diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-10-18 06:49:22 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-10-18 06:49:22 +0200 |
commit | 6e22fe13a4288d467f278659bb40a2faceec758d (patch) | |
tree | 86b5bbef3239f2be8d8fea07207a5b21ba4e9ecf /dsa-texts | |
parent | 4698e3dd98068e87791dc3e6015d114a27ff953d (diff) |
Fill in some CVE descriptions
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/5.10.148-1 | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/dsa-texts/5.10.148-1 b/dsa-texts/5.10.148-1 index 4118e5b3..57f2168c 100644 --- a/dsa-texts/5.10.148-1 +++ b/dsa-texts/5.10.148-1 @@ -6,18 +6,72 @@ may lead to a privilege escalation, denial of service or information leaks. CVE-2021-4037 + + Christian Brauner reported the inode_init_owner function for the XFS + filesystem the Linux kernel allows local users to create files with + an unintended group ownership allowing attackers to escalate + privileges by making a plain file executable and SGID. + CVE-2022-0171 + CVE-2022-1184 + + A flaw was discovered in the ext4 filesystem driver which can lead + to a use-after-free. A local user permitted to mount arbitrary + filesystems could exploit this to cause a denial of service (crash + or memory corruption) or possibly for privilege escalation. + CVE-2022-20421 + CVE-2022-2663 + + David Leadbeater reported flaws in the nf_conntrack_irc + connection-tracking protocol module. When this module is enabled + on a firewall, an external user on the same IRC network as an + internal user could exploit its lax parsing to open arbitrary TCP + ports in the firewall, to reveal their public IP address, or to + block their IRC connection at the firewall. + CVE-2022-3061 + CVE-2022-3176 + CVE-2022-3303 + CVE-2022-39188 + + Jann Horn reported a race condition in the kernel's handling of + unmapping of certain memory ranges. When a driver created a + memory mapping with the VM_PFNMAP flag, which many GPU drivers do, + the memory mapping could be removed and freed before it was + flushed from the CPU TLBs. This could result in a page use-after- + free. A local user with access to such a device could exploit + this to cause a denial of service (crash or memory corruption) or + possibly for privilege escalation. + CVE-2022-39842 + + An integer overflow was discovered in the pxa3xx-gcu video driver + which could lead to a heap out-of-bounds write. + + This driver is not enabled in Debian's official kernel + configurations. + CVE-2022-40307 + + A race condition was discovered in the EFI capsule-loader driver, + which could lead to use-after-free. A local user permitted to + access this device (/dev/efi_capsule_loader) could exploit this to + cause a denial of service (crash or memory corruption) or possibly + for privilege escalation. However, this device is normally only + accessible by the root user. + CVE-2022-41674 + CVE-2022-42719 + CVE-2022-42720 + CVE-2022-42721 + CVE-2022-42722 |