diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2020-06-09 00:40:28 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-09 00:40:28 +0100 |
commit | 0f152d4f081aeee1e81f1ae9dfee2da59e95f70b (patch) | |
tree | 42fb8987cff89d81963ba0bf8014a14f7021cafa /dsa-texts/4.9.210-1+deb9u1 | |
parent | 718bc634707f669dfa6c61b4373a4a25b1a5e447 (diff) |
dsa-texts: Fill in the remaining issue descriptions
Diffstat (limited to 'dsa-texts/4.9.210-1+deb9u1')
-rw-r--r-- | dsa-texts/4.9.210-1+deb9u1 | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index 9d54a61a..802a8b50 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -159,7 +159,10 @@ CVE-2020-10942 CVE-2020-11494 - Description + It was discovered that the slcan (serial line CAN) network driver + did not fully initialise CAN headers for received packets, + resulting in an information leak from the kernel to user-space or + over the CAN network. CVE-2020-11565 @@ -169,37 +172,52 @@ CVE-2020-11565 namespaces are enabled, a local user could use this to cause a denial of service (crash) or possibly for privilege escalation. -CVE-2020-11608 +CVE-2020-11608, CVE-2020-11609, CVE-2020-11668 - Description - -CVE-2020-11609 - - Description - -CVE-2020-11668 - - Description + It was discovered that the ov519, stv06xx, and xirlink_cit media + drivers did not properly validate USB device descriptors. A + physically present user with a specially constructed USB device + could use this to cause a denial-of-service (crash) or possibly + for privilege escalation. CVE-2020-12114 - Description + Piotr Krysiuk discovered a race condition between the umount and + pivot_root operations in the filesystem core (vfs). A local user + with the CAP_SYS_ADMIN capability in any user namespace could use + this to cause a denial of service (crash). CVE-2020-12464 - Description + Kyungtae Kim reported a race condition in the USB core that can + result in a use-after-free. It is not clear how this can be + exploited, but it could result in a denial of service (crash or + memory corruption) or privilege escalation. CVE-2020-12652 - Description + Tom Hatskevich reported a bug in the mptfusion storage drivers. + An ioctl handler fetched a parameter from user memory twice, + creating a race condition which could result in incorrect locking + of internal data structures. A local user permitted to access + /dev/mptctl could use this to cause a denial of service (crash or + memory corruption) or for privilege escalation. CVE-2020-12653 - Description + It was discovered that the mwifiex WiFi driver did not + sufficiently validate scan requests, resulting a potential heap + buffer overflow. A local user with CAP_NET_ADMIN capability could + use this to cause a denial of service (crash or memory corruption) + or possibly for privilege escalation. CVE-2020-12654 - Description + It was discovered that the mwifiex WiFi driver did not + sufficiently validate WMM parameters received from an access point + (AP), resulting a potential heap buffer overflow. A malicious AP + could use this to cause a denial of service (crash or memory + corruption) or possibly to execute code on a vulnerable system. CVE-2020-12770 |