Fill in more issue descriptions

1 files changed, 43 insertions, 18 deletions

diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1
index 22984e9b7..e3513a418 100644
--- a/dsa-texts/4.19.232-1
+++ b/dsa-texts/4.19.232-1
@@ -55,39 +55,66 @@ CVE-2020-36322, CVE-2021-28950
 
 CVE-2021-3640
 
-    Description
+    Lin Ma discovered a race condiiton in the Bluetooth protocol
+    implementation that can lead to a use-after-free.  A local
+    user could exploit this to cause a denial of service (memory
+    corruption or crash) or possibly for privilege escalation.
 
-CVE-2021-3744
+CVE-2021-3744, CVE-2021-3764
 
-    Description
+    minihanshen(沈明航) reported bugs in the ccp driver for AMD
+    Cryptographic Coprocessors that could lead to a resource leak.  On
+    systems using this driver, a local user could exploit this to
+    cause a denial of service.
 
 CVE-2021-3752
 
-    Description
-
-CVE-2021-3760
+    Likang Luo of NSFOCUS Security Team discovered a flaw in the
+    Bluetooth L2CAP implementation that can lead to a user-after-free.
+    A local user could exploit this to cause a denial of service
+    (memory corruption or crash) or possibly for privilege escalation.
 
-    Description
+CVE-2021-3760, CVE-2021-4202
 
-CVE-2021-3764
+    Lin Ma discovered race conditions in the NCI (NFC Controller
+    Interface) driver, which could lead to a use-after-free.  A local
+    user could exploit this to cause a denial of service (memory
+    corruption or crash) or possibly for privilege escalation.
 
-    Description
+    This driver is not enabled in Debian's official kernel
+    configurations.
 
 CVE-2021-3772
 
-    Description
+    A flaw was found in the SCTP protocol implementation, which would
+    allow a networked attacker to break an SCTP association.  The
+    attacker would only need to know or guess the IP addresses and
+    ports for the association.
 
 CVE-2021-4002
 
-    Description
+    It was discovered that hugetlbfs, the virtual filesystem used by
+    applications to allocate huge pages in RAM, did not flush the
+    CPU's TLB in one case where it was necessary.  In some
+    circumstances a local user would be able to read and write huge
+    pages after they are freed and reallocated to a different process.
+    This could lead to privilege escalation, denial of service or
+    information leaks.
 
 CVE-2021-4083
 
-    Description
+    Jann Horn reported a race condition in the local (Unix) sockets
+    garbage collector, that can lead to use-after-free.  A local user
+    could exploit this to cause a denial of service (memory corruption
+    or crash) or possibly for privilege escalation.
 
 CVE-2021-4135
 
-    Description
+    A flaw was found in the netdevsim driver which would lead to an
+    information leak.
+
+    This driver is not enabled in Debian's official kernel
+    configurations.
 
 CVE-2021-4155
 
@@ -96,13 +123,11 @@ CVE-2021-4155
     with unaligned size. A local attacker can take advantage of this
     flaw to leak data on the XFS filesystem.
 
-CVE-2021-4202
-
-    Description
-
 CVE-2021-4203
 
-    Description
+    Jann Horn reported a race condition in the local (Unix) sockets
+    implementation that can lead to a use-after-free.  A local user
+    could exploit this to leak sensitive information from the kernel.
 
 CVE-2021-20317