diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 16:57:14 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 16:57:20 +0100 |
commit | 777a553480d1fcdb083885d92105490cd8953416 (patch) | |
tree | e36789fa7209beb0c41a044b64dbddec3bf761a8 /dsa-texts/4.19.232-1 | |
parent | 85c256172533fd06dfb1cfc015bf5d0ef188095f (diff) |
Fill in more issue descriptions
Diffstat (limited to 'dsa-texts/4.19.232-1')
-rw-r--r-- | dsa-texts/4.19.232-1 | 61 |
1 files changed, 43 insertions, 18 deletions
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1 index 22984e9b7..e3513a418 100644 --- a/dsa-texts/4.19.232-1 +++ b/dsa-texts/4.19.232-1 @@ -55,39 +55,66 @@ CVE-2020-36322, CVE-2021-28950 CVE-2021-3640 - Description + Lin Ma discovered a race condiiton in the Bluetooth protocol + implementation that can lead to a use-after-free. A local + user could exploit this to cause a denial of service (memory + corruption or crash) or possibly for privilege escalation. -CVE-2021-3744 +CVE-2021-3744, CVE-2021-3764 - Description + minihanshen(沈明航) reported bugs in the ccp driver for AMD + Cryptographic Coprocessors that could lead to a resource leak. On + systems using this driver, a local user could exploit this to + cause a denial of service. CVE-2021-3752 - Description - -CVE-2021-3760 + Likang Luo of NSFOCUS Security Team discovered a flaw in the + Bluetooth L2CAP implementation that can lead to a user-after-free. + A local user could exploit this to cause a denial of service + (memory corruption or crash) or possibly for privilege escalation. - Description +CVE-2021-3760, CVE-2021-4202 -CVE-2021-3764 + Lin Ma discovered race conditions in the NCI (NFC Controller + Interface) driver, which could lead to a use-after-free. A local + user could exploit this to cause a denial of service (memory + corruption or crash) or possibly for privilege escalation. - Description + This driver is not enabled in Debian's official kernel + configurations. CVE-2021-3772 - Description + A flaw was found in the SCTP protocol implementation, which would + allow a networked attacker to break an SCTP association. The + attacker would only need to know or guess the IP addresses and + ports for the association. CVE-2021-4002 - Description + It was discovered that hugetlbfs, the virtual filesystem used by + applications to allocate huge pages in RAM, did not flush the + CPU's TLB in one case where it was necessary. In some + circumstances a local user would be able to read and write huge + pages after they are freed and reallocated to a different process. + This could lead to privilege escalation, denial of service or + information leaks. CVE-2021-4083 - Description + Jann Horn reported a race condition in the local (Unix) sockets + garbage collector, that can lead to use-after-free. A local user + could exploit this to cause a denial of service (memory corruption + or crash) or possibly for privilege escalation. CVE-2021-4135 - Description + A flaw was found in the netdevsim driver which would lead to an + information leak. + + This driver is not enabled in Debian's official kernel + configurations. CVE-2021-4155 @@ -96,13 +123,11 @@ CVE-2021-4155 with unaligned size. A local attacker can take advantage of this flaw to leak data on the XFS filesystem. -CVE-2021-4202 - - Description - CVE-2021-4203 - Description + Jann Horn reported a race condition in the local (Unix) sockets + implementation that can lead to a use-after-free. A local user + could exploit this to leak sensitive information from the kernel. CVE-2021-20317 |