From 0f152d4f081aeee1e81f1ae9dfee2da59e95f70b Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 9 Jun 2020 00:40:28 +0100 Subject: dsa-texts: Fill in the remaining issue descriptions --- dsa-texts/4.9.210-1+deb9u1 | 50 +++++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 16 deletions(-) (limited to 'dsa-texts/4.9.210-1+deb9u1') diff --git a/dsa-texts/4.9.210-1+deb9u1 b/dsa-texts/4.9.210-1+deb9u1 index 9d54a61a..802a8b50 100644 --- a/dsa-texts/4.9.210-1+deb9u1 +++ b/dsa-texts/4.9.210-1+deb9u1 @@ -159,7 +159,10 @@ CVE-2020-10942 CVE-2020-11494 - Description + It was discovered that the slcan (serial line CAN) network driver + did not fully initialise CAN headers for received packets, + resulting in an information leak from the kernel to user-space or + over the CAN network. CVE-2020-11565 @@ -169,37 +172,52 @@ CVE-2020-11565 namespaces are enabled, a local user could use this to cause a denial of service (crash) or possibly for privilege escalation. -CVE-2020-11608 +CVE-2020-11608, CVE-2020-11609, CVE-2020-11668 - Description - -CVE-2020-11609 - - Description - -CVE-2020-11668 - - Description + It was discovered that the ov519, stv06xx, and xirlink_cit media + drivers did not properly validate USB device descriptors. A + physically present user with a specially constructed USB device + could use this to cause a denial-of-service (crash) or possibly + for privilege escalation. CVE-2020-12114 - Description + Piotr Krysiuk discovered a race condition between the umount and + pivot_root operations in the filesystem core (vfs). A local user + with the CAP_SYS_ADMIN capability in any user namespace could use + this to cause a denial of service (crash). CVE-2020-12464 - Description + Kyungtae Kim reported a race condition in the USB core that can + result in a use-after-free. It is not clear how this can be + exploited, but it could result in a denial of service (crash or + memory corruption) or privilege escalation. CVE-2020-12652 - Description + Tom Hatskevich reported a bug in the mptfusion storage drivers. + An ioctl handler fetched a parameter from user memory twice, + creating a race condition which could result in incorrect locking + of internal data structures. A local user permitted to access + /dev/mptctl could use this to cause a denial of service (crash or + memory corruption) or for privilege escalation. CVE-2020-12653 - Description + It was discovered that the mwifiex WiFi driver did not + sufficiently validate scan requests, resulting a potential heap + buffer overflow. A local user with CAP_NET_ADMIN capability could + use this to cause a denial of service (crash or memory corruption) + or possibly for privilege escalation. CVE-2020-12654 - Description + It was discovered that the mwifiex WiFi driver did not + sufficiently validate WMM parameters received from an access point + (AP), resulting a potential heap buffer overflow. A malicious AP + could use this to cause a denial of service (crash or memory + corruption) or possibly to execute code on a vulnerable system. CVE-2020-12770 -- cgit v1.2.3