diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-24 21:20:38 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-09-24 21:20:38 +0200 |
| commit | 1cbe28ede1180e215da135f4bec9949da0a615a4 (patch) | |
| tree | da6413b95093141c0b9eacd0238c606183ae9f68 | |
| parent | 7a072abc40c68958db222b03f0606e4c50bf64ad (diff) | |
Add more CVE descriptions for fixed in 5.10.46-5
| -rw-r--r-- | dsa-texts/5.10.46-5 | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/dsa-texts/5.10.46-5 b/dsa-texts/5.10.46-5 index a345e015..458b1313 100644 --- a/dsa-texts/5.10.46-5 +++ b/dsa-texts/5.10.46-5 @@ -11,31 +11,53 @@ leaks. CVE-2020-3702 - Description + A flaw was found in the the drivers for Atheros IEEE 802.11n family + of chipsets (ath9k) allowing to cause information disclosure. CVE-2020-16119 - Description + Hadar Manor reported a use-after-free flaw in the DCCP protocol + implementation in the Linux kernel. A local attacker can take + advantage of this flaw to cause a denial of service or potentially + to execute arbitrary code. CVE-2021-3653 - Description + Maxim Levitsky discovered a flaw in the KVM hypervisor + implementation for AMD processors in the Linux kernel. Missing + alidation of the `int_ctl` VMCB field could allow a malicious L1 + guest to enable AVIC support (Advanced Virtual Interrupt Controller) + for the L2 guest. The L2 guest can take advantage of this flaw to + write to a limited but still relatively large subset of the host + physical memory. CVE-2021-3656 - Description + Maxim Levitsky and Paolo Bonzini discovered a flaw in the KVM + hypervisor implementation for AMD processors in the Linux kernel. + Missing validation of the the `virt_ext` VMCB field could allow a + malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS + (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, + the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus + read/write portions of the host physical memory. CVE-2021-3679 - Description + A flaw in the Linux kernel tracing module functionality could allow + privileged local user (with CAP_SYS_ADMIN capability) to cause a + denial of service (resources starvation). CVE-2021-3732 - Description + Alois Wohlschlager reported a flaw in the implementation of the + overlayfs subsystem, allowing a local attacker with privileges to + mount a filesystem to reveal files hidden in the original mount. CVE-2021-3739 - Description + A NULL pointer dereference flaw was found in the btrfs filesystem, + allowing a local attacker with CAP_SYS_ADMIN capabilities to cause a + denial of service. CVE-2021-3743 |