Refine CVE description for CVE-2023-5717 and CVE-2023-6931

author: Salvatore Bonaccorso <carnil@debian.org> 2024-01-02 17:26:36 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-01-02 17:26:36 +0100
commit: b39b23d0262b302e00b4c049fc32779c0e6a561e (patch)
tree: ac787ac634b5703d70867330a57c73cc97e73d3c /dsa-texts
parent: abb549e4eafa65cb6c8cb2855939a43a4878fe83 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/dsa-texts/5.10.205-1 b/dsa-texts/5.10.205-1
index 6ded778f..831a3baa 100644
--- a/dsa-texts/5.10.205-1
+++ b/dsa-texts/5.10.205-1
@@ -29,7 +29,9 @@ CVE-2023-5717
     Budimir Markovic reported a heap out-of-bounds write vulnerability
     in the Linux kernel's Performance Events system caused by improper
     handling of event groups, which may result in denial of service or
-    privilege escalation.
+    privilege escalation. The default settings in Debian prevent
+    exploitation unless more permissive settings have been applied in
+    the kernel.perf_event_paranoid sysctl.
 
 CVE-2023-6121
 
@@ -54,7 +56,9 @@ CVE-2023-6931
 
     Budimir Markovic reported a heap out-of-bounds write vulnerability
     in the Linux kernel's Performance Events system which may result in
-    denial of service or privilege escalation.
+    denial of service or privilege escalation. The default settings in
+    Debian prevent exploitation unless more permissive settings have
+    been applied in the kernel.perf_event_paranoid sysctl.
 
 CVE-2023-6932
author	Salvatore Bonaccorso <carnil@debian.org>	2024-01-02 17:26:36 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-01-02 17:26:36 +0100
commit	b39b23d0262b302e00b4c049fc32779c0e6a561e (patch)
tree	ac787ac634b5703d70867330a57c73cc97e73d3c /dsa-texts
parent	abb549e4eafa65cb6c8cb2855939a43a4878fe83 (diff)