diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-01 23:16:13 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-01 23:16:13 +0100 |
commit | 03d96c2379dcb09f12cc1cfb6bbf7c92f80884da (patch) | |
tree | 8142d3d4d64c2e1bd44c6cbf7d6457d14d8c1df1 /dsa-texts | |
parent | 749f8855c581c82daa037bce0469a9ef4da2ed19 (diff) |
Add preliminary DSA text for 5.10.92-2 update
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/5.10.92-2 | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/dsa-texts/5.10.92-2 b/dsa-texts/5.10.92-2 new file mode 100644 index 000000000..81dc5f204 --- /dev/null +++ b/dsa-texts/5.10.92-2 @@ -0,0 +1,63 @@ +Package : linux +CVE ID : CVE-2021-43976 CVE-2022-0330 CVE-2022-0435 CVE-2022-0516 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2021-43976 + + Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the + mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An + attacker able to connect a crafted USB device can take advantage of + this flaw to cause a denial of service. + +CVE-2022-0330 + + Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the + i915 driver, resulting in denial of service or privilege escalation. + +CVE-2022-0435 + + Samuel Page and Eric Dumazet reported a stack overflow flaw in the + networking module for the Transparent Inter-Process Communication + (TIPC) protocol, resulting in denial of service or potentially the + execution of arbitrary code. + +CVE-2022-0516 + + It was discovered that an insufficient check in the KVM subsystem + for s390x could allow unauthorized memory read or write access. + +CVE-2022-22942 + + It was discovered that wrong file file descriptor handling in the + VMware Virtual GPU driver (vmwgfx) could result in information leak + or privilege escalation. + +CVE-2022-24448 + + Lyu Tao reported a flaw in the NFS implementation in the Linux + kernel when handling requests to open a directory on a regular file, + which could result in information leaks. + +CVE-2022-24959 + + A memory leak vulnerability was discovered in the + yam_siocdevprivate() function of the YAM driver for AX.25, which + could result in denial of service. + +CVE-2022-25258 + + Szymon Heidrich reported the USB Gadget subsystem lacks certain + validation of interface OS descriptor requests, resulting in memory + corruption. + +CVE-2022-25375 + + Szymon Heidrich reported that the RNDIS USB gadget lacks validation + of the size of the RNDIS_MSG_SET command, resulting in information + leak from kernel memory. + +For the stable distribution (bullseye), these problems have been fixed in +version 5.10.92-2. |