diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 19:15:21 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 19:18:01 +0100 |
commit | 31bba68a747e739788cd6bf824800ae67dd01cef (patch) | |
tree | 71227854e7ec711b9ff789515d61d5de7e23a4cb /dsa-texts | |
parent | 69cbae8101899510b37acd41a9ad6f007af1078a (diff) |
Fill in remaining issue descriptions
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/4.19.232-1 | 33 | ||||
-rw-r--r-- | dsa-texts/4.9.303-1 | 22 | ||||
-rw-r--r-- | dsa-texts/5.10.103-1 | 22 |
3 files changed, 63 insertions, 14 deletions
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1 index f19c1dfbd..51a031d8f 100644 --- a/dsa-texts/4.19.232-1 +++ b/dsa-texts/4.19.232-1 @@ -252,7 +252,11 @@ CVE-2021-43976 CVE-2021-44733 - Description + A race condition was discovered in the Trusted Execution + Environment (TEE) subsystem for Arm processors, which could lead + to a use-after-free. A local user permitted to access a TEE + device could exploit this for denial of service (memory corruption + or crash) or possibly for privilege escalation. CVE-2021-45095 @@ -271,13 +275,27 @@ CVE-2021-45480 A memory leak flaw was discovered in the __rds_conn_create() function in the RDS (Reliable Datagram Sockets) protocol subsystem. -CVE-2022-0001 +CVE-2022-0001 (INTEL-SA-00598) + + Researchers at VUSec discovered that the Branch History Buffer in + Intel processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. + + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. - Description +CVE-2022-0002 (INTEL-SA-00598) -CVE-2022-0002 + This is a similar issue to CVE-2022-0001, but covers exploitation + within a security context, such as from JIT-compiled code in a + sandbox to hosting code in the same process. - Description + This can be partly mitigated by disabling eBPF for unprivileged + users with the sysctl: kernel.unprivileged_bpf_disabled=2. This + update does that by default. CVE-2022-0322 @@ -318,7 +336,10 @@ CVE-2022-0617 CVE-2022-0644 - Description + Hao Sun reported a missing check for file read permission in the + finit_module() and kexec_file_load() system calls. The security + impact of this is unclear, since these system calls are usually + only available to the root user. CVE-2022-22942 diff --git a/dsa-texts/4.9.303-1 b/dsa-texts/4.9.303-1 index a0244ec6c..6a63c08ed 100644 --- a/dsa-texts/4.9.303-1 +++ b/dsa-texts/4.9.303-1 @@ -149,13 +149,27 @@ CVE-2021-45095 It was discovered that the Phone Network protocol (PhoNet) driver has a reference count leak in the pep_sock_accept() function. -CVE-2022-0001 +CVE-2022-0001 (INTEL-SA-00598) - Description + Researchers at VUSec discovered that the Branch History Buffer in + Intel processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. -CVE-2022-0002 + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. - Description +CVE-2022-0002 (INTEL-SA-00598) + + This is a similar issue to CVE-2022-0001, but covers exploitation + within a security context, such as from JIT-compiled code in a + sandbox to hosting code in the same process. + + This can be partly mitigated by disabling eBPF for unprivileged + users with the sysctl: kernel.unprivileged_bpf_disabled=2. This + update does that by default. CVE-2022-0330 diff --git a/dsa-texts/5.10.103-1 b/dsa-texts/5.10.103-1 index 235524912..143995ee0 100644 --- a/dsa-texts/5.10.103-1 +++ b/dsa-texts/5.10.103-1 @@ -23,13 +23,27 @@ CVE-2020-36310 which could lead to an infinite loop. A malicious VM guest could exploit this to cause a denial of service. -CVE-2022-0001 +CVE-2022-0001 (INTEL-SA-00598) - Description + Researchers at VUSec discovered that the Branch History Buffer in + Intel processors can be exploited to create information side- + channels with speculative execution. This issue is similar to + Spectre variant 2, but requires additional mitigations on some + processors. -CVE-2022-0002 + This can be exploited to obtain sensitive information from a + different security context, such as from user-space to the kernel, + or from a KVM guest to the kernel. - Description +CVE-2022-0002 (INTEL-SA-00598) + + This is a similar issue to CVE-2022-0001, but covers exploitation + within a security context, such as from JIT-compiled code in a + sandbox to hosting code in the same process. + + This is partly mitigated by disabling eBPF for unprivileged users + with the sysctl: kernel.unprivileged_bpf_disabled=2. This is + already the default in Debian 11 "bullseye". CVE-2022-0487 |