Add CVE-2022-23220/usbview

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-21 15:52:58 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-21 15:52:58 +0100
commit: 9f7c8d297cb6519be8e315c4ad415654cef690e4 (patch)
tree: 8d38e8be9ac45ee748313b6a6cf17ed3f18ac208
parent: 1b8e45e9b071d0d069351bf30b8d99ac5ced2dc3 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 62796dea98..6fde548780 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1436,8 +1436,14 @@ CVE-2022-23223
 	RESERVED
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	TODO: check
-CVE-2022-23220
-	RESERVED
+CVE-2022-23220 [usbview polkit policy local root exploit]
+	RESERVED
+	- usbview <unfixed>
+	[stretch] - usbview <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
+	NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1)
+	NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2)
+	NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2)
 CVE-2022-0237
 	RESERVED
 CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-21 15:52:58 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-21 15:52:58 +0100
commit	9f7c8d297cb6519be8e315c4ad415654cef690e4 (patch)
tree	8d38e8be9ac45ee748313b6a6cf17ed3f18ac208
parent	1b8e45e9b071d0d069351bf30b8d99ac5ced2dc3 (diff)