From a4ee1253898e00e9a4ca58d46b6293286eb1c757 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 4 Nov 2021 13:04:11 +0100
Subject: Expand notes on CVE-2021-3736

---
 active/CVE-2021-3736 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'active/CVE-2021-3736')

diff --git a/active/CVE-2021-3736 b/active/CVE-2021-3736
index 8874cacd..cf7b5817 100644
--- a/active/CVE-2021-3736
+++ b/active/CVE-2021-3736
@@ -3,7 +3,11 @@ References:
  https://bugzilla.redhat.com/show_bug.cgi?id=1995570
 Notes:
  carnil> As of 2021-11-04 no further information yet provided in
- carnil> RHBZ#1995570.
+ carnil> RHBZ#1995570. The description reads as "A memory leak problem
+ carnil> was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in
+ carnil> Virtual Function I/O (VFIO) Mediated devices. This flaw could
+ carnil> allow a local attacker to leak internal kernel information."
+ carnil> and so relates to changes in samples/vfio-mdev/mbochs.c .
 Bugs:
 upstream:
 5.10-upstream-stable:
-- 
cgit v1.2.3