advisory updates

1 files changed, 23 insertions, 7 deletions

diff --git a/dsa-texts/5.10.191-1 b/dsa-texts/5.10.191-1
index f0106abd..5755f7e9 100644
--- a/dsa-texts/5.10.191-1
+++ b/dsa-texts/5.10.191-1
@@ -30,23 +30,36 @@ CVE-2023-1206
 
 CVE-2023-1380
 
-    Description
+    Jisoo Jang reported a heap out-of-bounds read in the brcmfmac
+    Wi-Fi driver. On systems using this driver, a local user could
+    exploit this to read sensitive information or to cause a
+    denial of service.
 
 CVE-2023-2002
 
-    Description
+    Ruiahn Li reported an incorrect permissions check in the Bluetooth
+    subsystem. A local user could exploit this to reconfigure local
+    Bluetooth interfaces, resulting in information leaks, spoofing,
+    or denial of service (loss of connection).
 
 CVE-2023-2007
 
-    Description
+    Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-use
+    flaw in the dpt_i2o SCSI controller driver. A local user with access
+    to a SCSI device using this driver could exploit this for privilege escalation.
+
+    This flaw has been mitigated by removing support for the I2OUSRCMD operation.
 
 CVE-2023-2124
 
-    Description
+    Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing
+    metadata validation may result in denial of service or potential
+    privilege escalation if a corrupted XFS disk image is mounted.
 
 CVE-2023-2269
 
-    Description
+    Zheng Zhang reported that improper handling of locking in the
+    device mapper implementation may result in denial of service.
 
 CVE-2023-2898
 
@@ -68,11 +81,14 @@ CVE-2023-3111
 
 CVE-2023-3212
 
-    Description
+    Yang Lan that missing validation in the GFS2 filesystem could result in
+    denial of service via a NULL pointer dereference when mounting a
+    malformed GFS2 filesystem.
 
 CVE-2023-3268
 
-    Description
+    It was discovered that an out-of-bounds memory access in relayfs could
+    result in denial of service or an information leak.
 
 CVE-2023-3338