Paste issue descriptions from older advisories

author: Ben Hutchings <ben@decadent.org.uk> 2022-03-08 02:46:53 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2022-03-08 02:47:11 +0100
commit: 865b05bf201b36bb7dece4e4a11fa2026f38346f (patch)
tree: 9e76ceb42163e4b9a68045be973d0899675f651c /dsa-texts
parent: d438d88b84b9563634d6b2cf5133075f7967f896 (diff)
2 files changed, 143 insertions, 69 deletions
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1
index 37e268e80..98d736009 100644
--- a/dsa-texts/4.19.232-1
+++ b/dsa-texts/4.19.232-1
@@ -29,11 +29,29 @@ leaks.
 
 CVE-2020-29374
 
-    Description
-
-CVE-2020-36322
-
-    Description
+    Jann Horn of Google reported a flaw in Linux's virtual memory
+    management.  A parent and child process initially share all their
+    memory, but when either writes to a shared page, the page is
+    duplicated and unshared (copy-on-write).  However, in case an
+    operation such as vmsplice() required the kernel to take an
+    additional reference to a shared page, and a copy-on-write occurs
+    during this operation, the kernel might have accessed the wrong
+    process's memory.  For some programs, this could lead to an
+    information leak or data corruption.
+
+    This issue was already fixed for most architectures, but not on
+    MIPS and System z.  This update corrects that.
+
+CVE-2020-36322, CVE-2021-28950
+
+    The syzbot tool found that the FUSE (filesystem-in-user-space)
+    implementation did not correctly handle a FUSE server returning
+    invalid attributes for a file.  A local user permitted to run a
+    FUSE server could use this to cause a denial of service (crash).
+
+    The original fix for this introduced a different potential denial
+    of service (infinite loop in kernel space), which has also been
+    fixed.
 
 CVE-2021-3640
 
@@ -73,7 +91,10 @@ CVE-2021-4135
 
 CVE-2021-4155
 
-    Description
+    Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
+    IOCTL in the XFS filesystem allowed for a size increase of files
+    with unaligned size. A local attacker can take advantage of this
+    flaw to leak data on the XFS filesystem.
 
 CVE-2021-4202
 
@@ -85,43 +106,41 @@ CVE-2021-4203
 
 CVE-2021-20317
 
-    Description
+    It was discovered that the timer queue structure could become
+    corrupt, leading to waiting tasks never being woken up.  A local
+    user with certain privileges could exploit this to cause a denial
+    of service (system hang).
 
 CVE-2021-20321
 
-    Description
+    A race condition was discovered in the overlayfs filesystem
+    driver.  A local user with access to an overlayfs mount and to its
+    underlying upper directory could exploit this for privilege
+    escalation.
 
 CVE-2021-20322
 
-    Description
+    An information leak was discovered in the IPv4 implementation.  A
+    remote attacker could exploit this to quickly discover which UDP
+    ports a system is using, making it easier for them to carry out a
+    DNS poisoning attack against that system.
 
 CVE-2021-22600
 
     Description
 
-CVE-2021-28711
-
-    Description
-
-CVE-2021-28712
-
-    Description
-
-CVE-2021-28713
-
-    Description
-
-CVE-2021-28714
-
-    Description
-
-CVE-2021-28715
+CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
 
-    Description
+    Juergen Gross reported that malicious PV backends can cause a denial
+    of service to guests being serviced by those backends via high
+    frequency events, even if those backends are running in a less
+    privileged environment.
 
-CVE-2021-28950
+CVE-2021-28714, CVE-2021-28715 (XSA-392)
 
-    Description
+    Juergen Gross discovered that Xen guests can force the Linux
+    netback driver to hog large amounts of kernel memory, resulting in
+    denial of service.
 
 CVE-2021-38300
 
@@ -129,19 +148,36 @@ CVE-2021-38300
 
 CVE-2021-39685
 
-    Description
+    Szymon Heidrich discovered a buffer overflow vulnerability in the
+    USB gadget subsystem, resulting in information disclosure, denial of
+    service or privilege escalation.
 
