From c4be556e8b8bb63a91c7bd6dba749bb8852aa10d Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 21 Jan 2022 15:52:58 +0100
Subject: Add CVE-2022-23220/usbview

---
 data/CVE/list | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index c8a7807985..ed2b2ebc7e 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1632,8 +1632,14 @@ CVE-2022-23223
 	RESERVED
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	TODO: check
-CVE-2022-23220
-	RESERVED
+CVE-2022-23220 [usbview polkit policy local root exploit]
+	RESERVED
+	- usbview <unfixed>
+	[stretch] - usbview <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
+	NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1)
+	NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2)
+	NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2)
 CVE-2022-0237
 	RESERVED
 CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
-- 
cgit v1.2.3