From 472d8bc739cf431efa49dd087a3a599df1e87392 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 31 Jan 2021 14:48:47 +0100 Subject: Add draft text for 4.19.171-2 based DSA --- dsa-texts/4.19.171-2 | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 dsa-texts/4.19.171-2 (limited to 'dsa-texts/4.19.171-2') diff --git a/dsa-texts/4.19.171-2 b/dsa-texts/4.19.171-2 new file mode 100644 index 00000000..0c058f56 --- /dev/null +++ b/dsa-texts/4.19.171-2 @@ -0,0 +1,82 @@ +Package: linux +CVE ID: CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2020-27815 + + A flaw was reported in the JFS filesystem code allowing a local + attacker with the ability to set extended attributes to cause a + denial of service. + +CVE-2020-27825 + + Adam 'pi3' Zabrocki reported a use-after-free flaw the ftrace ring + buffer resizing logic due to a race condition, which could result in + denial of service or information leak. + +CVE-2020-27830 + + Shisong Qin reported a NULL pointer dereference flaw in the Speakup + screen reader core driver. + +CVE-2020-28374 + + David Disseldorp discovered that the LIO SCSI target implementation + performed insufficient checking in certain XCOPY requests. An + attacker with access to a LUN and knowledge of Unit Serial Number + assignments can take advantage of this flaw to read and write to any + LIO backstore, regardless of the SCSI transport settings. + +CVE-2020-29568 (XSA-349) + + Michael Kurth and Pawel Wieczorkiewicz reported that frontends can + trigger OOM in backends by updating a watched path. + +CVE-2020-29569 (XSA-350) + + Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free + flaw which can be triggered block frontend in Linux blkback. A + misbehaving guest can trigger a dom0 crash by continuously + connecting / disconnecting a block frontend. + +CVE-2020-29660 + + Jann Horn reported a locking inconsistency issue in the tty + subsystem which may allow a local attacker to mount a + read-after-free attack against TIOCGSID. + +CVE-2020-29661 + + Jann Horn reported a locking issue in the tty subsystem which + can result in a use-after-free. A local attacker can take + advantage of this flaw for memory corruption or privilege + escalation. + +CVE-2020-36158 + + A buffer overflow flaw was discovered in the mwifiex WiFi driver + which could result in denial of service or the execution of + arbitrary code via a long SSID value. + +CVE-2021-3347 + + It was discovered that PI futexes have a kernel stack use-after-free + during fault handling. An unprivileged user could use this flaw to + crash the kernel (resulting in denial of service) or for privilege + escalation. + +CVE-2021-20177 + + A flaw was discovered in the Linux implementation of string matching + within a packet. A privileged user (with root or CAP_NET_ADMIN) can + take advantage of this flaw to cause a kernel panic when inserting + iptables rules. + +Do not list CVE-2021-3178 for DSA but add directly to data/CVE/list (as +unimportant severity and disputed, but just track the fix). + +CVE-2021-3178 + [buster] - linux 4.19.171-1 -- cgit v1.2.3