diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 02:46:53 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-03-08 02:47:11 +0100 |
commit | 865b05bf201b36bb7dece4e4a11fa2026f38346f (patch) | |
tree | 9e76ceb42163e4b9a68045be973d0899675f651c /dsa-texts | |
parent | d438d88b84b9563634d6b2cf5133075f7967f896 (diff) |
Paste issue descriptions from older advisories
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/4.19.232-1 | 145 | ||||
-rw-r--r-- | dsa-texts/4.9.303-1 | 67 |
2 files changed, 143 insertions, 69 deletions
diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1 index 37e268e80..98d736009 100644 --- a/dsa-texts/4.19.232-1 +++ b/dsa-texts/4.19.232-1 @@ -29,11 +29,29 @@ leaks. CVE-2020-29374 - Description - -CVE-2020-36322 - - Description + Jann Horn of Google reported a flaw in Linux's virtual memory + management. A parent and child process initially share all their + memory, but when either writes to a shared page, the page is + duplicated and unshared (copy-on-write). However, in case an + operation such as vmsplice() required the kernel to take an + additional reference to a shared page, and a copy-on-write occurs + during this operation, the kernel might have accessed the wrong + process's memory. For some programs, this could lead to an + information leak or data corruption. + + This issue was already fixed for most architectures, but not on + MIPS and System z. This update corrects that. + +CVE-2020-36322, CVE-2021-28950 + + The syzbot tool found that the FUSE (filesystem-in-user-space) + implementation did not correctly handle a FUSE server returning + invalid attributes for a file. A local user permitted to run a + FUSE server could use this to cause a denial of service (crash). + + The original fix for this introduced a different potential denial + of service (infinite loop in kernel space), which has also been + fixed. CVE-2021-3640 @@ -73,7 +91,10 @@ CVE-2021-4135 CVE-2021-4155 - Description + Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP + IOCTL in the XFS filesystem allowed for a size increase of files + with unaligned size. A local attacker can take advantage of this + flaw to leak data on the XFS filesystem. CVE-2021-4202 @@ -85,43 +106,41 @@ CVE-2021-4203 CVE-2021-20317 - Description + It was discovered that the timer queue structure could become + corrupt, leading to waiting tasks never being woken up. A local + user with certain privileges could exploit this to cause a denial + of service (system hang). CVE-2021-20321 - Description + A race condition was discovered in the overlayfs filesystem + driver. A local user with access to an overlayfs mount and to its + underlying upper directory could exploit this for privilege + escalation. CVE-2021-20322 - Description + An information leak was discovered in the IPv4 implementation. A + remote attacker could exploit this to quickly discover which UDP + ports a system is using, making it easier for them to carry out a + DNS poisoning attack against that system. CVE-2021-22600 Description -CVE-2021-28711 - - Description - -CVE-2021-28712 - - Description - -CVE-2021-28713 - - Description - -CVE-2021-28714 - - Description - -CVE-2021-28715 +CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391) - Description + Juergen Gross reported that malicious PV backends can cause a denial + of service to guests being serviced by those backends via high + frequency events, even if those backends are running in a less + privileged environment. -CVE-2021-28950 +CVE-2021-28714, CVE-2021-28715 (XSA-392) - Description + Juergen Gross discovered that Xen guests can force the Linux + netback driver to hog large amounts of kernel memory, resulting in + denial of service. CVE-2021-38300 @@ -129,19 +148,36 @@ CVE-2021-38300 CVE-2021-39685 - Description + Szymon Heidrich discovered a buffer overflow vulnerability in the + USB gadget subsystem, resulting in information disclosure, denial of + service or privilege escalation. CVE-2021-41864 - Description + An integer overflow was discovered in the Extended BPF (eBPF) + subsystem. A local user could exploit this for denial of service + (memory corruption or crash), or possibly for privilege + escalation. + + This can be mitigated by setting sysctl + kernel.unprivileged_bpf_disabled=1, which disables eBPF use by + unprivileged users. CVE-2021-42739 - Description + A heap buffer overflow was discovered in the firedtv driver for + FireWire-connected DVB receivers. A local user with access to a + firedtv device could exploit this for denial of service (memory + corruption or crash), or possibly for privilege escalation. CVE-2021-43389 - Description + The Active Defense Lab of Venustech discovered a flaw in the CMTP + subsystem as used by Bluetooth, which could lead to an + out-of-bounds read and object type confusion. A local user with + CAP_NET_ADMIN capability in the initial user namespace could + exploit this for denial of service (memory corruption or crash), + or possibly for privilege escalation. CVE-2021-43975 @@ -149,7 +185,10 @@ CVE-2021-43975 CVE-2021-43976 - Description + Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the + mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An + attacker able to connect a crafted USB device can take advantage of + this flaw to cause a denial of