b45345f59c7aa1fb74ee80 /dsa-texts/4.19.152-1 | |
parent | 627cecd5b7d8ecba97fdbb4eb1310cf20f84c602 (diff) |
Add draft for 4.19.152-1 upload
Diffstat (limited to 'dsa-texts/4.19.152-1')
-rw-r--r-- | dsa-texts/4.19.152-1 | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/dsa-texts/4.19.152-1 b/dsa-texts/4.19.152-1 new file mode 100644 index 00000000..49351deb --- /dev/null +++ b/dsa-texts/4.19.152-1 @@ -0,0 +1,45 @@ +Package: linux +CVE ID: CVE-2020-12351 CVE-2020-12352 CVE-2020-25211 CVE-2020-25643 CVE-2020-25645 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2020-12351 + + Andy Nguyen discovered a flaw in the Bluetooth implementation in the + way L2CAP packets with A2MP CID are handled. A remote attacker in + short distance knowing the victim's bd address can send a malicious + l2cap packet and cause denial of service or possibly arbitrary code + execution with kernel privileges. + +CVE-2020-12352 + + Andy Nguyen discovered flaw in the Bluetooth implementation. Stack + memory is not properly initialised when handling certain AMP + packets. A remote attacker in short distance knowing the victim's bd + address can retrieve kernel stack information. + +CVE-2020-25211 + + A flaw was discovered in netfilter subsystem. A local attacker able + to inject conntrack netlink configuration can take advantage of this + flaw to cause a denial of service or trigger use of of incorrect + protocol numbers. + +CVE-2020-25643 + + ChenNan Of Chaitin Security Research Lab discovered a flaw in the + hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr + function leads to memory corruption and read overflow. + +CVE-2020-25645 + + A flaw was discovered in the interface driver for GENEVE + encapsulated traffic when combined with IPsec. When IPsec is + configured to encrypt traffic for the specific UDP port used by the + GENEVE tunnel, tunneled data isn't correctly routed over the + encrypted link and sent unencrypted instead. + +The vulnerabilities are fixed by rebasing to the new +stable upstream version 4.19.152 which includes additional bugfixes. |