From a986aaf6a9a07409f3d6c7e68c3830db0c116628 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 24 Sep 2021 19:17:32 +0200
Subject: Add first set of CVE descriptions

---
 dsa-texts/5.10.46-5 | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/dsa-texts/5.10.46-5 b/dsa-texts/5.10.46-5
index 1aaed86d..1b0494c2 100644
--- a/dsa-texts/5.10.46-5
+++ b/dsa-texts/5.10.46-5
@@ -55,19 +55,29 @@ CVE-2021-38160
 
 CVE-2021-38166
 
-    Description
+    An integer overflow flaw in the BPF subsystem could allow a local
+    attacker able to cause a denial of service or potentially the
+    execution of arbitrary code. This flaw is mitigated by default in
+    Debian as unprivileged calls to bpf() are disabled.
 
 CVE-2021-38199
 
-    Description
+    Michael Wakabayashi reported a flaw in the NFSv4 client
+    subsystem where incorrect connection-setup ordering allows
+    operations of a remote NFSv4 server to cause a denial of service
+    (hanging of mounts).
 
 CVE-2021-40490
 
-    Description
+    A race condition was discovered in the ext4 subsystem when writing
+    to an inline_data file while its xattrs are changing, which could
+    result in denial of service.
 
 CVE-2021-41073
 
-    Description
+    Valentina Palmiotti discovered a flaw in io_uring allowing a local
+    attacker to escalate privileges by using IORING_OP_PROVIDE_BUFFERS
+    to trigger a free of a kernel buffer.
 
 For the stable distribution (bullseye), these problems have been fixed in
 version 5.10.46-5.
-- 
cgit v1.2.3