Add draft texts for some CVEs covered in the 6.1.69-1 update

author: Salvatore Bonaccorso <carnil@debian.org> 2024-01-01 09:53:25 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2024-01-01 09:53:25 +0100
commit: f6c4d9e6a7bb437379cf350e525e574971dff9f0 (patch)
tree: 45d041fc09083b7bc89672b098b085a9e2364aac /dsa-texts
parent: df13baafe28e8b94cf424e875dc309f0d30a8528 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/dsa-texts/6.1.69-1 b/dsa-texts/6.1.69-1
index 85f6b7df..df8090da 100644
--- a/dsa-texts/6.1.69-1
+++ b/dsa-texts/6.1.69-1
@@ -6,9 +6,31 @@ may lead to a privilege escalation, denial of service or information
 leaks.
 
 CVE-2023-6531
+
+    Jann Horn discovered a use-after-free flaw due to a race condition
+    problem when the unix garbage collector's deletion of a SKB races
+    with unix_stream_read_generic() on the socket that the SKB is
+    queued on.
+
 CVE-2023-6622
+
+    Xingyuan Mo discovered a flaw in the netfilter subsystem which may
+    result in denial of service or privilege escalation for a user with
+    the CAP_NET_ADMIN capability in any user or network namespace.
+
 CVE-2023-6817
+
+    Xingyuan Mo discovered that a use-after-free in Netfilter's
+    implementation of PIPAPO (PIle PAcket POlicies) may result in denial
+    of service or potential local privilege escalation for a user with
+    the CAP_NET_ADMIN capability in any user or network namespace.
+
 CVE-2023-6931
+
+    Budimir Markovic reported a heap out-of-bounds write vulnerability
+    in the Linux kernel's Performance Events system which may result in
+    denial of service or privilege escalation.
+
 CVE-2023-51779
 CVE-2023-51780
 CVE-2023-51781
author	Salvatore Bonaccorso <carnil@debian.org>	2024-01-01 09:53:25 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2024-01-01 09:53:25 +0100
commit	f6c4d9e6a7bb437379cf350e525e574971dff9f0 (patch)
tree	45d041fc09083b7bc89672b098b085a9e2364aac /dsa-texts
parent	df13baafe28e8b94cf424e875dc309f0d30a8528 (diff)