diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-25 22:57:40 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-07-25 22:57:40 +0200 |
commit | 7c750576dbd70faae935202b47fa22b7ecba378a (patch) | |
tree | 462a10183d18ac3057fad6322ec45df65b6abdcf /dsa-texts | |
parent | f278baeff7772a7788a8d04ab040eb533e189a27 (diff) |
new advisory text
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/5.10.127-2 | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/dsa-texts/5.10.127-2 b/dsa-texts/5.10.127-2 new file mode 100644 index 00000000..a7374808 --- /dev/null +++ b/dsa-texts/5.10.127-2 @@ -0,0 +1,37 @@ +Package: linux +CVE ID: CVE-2021-33655 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33744 CVE-2022-34918 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service or information +leaks. + +CVE-2021-33655 + + A user with access to a framebuffer console driver could cause a memory out-of-bounds write via the + FBIOPUT_VSCREENINFO ioctl + +CVE-2022-2318 + + A use-after-free in the Amateur Radio X.25 PLP (Rose) support may result in denial of service. + +CVE-2022-26365 / CVE-2022-33740 / CVE-2022-33741 / CVE-2022-33742 + + Roger Pau Monne discovered that Xen block and network PV device frontends don't zero out + memory regions before sharing them with the backend, which may result in information disclosure. + Additionally it was discovered that the granularity of the grant table doesn't permit sharing + less than a 4k page, which may also result in information disclosure. + +CVE-2022-33743 + + Jan Beulich discovered that incorrect memory handling in the Xen network backend may lead + to denial of service. + +CVE-2022-33744 + + Oleksandr Tyshchenko discovered ARM Xen guests can cause a denial of service to the Dom0 + via paravirtual devices. + +CVE-2022-34918 + + Arthur Mongodin discovered a heap buffer overflow in the Netfilter subsystem which may result + in local privilege escalation. |