summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-09-24 22:53:39 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2021-09-24 22:53:39 +0200
commitac63119294bf135c81a7921debcd551f5ab0664f (patch)
tree6be5fdfe71681d21ccb3b4554604200e5112f46e
parent39143c636eafaa20018dad81bcb2068ebe6ebef1 (diff)
Merge wording improvements for 5.10.46-5 DSA
Thanks: Moritz Muehlenhoff
-rw-r--r--dsa-texts/5.10.46-532
1 files changed, 15 insertions, 17 deletions
diff --git a/dsa-texts/5.10.46-5 b/dsa-texts/5.10.46-5
index 6da87808..ad450440 100644
--- a/dsa-texts/5.10.46-5
+++ b/dsa-texts/5.10.46-5
@@ -12,19 +12,19 @@ leaks.
CVE-2020-3702
A flaw was found in the driver for Atheros IEEE 802.11n family of
- chipsets (ath9k) allowing to cause information disclosure.
+ chipsets (ath9k) allowing information disclosure.
CVE-2020-16119
- Hadar Manor reported a use-after-free flaw in the DCCP protocol
+ Hadar Manor reported a use-after-free in the DCCP protocol
implementation in the Linux kernel. A local attacker can take
advantage of this flaw to cause a denial of service or potentially
to execute arbitrary code.
CVE-2021-3653
- Maxim Levitsky discovered a flaw in the KVM hypervisor
- implementation for AMD processors in the Linux kernel. Missing
+ Maxim Levitsky discovered a vulnerability in the KVM hypervisor
+ implementation for AMD processors in the Linux kernel: Missing
validation of the `int_ctl` VMCB field could allow a malicious L1
guest to enable AVIC support (Advanced Virtual Interrupt Controller)
for the L2 guest. The L2 guest can take advantage of this flaw to
@@ -38,14 +38,14 @@ CVE-2021-3656
Missing validation of the the `virt_ext` VMCB field could allow a
malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS
(Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances,
- the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus
- read/write portions of the host physical memory.
+ the L2 guest is able to run VMLOAD/VMSAVE unintercepted and thus
+ read/write portions of the host's physical memory.
CVE-2021-3679
A flaw in the Linux kernel tracing module functionality could allow
- privileged local user (with CAP_SYS_ADMIN capability) to cause a
- denial of service (resources starvation).
+ a privileged local user (with CAP_SYS_ADMIN capability) to cause a
+ denial of service (resource starvation).
CVE-2021-3732
@@ -61,19 +61,19 @@ CVE-2021-3739
CVE-2021-3743
- An out-of-bounds memory read flaw was discovered in the Qualcomm IPC
+ An out-of-bounds memory read was discovered in the Qualcomm IPC
router protocol implementation, allowing to cause a denial of
service or information leak.
CVE-2021-3753
- Minh Yuan reported a race condition flaw in the vt_k_ioctl in
+ Minh Yuan reported a race condition in the vt_k_ioctl in
drivers/tty/vt/vt_ioctl.c, which may cause an out of bounds
read in vt.
CVE-2021-37576
- Alexey Kardashevskiy reported a buffer overflow flaw in the KVM
+ Alexey Kardashevskiy reported a buffer overflow in the KVM
subsystem on the powerpc platform, which allows KVM guest OS users
to cause memory corruption on the host.
@@ -92,21 +92,19 @@ CVE-2021-38166
CVE-2021-38199
Michael Wakabayashi reported a flaw in the NFSv4 client
- implementation, where incorrect connection-setup ordering allows
- operations of a remote NFSv4 server to cause a denial of service
- (hanging of mounts).
+ implementation, where incorrect connection setup ordering allows
+ operations of a remote NFSv4 server to cause a denial of service.
CVE-2021-40490
A race condition was discovered in the ext4 subsystem when writing
- to an inline_data file while its xattrs are changing, which could
+ to an inline_data file while its xattrs are changing. This could
result in denial of service.
CVE-2021-41073
Valentina Palmiotti discovered a flaw in io_uring allowing a local
- attacker to escalate privileges by using IORING_OP_PROVIDE_BUFFERS
- to trigger a free of a kernel buffer.
+ attacker to escalate privileges.
For the stable distribution (bullseye), these problems have been fixed in
version 5.10.46-5.

© 2014-2024 Faster IT GmbH | imprint | privacy policy