 CVE-2021-41864
 
-    Description
+    An integer overflow was discovered in the Extended BPF (eBPF)
+    subsystem.  A local user could exploit this for denial of service
+    (memory corruption or crash), or possibly for privilege
+    escalation.
+
+    This can be mitigated by setting sysctl
+    kernel.unprivileged_bpf_disabled=1, which disables eBPF use by
+    unprivileged users.
 
 CVE-2021-42739
 
-    Description
+    A heap buffer overflow was discovered in the firedtv driver for
+    FireWire-connected DVB receivers.  A local user with access to a
+    firedtv device could exploit this for denial of service (memory
+    corruption or crash), or possibly for privilege escalation.
 
 CVE-2021-43389
 
-    Description
+    The Active Defense Lab of Venustech discovered a flaw in the CMTP
+    subsystem as used by Bluetooth, which could lead to an
+    out-of-bounds read and object type confusion.  A local user with
+    CAP_NET_ADMIN capability in the initial user namespace could
+    exploit this for denial of service (memory corruption or crash),
+    or possibly for privilege escalation.
 
 CVE-2021-43975
 
@@ -149,7 +185,10 @@ CVE-2021-43975
 
 CVE-2021-43976
 
-    Description
+    Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the
+    mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An
+    attacker able to connect a crafted USB device can take advantage of
+    this flaw to cause a denial of service.
 
 CVE-2021-44733
 
@@ -157,15 +196,20 @@ CVE-2021-44733
 
 CVE-2021-45095
 
-    Description
+    It was discovered that the Phone Network protocol (PhoNet) driver
+    has a reference count leak in the pep_sock_accept() function.
 
 CVE-2021-45469
 
-    Description
+    Wenqing Liu reported an out-of-bounds memory access in the f2fs
+    implementation if an inode has an invalid last xattr entry. An
+    attacker able to mount a specially crafted image can take advantage
+    of this flaw for denial of service.
 
 CVE-2021-45480
 
-    Description
+    A memory leak flaw was discovered in the __rds_conn_create()
+    function in the RDS (Reliable Datagram Sockets) protocol subsystem.
 
 CVE-2022-0001
 
@@ -181,11 +225,15 @@ CVE-2022-0322
 
 CVE-2022-0330
 
-    Description
+    Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the
+    i915 driver, resulting in denial of service or privilege escalation.
 
 CVE-2022-0435
 
-    Description
+    Samuel Page and Eric Dumazet reported a stack overflow in the
+    networking module for the Transparent Inter-Process Communication
+    (TIPC) protocol, resulting in denial of service or potentially the
+    execution of arbitrary code.
 
 CVE-2022-0487
 
@@ -205,23 +253,32 @@ CVE-2022-0644
 
 CVE-2022-22942
 
-    Description
+    It was discovered that wrong file file descriptor handling in the
+    VMware Virtual GPU driver (vmwgfx) could result in information leak
+    or privilege escalation.
 
 CVE-2022-24448
 
-    Description
+    Lyu Tao reported a flaw in the NFS implementation in the Linux
+    kernel when handling requests to open a directory on a regular file,
+    which could result in a information leak.
 
 CVE-2022-24959
 
-    Description
+    A memory leak was discovered in the yam_siocdevprivate() function of
+    the YAM driver for AX.25, which could result in denial of service.
 
 CVE-2022-25258
 
-    Description
+    Szymon Heidrich reported the USB Gadget subsystem lacks certain
+    validation of interface OS descriptor requests, resulting in memory
+    corruption.
 
 CVE-2022-25375
 
-    Description
+    Szymon Heidrich reported that the RNDIS USB gadget lacks validation
+    of the size of the RNDIS_MSG_SET command, resulting in information
+    leak from kernel memory.
 
