diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 19:15:21 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 19:18:01 +0100 |
commit | 31bba68a747e739788cd6bf824800ae67dd01cef (patch) | |
tree | 71227854e7ec711b9ff789515d61d5de7e23a4cb /dsa-texts/4.19.232-1 | |
parent | 69cbae8101899510b37acd41a9ad6f007af1078a (diff) |
Fill in remaining issue descriptions
Diffstat (limited to 'dsa-texts/4.19.232-1')
-rw-r--r-- | dsa-texts/4.19.232-1 | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1 index f19c1dfbd..51a031d8f 100644 --- a/dsa-texts/4.19.232-1 +++ b/dsa-texts/4.19.232-1 @@ -252,7 +252,11 @@ CVE-2021-43976 CVE-2021-44733 - Description + A race condition was discovered in the Trusted Execution + Environment (TEE) subsystem for Arm processors, which could lead + to a use-after-free. A local user permitted to access a TEE + device could exploit this for denial of service (memory corruption + or crash) or possibly for privilege escalation. CVE-2021-45095 @@ -271,13 +275,27 @@ CVE-2021-45480 A memory leak flaw was discovered in the __rds_conn_create() function in the RDS (Reliable Datagram Sockets) protocol subsystem. -CVE-2022-0001 +CVE-2022-0001 (INTEL-SA-00598) + + Researchers at VUSec discovered that the Branch History Buffer in + Intel processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. + + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. - Description +CVE-2022-0002 (INTEL-SA-00598) -CVE-2022-0002 + This is a similar issue to CVE-2022-0001, but covers exploitation + within a security context, such as from JIT-compiled code in a + sandbox to hosting code in the same process. - Description + This can be partly mitigated by disabling eBPF for unprivileged + users with the sysctl: kernel.unprivileged_bpf_disabled=2. This + update does that by default. CVE-2022-0322 @@ -318,7 +336,10 @@ CVE-2022-0617 CVE-2022-0644 - Description + Hao Sun reported a missing check for file read permission in the + finit_module() and kexec_file_load() system calls. The security + impact of this is unclear, since these system calls are usually + only available to the root user. CVE-2022-22942 |