diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-09 17:21:11 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-09-09 17:21:11 +0200 |
commit | f37b351f6c65f877a65d14bdf5e7b5654bfffd30 (patch) | |
tree | d72504ec72a1761d93faa1532da57d43da2597c6 /dsa-texts | |
parent | a4031b11a2d82807aebc28d1f98212f84e695eb9 (diff) |
Fill in some description for CVEs
Note, I need to group the ones for network classifiers, both because
there is a duplicate CVE which covers 3 of Google CNA assigned CVEs,
whereas RedHat CNA used only one, plus grouping them with CVE-2023-3776
as well. Will be done in the following commit.
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/6.1.52-1 | 48 |
1 files changed, 36 insertions, 12 deletions
diff --git a/dsa-texts/6.1.52-1 b/dsa-texts/6.1.52-1 index 5baf4108..be3d8e4a 100644 --- a/dsa-texts/6.1.52-1 +++ b/dsa-texts/6.1.52-1 @@ -13,7 +13,10 @@ leaks. CVE-2023-1206 - Description + It was discovered that the networking stack permits attackers to + force hash collisions in the IPv6 connection lookup table, which may + result in denial of service (significant increase in the cost of + lookups, increased CPU utilization). CVE-2023-1989 @@ -25,11 +28,15 @@ CVE-2023-2430 CVE-2023-2898 - Description + It was discovered that missing sanitising in the f2fs file + system may result in denial of service if a malformed file + system is accessed. CVE-2023-3611 - Description + The TOTE Robot tool found a flaw in the Btrfs filesystem driver that + can lead to a use-after-free. It's unclear whether an unprivileged + user can exploit this. CVE-2023-3772 @@ -49,11 +56,16 @@ CVE-2023-3777 CVE-2023-3863 - Description + It was discovered that a use-after-free in the NFC implementation + may result in denial of service, an information leak or potential + local privilege escalation. CVE-2023-4004 - Description + It was discovered that a use-after-free in Netfilter's + implementation of PIPAPO (PIle PAcket POlicies) may result in denial + of service or potential local privilege escalation for a user with + the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4015 @@ -65,11 +77,15 @@ CVE-2023-4128 CVE-2023-4132 - Description + A use-after-free in the driver for Siano SMS1xxx based MDTV + receivers may result in local denial of service. CVE-2023-4147 - Description + Kevin Rich discovered a use-after-free in Netfilter when adding a + rule with NFTA_RULE_CHAIN_ID, which may result in local privilege + escalation for a user with the CAP_NET_ADMIN capability in any user + or network namespace. CVE-2023-4155 @@ -77,7 +93,8 @@ CVE-2023-4155 CVE-2023-4194 - Description + A type confusion in the implementation of TUN/TAP network devices + may allow a local user to bypass network filters. CVE-2023-4206 @@ -93,7 +110,8 @@ CVE-2023-4208 CVE-2023-4273 - Description + Maxim Suhanov discovered a stack overflow in the exFAT driver, which + may result in local denial of service via a malformed file system. CVE-2023-4569 @@ -105,12 +123,18 @@ CVE-2023-4622 CVE-2023-20588 - Description + Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and + Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1 + micro architecture an integer division by zero may leave stale + quotient data from a previous division, resulting in a potential + leak of sensitive data. CVE-2023-34319 - Description + Ross Lagerwall discovered a buffer overrun in Xen's netback driver + which may allow a Xen guest to cause denial of service to the + virtualisation host my sending malformed packets. CVE-2023-40283 - Description + A use-after-free was discovered in Bluetooth L2CAP socket handling. |