 For the oldstable distribution (buster), these problems have been fixed
 in version 4.19.232-1.
diff --git a/dsa-texts/4.9.303-1 b/dsa-texts/4.9.303-1
index fc3b625b8..90d4e953f 100644
--- a/dsa-texts/4.9.303-1
+++ b/dsa-texts/4.9.303-1
@@ -41,35 +41,38 @@ CVE-2021-4083
 
 CVE-2021-4155
 
-    Description
+    Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP
+    IOCTL in the XFS filesystem allowed for a size increase of files
+    with unaligned size. A local attacker can take advantage of this
+    flaw to leak data on the XFS filesystem.
 
 CVE-2021-4202
 
     Description
 
-CVE-2021-28711
-
-    Description
-
-CVE-2021-28712
+CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
 
-    Description
+    Juergen Gross reported that malicious PV backends can cause a denial
+    of service to guests being serviced by those backends via high
+    frequency events, even if those backends are running in a less
+    privileged environment.
 
-CVE-2021-28713
+CVE-2021-28714, CVE-2021-28715 (XSA-392)
 
-    Description
-
-CVE-2021-28714
-
-    Description
-
-CVE-2021-28715
-
-    Description
+    Juergen Gross discovered that Xen guests can force the Linux
+    netback driver to hog large amounts of kernel memory, resulting in
+    denial of service.
 
 CVE-2021-29264
 
-    Description
+    It was discovered that the "gianfar" Ethernet driver used with
+    some Freescale SoCs did not correctly handle a Rx queue overrun
+    when jumbo packets were enabled.  On systems using this driver and
+    jumbo packets, an attacker on the network could exploit this to
+    cause a denial of service (crash).
+
+    This driver is not enabled in Debian's official kernel
+    configurations.
 
 CVE-2021-33033
 
@@ -77,15 +80,21 @@ CVE-2021-33033
 
 CVE-2021-39685
 
-    Description
+    Szymon Heidrich discovered a buffer overflow vulnerability in the
+    USB gadget subsystem, resulting in information disclosure, denial of
+    service or privilege escalation.
 
 CVE-2021-43976
 
-    Description
+    Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the
+    mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An
+    attacker able to connect a crafted USB device can take advantage of
+    this flaw to cause a denial of service.
 
 CVE-2021-45095
 
-    Description
+    It was discovered that the Phone Network protocol (PhoNet) driver
+    has a reference count leak in the pep_sock_accept() function.
 
 CVE-2022-0001
 
@@ -97,11 +106,15 @@ CVE-2022-0002
 
 CVE-2022-0330
 
-    Description
+    Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the
+    i915 driver, resulting in denial of service or privilege escalation.
 
 CVE-2022-0435
 
-    Description
+    Samuel Page and Eric Dumazet reported a stack overflow in the
+    networking module for the Transparent Inter-Process Communication
+    (TIPC) protocol, resulting in denial of service or potentially the
+    execution of arbitrary code.
 
 CVE-2022-0487
 
@@ -121,11 +134,15 @@ CVE-2022-24448
 
 CVE-2022-25258
 
-    Description
+    Szymon Heidrich reported the USB Gadget subsystem lacks certain
+    validation of interface OS descriptor requests, resulting in memory
+    corruption.
 
 CVE-2022-25375
 
-    Description
+    Szymon Heidrich reported that the RNDIS USB gadget lacks validation
+    of the size of the RNDIS_MSG_SET command, resulting in information
+    leak from kernel memory.
 
 For Debian 9 stretch, these problems have been fixed in version
 4.9.303-1.
author	Ben Hutchings <ben@decadent.org.uk>	2022-03-08 02:46:53 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2022-03-08 02:47:11 +0100
commit	865b05bf201b36bb7dece4e4a11fa2026f38346f (patch)
tree	9e76ceb42163e4b9a68045be973d0899675f651c /dsa-texts
parent	d438d88b84b9563634d6b2cf5133075f7967f896 (diff)