diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2020-04-28 02:46:29 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2020-04-28 02:49:48 +0100 |
| commit | 40d71206500258f4b6c5a5603df509052a05bbcb (patch) | |
| tree | 7ad8b3a098987ccd2f3fccb52e0d5ef376dde84c /dsa-texts/4.19.98-1+deb10u1 | |
| parent | 53eb44ab76fc9f242afa72b2c744901640eed4b9 (diff) | |
Rewrite dsa-texts/4.19.98-1+deb10u1 for consistency and clarity
For each issue, explain what interface would be used to exploit it
(not the internal function names!), who can access the interface, and
what kind of security impact it has. Also use multiple sentences.
Diffstat (limited to 'dsa-texts/4.19.98-1+deb10u1')
| -rw-r--r-- | dsa-texts/4.19.98-1+deb10u1 | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/dsa-texts/4.19.98-1+deb10u1 b/dsa-texts/4.19.98-1+deb10u1 index 805679fd..62170957 100644 --- a/dsa-texts/4.19.98-1+deb10u1 +++ b/dsa-texts/4.19.98-1+deb10u1 @@ -18,38 +18,40 @@ leak. CVE-2020-2732 - Paulo Bonzini discovered that KVM implementation for Intel - processors did not properly handle instruction emulation for the L2 - guest when nested virtualization is enabled, allowing the L2 - guest to trick the L0 hypervisor to access sensitive bits of the L1 - hypervisor. + Paulo Bonzini discovered that the KVM implementation for Intel + processors did not properly handle instruction emulation for L2 + guests when nested virtualization is enabled. This could allow + an L2 guest to cause privilege escalation, denial of service, + or information leaks in the L1 guest. CVE-2020-8428 - Al Viro discovered a use-after-free vulnerability in the VFS layer - in the may_create_in_sticky() function, allowing a local attacker to - cause a denial of service or obtain sensitive information from - kernel memory. + Al Viro discovered a use-after-free vulnerability in the VFS + layer. This allowed local users to cause a denial-of-service + (crash) or obtain sensitive information from kernel memory. CVE-2020-10942 - It was discovered that the get_raw_socket() function in - drivers/vhost/net.c did not validate an sk_family field, allowing - an attacker to trigger a stack corruption via crafted system calls. + It was discovered that the vhost_net driver did not properly + validate the type of sockets set as back-ends. A local user + permitted to access /dev/vhost-net could use this to cause a stack + corruption via crafted system calls, resulting in denial of + service (crash) or possibly privilege escalation. CVE-2020-11565 - Entropy Moe reported a stack-based out-of-bounds write vulnerability - in mpol_parse_str() in mm/mempolicy.c because an empty nodelist is - mishandled during mount option parsing. + Entropy Moe reported that the shared memory filesystem (tmpfs) did + not correctly handle an "mpol" mount option specifying an empty + node list, leading to a stack-based out-of-bounds write. If user + namespaces are enabled, a local user could use this to cause a + denial of service (crash) or possibly for privilege escalation. CVE-2020-11884 - Al Viro reported a flaw in the architecture code for s390x, where a - page table upgrade in a kernel section that uses secondary address - mode will mess up the kernel instructions, potentially allowing a - unprivileged user to crash the kernel or potentially to execute user - provided code in the kernel context. + Al Viro reported a race condition in memory management code for + IBM Z (s390x architecture), that can result in the kernel + executing code from the user address space. A local user could + use this for privilege escalation. For the stable distribution (buster), these problems have been fixed in version 4.19.98-1+deb10u1. |