diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2020-06-07 23:42:08 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2020-06-08 00:12:44 +0100 |
| commit | 4cc0ec706f55b39998cfc376dc4162bc74738921 (patch) | |
| tree | ad174b7e8489e73b2590a7183adcb60d98dc292e /dsa-texts/4.9.210-1+deb9u1 | |
| parent | 4879976bc0757f0d3910a28f31e96baef9641ce1 (diff) | |
dsa-texts: Fill in more issue descriptions
Diffstat (limited to 'dsa-texts/4.9.210-1+deb9u1')
| -rw-r--r-- | dsa-texts/4.9.210-1+deb9u1 | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index 3bb1e48f..496144ea 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -43,7 +43,7 @@ CVE-2019-19319 CVE-2019-19462 - The syzkaller tool found a missing error check in the 'relay' + The syzbot tool found a missing error check in the 'relay' library used to implement various files under debugfs. A local user permitted to access debugfs could use this to cause a denial of service (crash) or possibly for privilege escalation. @@ -92,23 +92,34 @@ CVE-2020-2732 CVE-2020-8428 - Description + Al Viro discovered a potential use-after-free in the filesystem + core (vfs). A local user could exploit this to cause a denial of + service (crash) or possibly to obtain sensitive information from + the kernel. -CVE-2020-8647 +CVE-2020-8647, CVE-2020-8649 - Description + The Hulk Robot tool found a potential MMIO out-of-bounds access in + the vgacon driver. A local user permitted to access a virtual + terminal (/dev/tty1 etc.) on a system using the vgacon driver + could use this to cause a denial of service (crash or memory + corruption) or possibly for privilege escalation. CVE-2020-8648 - Description - -CVE-2020-8649 - - Description + The syzbot tool found a race condition in the the virtual terminal + driver, which could result in a use-after-free. A local user + permitted to access a virtual terminal could use this to cause a + denial of service (crash or memory corruption) or possibly for + privilege escalation. CVE-2020-9383 - Description + Jordy Zomer reported an incorrect range check in the floppy driver + which could lead to a static out-of-bounds access. A local user + permitted to access a floppy drive could use this to cause a + denial of service (crash or memory corruption) or possibly for + privilege escalation. CVE-2020-10711 @@ -180,11 +191,18 @@ CVE-2020-12654 CVE-2020-12770 - Description + It was discovered that the sg (SCSI generic) driver did not + correctly release internal resources in a particular error case. + A local user permitted to access an sg device could possibly use + this to cause a denial of service (resource exhaustion). CVE-2020-13143 - Description + Kyungtae Kim reported a potential heap out-of-bounds write in + the USB gadget subsystem. A local user permitted to write to + the gadget configuration filesystem could use this to cause a + denial of service (crash or memory corruption) or potentially + for privilege escalation. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.210-1+deb9u1. |