From 1df8ded88db7339a185ba72e434e0e778e4a38ce Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sat, 10 Aug 2019 19:22:47 +0100
Subject: dsa-texts/4.19.37-5+deb10u2: Complete descriptions and introduction

---
 dsa-texts/4.19.37-5+deb10u2 | 59 +++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 18 deletions(-)

(limited to 'dsa-texts/4.19.37-5+deb10u2')

diff --git a/dsa-texts/4.19.37-5+deb10u2 b/dsa-texts/4.19.37-5+deb10u2
index 46ff9f40..0d933e14 100644
--- a/dsa-texts/4.19.37-5+deb10u2
+++ b/dsa-texts/4.19.37-5+deb10u2
@@ -13,11 +13,16 @@ CVE ID         : CVE-2018-20836 CVE-2019-1125 CVE-2019-1999 CVE-2019-10207
                  CVE-2019-10638 CVE-2019-12817 CVE-2019-12984 CVE-2019-13233 
                  CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284
 
-Brief introduction
+Several vulnerabilities have been discovered in the Linux kernel that
+may lead to a privilege escalation, denial of service or information
+leaks.
 
 CVE-2018-20836
 
-    Description
+    chenxiang reported a race condition in libsas, the kernel
+    subsystem supporting Serial Attached SCSI (SAS) devices, which
+    could lead to a use-after-free.  It is not clear how this might be
+    exploited.
 
 CVE-2019-1125
 
@@ -26,8 +31,9 @@ CVE-2019-1125
     kernel from user mode, and/or could speculatively execute it when
     it should be skipped.  This is a subtype of Spectre variant 1,
     which could allow local users to obtain sensitive information from
-    the kernel or other processes.  Systems using an i386 kernel are
-    not affected as the kernel does not use SWAPGS.
+    the kernel or other processes.  It has been mitigated by using
+    memory barriers to limit speculative execution.  Systems using an
+    i386 kernel are not affected as the kernel does not use SWAPGS.
 
 CVE-2019-1999
 
@@ -41,7 +47,7 @@ CVE-2019-10207
     The syzkaller tool found a potential null dereference in various
     drivers for UART-attached Bluetooth adapters.  A local user with
     access to a pty device or other suitable tty device could use this
-    for denial-of-service (oops/BUG).
+    for denial-of-service (BUG/oops).
 
 CVE-2019-10638
 
@@ -53,37 +59,54 @@ CVE-2019-10638
 
 CVE-2019-12817
 
-    It was discovered that on the PowerPC architecture, the hash page
-    table (HPT) code did not correctly handle fork() in a process with
-    memory mapped at addresses above 512 TiB.  This could lead to a
-    use-after-free in the kernel, or unintended sharing of memory
-    between user processes.  A local user could use this for privilege
-    escalation.  Systems using the radix MMU, or a custom kernel with
-    a 4 KiB page size, are not affected.
+    It was discovered that on the PowerPC (ppc64el) architecture, the
+    hash page table (HPT) code did not correctly handle fork() in a
+    process with memory mapped at addresses above 512 TiB.  This could
+    lead to a use-after-free in the kernel, or unintended sharing of
+    memory between user processes.  A local user could use this for
+    privilege escalation.  Systems using the radix MMU, or a custom
+    kernel with a 4 KiB page size, are not affected.
 
 CVE-2019-12984
 
-    Description
+    It was discovered that the NFC protocol implementation did not
+    properly validate a netlink control message, potentially leading
+    to a null pointer dereference.  A local user on a system with an
+    NFC interface could use this for denial-of-service (BUG/oops).
 
 CVE-2019-13233
 
-    Description
+    Jann Horn discovered a race condition on the x86 architecture,
+    in use of the LDT.  This could lead to a use-after-free.  A
+    local user could possibly use this for denial-of-service.
 
 CVE-2019-13631
 
-    Description
+    It was discovered that the gtco driver for USB input tablets could
+    overrun a stack buffer with constant data while parsing the device's
+    descriptor.  A physically present user with a specially
+    constructed USB device could use this to cause a denial-of-service
+    (BUG/oops), or possibly for privilege escalation.
 
 CVE-2019-13648
 
-    Description
+    Praveen Pandey reported that on PowerPC (ppc64el) systems without
+    Transactional Memory (TM), the kernel would still attempt to
+    restore TM state passed to the sigreturn() system call.  A local
+    user could use this for denial-of-service (oops).
 
 CVE-2019-14283
 
-    Description
+    The syzkaller tool found a missing bounds check in the floppy disk
+    driver.  A local user with access to a floppy disk device, with a
+    disk present, could use this to read kernel memory beyond the
+    I/O buffer, possibly obtaining sensitive information.
 
 CVE-2019-14284
 
-    Description
+    The syzkaller tool found a potential division-by-zero in the
+    floppy disk driver.  A local user with access to a floppy disk
+    device could use this for denial-of-service (oops).
 
 For the stable distribution (buster), these problems have been fixed in
 version 4.19.37-5+deb10u2.
-- 
cgit v1.2.3