service. CVE-2021-44733 @@ -157,15 +196,20 @@ CVE-2021-44733 CVE-2021-45095 - Description + It was discovered that the Phone Network protocol (PhoNet) driver + has a reference count leak in the pep_sock_accept() function. CVE-2021-45469 - Description + Wenqing Liu reported an out-of-bounds memory access in the f2fs + implementation if an inode has an invalid last xattr entry. An + attacker able to mount a specially crafted image can take advantage + of this flaw for denial of service. CVE-2021-45480 - Description + A memory leak flaw was discovered in the __rds_conn_create() + function in the RDS (Reliable Datagram Sockets) protocol subsystem. CVE-2022-0001 @@ -181,11 +225,15 @@ CVE-2022-0322 CVE-2022-0330 - Description + Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the + i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 - Description + Samuel Page and Eric Dumazet reported a stack overflow in the + networking module for the Transparent Inter-Process Communication + (TIPC) protocol, resulting in denial of service or potentially the + execution of arbitrary code. CVE-2022-0487 @@ -205,23 +253,32 @@ CVE-2022-0644 CVE-2022-22942 - Description + It was discovered that wrong file file descriptor handling in the + VMware Virtual GPU driver (vmwgfx) could result in information leak + or privilege escalation. CVE-2022-24448 - Description + Lyu Tao reported a flaw in the NFS implementation in the Linux + kernel when handling requests to open a directory on a regular file, + which could result in a information leak. CVE-2022-24959 - Description + A memory leak was discovered in the yam_siocdevprivate() function of + the YAM driver for AX.25, which could result in denial of service. CVE-2022-25258 - Description + Szymon Heidrich reported the USB Gadget subsystem lacks certain + validation of interface OS descriptor requests, resulting in memory + corruption. CVE-2022-25375 - Description + Szymon Heidrich reported that the RNDIS USB gadget lacks validation + of the size of the RNDIS_MSG_SET command, resulting in information + leak from kernel memory. For the oldstable distribution (buster), these problems have been fixed in version 4.19.232-1. diff --git a/dsa-texts/4.9.303-1 b/dsa-texts/4.9.303-1 index fc3b625b8..90d4e953f 100644 --- a/dsa-texts/4.9.303-1 +++ b/dsa-texts/4.9.303-1 @@ -41,35 +41,38 @@ CVE-2021-4083 CVE-2021-4155 - Description + Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP + IOCTL in the XFS filesystem allowed for a size increase of files + with unaligned size. A local attacker can take advantage of this + flaw to leak data on the XFS filesystem. CVE-2021-4202 Description -CVE-2021-28711 - - Description - -CVE-2021-28712 +CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391) - Description + Juergen Gross reported that malicious PV backends can cause a denial + of service to guests being serviced by those backends via high + frequency events, even if those backends are running in a less + privileged environment. -CVE-2021-28713 +CVE-2021-28714, CVE-2021-28715 (XSA-392) - Description - -CVE-2021-28714 - - Description - -CVE-2021-28715 - - Description + Juergen Gross discovered that Xen guests can force the Linux + netback driver to hog large amounts of kernel memory, resulting in + denial of service. CVE-2021-29264 - Description + It was discovered that the "gianfar" Ethernet driver used with + some Freescale SoCs did not correctly handle a Rx queue overrun + when jumbo packets were enabled. On systems using this driver and + jumbo packets, an attacker on the network could exploit this to + cause a denial of service (crash). + + This driver is not enabled in Debian's official kernel + configurations. CVE-2021-33033 @@ -77,15 +80,21 @@ CVE-2021-33033 CVE-2021-39685 - Description + Szymon Heidrich discovered a buffer overflow vulnerability in the + USB gadget subsystem, resulting in information disclosure, denial of + service or privilege escalation. CVE-2021-43976 - Description + Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the + mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An + attacker able to connect a crafted USB device can take advantage of + this flaw to cause a denial of service. CVE-2021-45095 - Description + It was discovered that the Phone Network protocol (PhoNet) driver + has a reference count leak in the pep_sock_accept() function. CVE-2022-0001 @@ -97,11 +106,15 @@ CVE-2022-0002 CVE-2022-0330 - Description + Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the + i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 - Description + Samuel Page and Eric Dumazet reported a stack overflow in the + networking module for the Transparent Inter-Process Communication + (TIPC) protocol, resulting in denial of service or potentially the + execution of arbitrary code. CVE-2022-0487 @@ -121,11 +134,15 @@ CVE-2022-24448 CVE-2022-25258 - Description + Szymon Heidrich reported the USB Gadget subsystem lacks certain + validation of interface OS descriptor requests, resulting in memory + corruption. CVE-2022-25375 - Description + Szymon Heidrich reported that the RNDIS USB gadget lacks validation + of the size of the RNDIS_MSG_SET command, resulting in information + leak from kernel memory. For Debian 9 stretch, these problems have been fixed in version 4.9.303-1. |