diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-01-22 15:05:19 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-01-22 15:05:19 +0100 |
| commit | 0b8d60550729ea064633fd1a5f47aa8db6071351 (patch) | |
| tree | 8dc83e93249d73d8393460aaee34982c0515ad83 /dsa-texts | |
| parent | b23ffe22edf4aa99596b66536dc6edaa7e03c62a (diff) | |
Add CVE descriptions for more issues for 5.10.162-1 upload
Diffstat (limited to 'dsa-texts')
| -rw-r--r-- | dsa-texts/5.10.162-1 | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/dsa-texts/5.10.162-1 b/dsa-texts/5.10.162-1 index 2164d4c9..eea12572 100644 --- a/dsa-texts/5.10.162-1 +++ b/dsa-texts/5.10.162-1 @@ -38,32 +38,51 @@ CVE-2022-36280 CVE-2022-41218 - Description + Hyunwoo Kim reported a use-after-free flaw in Media DVB core + subsystem caused by refcount races, which may allow a local user to + cause a denial of service or for privilege escalation. CVE-2022-45934 - Description + An integer overflow flaw in l2cap_config_req() in the Bluetooth + subsystem was discovered, which may allow a physically proximate + attacker to cause a denial of service (system crash). CVE-2022-47929 - Description + Frederick Lawler reported a NULL pointer dereference flaw in the + traffic control subsystem allowing an unprivileged user to cause a + denial of service by setting up a specially crafted traffic control + configuration. CVE-2023-0179 - Description + Davide Ornaghi discovered that incorrect arithmetics when fetching + VLAN header bits in the netfilter subsystem, allowing a local user + to leak stack and heap addresses, and potentially for local + privilege escalation to root. CVE-2023-0266 - Description + A use-after-free flaw in the sound subsystem due to missing locking + may result in denial of service or privilege escalation. CVE-2023-0394 - Description + Kyle Zeng discovered a NULL pointer dereference flaw in + rawv6_push_pending_frames() in the network subsystem allowing a + local user to cause a denial of service (system crash). CVE-2023-23454 - Description + Kyle Zeng reported that the Class Based Queueing (CBQ) network + scheduler was prone to a denial of service due to interpreting + classification results before checking the classification + return code. CVE-2023-23455 - Description + Kyle Zeng reported that the ATM Virtual Circuits (ATM) network + scheduler was prone to a denial of service due to interpreting + classification results before checking the classification + return code. |