diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-08-10 18:21:50 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-08-10 18:21:50 +0100 |
commit | ffd31becaf900f59f34aec384980e5588f9456d2 (patch) | |
tree | 6c54415bc0d3d378ca53782bd7ff08df606ada4c /dsa-texts | |
parent | 10df85b8413db42a889cc93e04a572c1527344bf (diff) |
dsa-texts/4.19.37-5+deb10u2: Add descriptions for several issues
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/4.19.37-5+deb10u2 | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/dsa-texts/4.19.37-5+deb10u2 b/dsa-texts/4.19.37-5+deb10u2 index ba76d32c2..46ff9f400 100644 --- a/dsa-texts/4.19.37-5+deb10u2 +++ b/dsa-texts/4.19.37-5+deb10u2 @@ -21,23 +21,45 @@ CVE-2018-20836 CVE-2019-1125 - Description + It was discovered that most x86 processors could speculatively + skip a conditional SWAPGS instruction used when entering the + kernel from user mode, and/or could speculatively execute it when + it should be skipped. This is a subtype of Spectre variant 1, + which could allow local users to obtain sensitive information from + the kernel or other processes. Systems using an i386 kernel are + not affected as the kernel does not use SWAPGS. CVE-2019-1999 - Description + A race condition was discovered in the Android binder driver, + which could lead to a use-after-free. If this driver is loaded, a + local user might be able to use this for denial-of-service + (memory corruption) or for privilege escalation. CVE-2019-10207 - Description + The syzkaller tool found a potential null dereference in various + drivers for UART-attached Bluetooth adapters. A local user with + access to a pty device or other suitable tty device could use this + for denial-of-service (oops/BUG). CVE-2019-10638 - Description + Amit Klein and Benny Pinkas discovered that the generation of IP + packet IDs used a weak hash function, "jhash". This could enable + tracking individual computers as they communicate with different + remote servers and from different networks. The "siphash" + function is now used instead. CVE-2019-12817 - Description + It was discovered that on the PowerPC architecture, the hash page + table (HPT) code did not correctly handle fork() in a process with + memory mapped at addresses above 512 TiB. This could lead to a + use-after-free in the kernel, or unintended sharing of memory + between user processes. A local user could use this for privilege + escalation. Systems using the radix MMU, or a custom kernel with + a 4 KiB page size, are not affected. CVE-2019-12984 |