diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-17 17:18:40 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2023-08-17 17:18:40 +0200 |
commit | f84dcedb4154945ec178bde4ad173ebffb429a2c (patch) | |
tree | 48555113b7736b4636458f9dafcd3a2e15380ecf /dsa-texts | |
parent | 3d29056d280097b851fb0dbc798c7a633308fcaf (diff) |
further advisory updates
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/5.10.191-1 | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/dsa-texts/5.10.191-1 b/dsa-texts/5.10.191-1 index c955a3d7..a0fe5475 100644 --- a/dsa-texts/5.10.191-1 +++ b/dsa-texts/5.10.191-1 @@ -110,23 +110,33 @@ CVE-2023-4132 CVE-2023-4147 - Description + Kevin Rich discovered a use-after-free in Netfilter when adding + a rule with NFTA_RULE_CHAIN_ID, which may result in local privilege + escalation for a user with the CAP_NET_ADMIN capability in any user + or network namespace. CVE-2023-4194 - Description + A type confusion in the implementation of TUN/TAP network devices may + allow a local user to bypass network filters. CVE-2023-4273 - Description + Maxim Suhanov discovered a stack overflow in the exFAT driver, which may + result in local denial of service via a malformed file system. CVE-2023-20588 - Description + Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and Oleksii Oleksenko + discovered that on some AMD CPUs with the Zen1 micro architecture an integer + division by zero may leave stale quotient data from a previous division, resulting + in a potential leak of sensitive data. CVE-2023-21255 - Description + A use-after-free was discovered in the in the Android binder driver, which + may result in local privilege escalation on systems where the binder driver + is loaded. CVE-2023-21400 |