Fill in more issue descriptions

3 files changed, 45 insertions, 9 deletions

diff --git a/dsa-texts/4.19.232-1 b/dsa-texts/4.19.232-1
index 09dde1abd..9a09d5267 100644
--- a/dsa-texts/4.19.232-1
+++ b/dsa-texts/4.19.232-1
@@ -153,7 +153,11 @@ CVE-2021-20322
 
 CVE-2021-22600
 
-    Description
+    The syzbot tool found a flaw in the packet socket (AF_PACKET)
+    implementation which could lead to incorrectly freeing memory.  A
+    local user with CAP_NET_RAW capability (in any user namespace)
+    could exploit this for denial of service (memory corruption or
+    crash) or possibly for privilege escalation.
 
 CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)
 
@@ -170,7 +174,13 @@ CVE-2021-28714, CVE-2021-28715 (XSA-392)
 
 CVE-2021-38300
 
-    Description
+    Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT
+    compiler for MIPS architectures.  A local user could exploit
+    this to excute arbitrary code in the kernel.
+
+    This issue is mitigated by setting sysctl
+    net.core.bpf_jit_enable=0, which is the default.  It is *not*
+    mitigated by disabling unprivileged use of eBPF.
 
 CVE-2021-39685
 
@@ -180,15 +190,24 @@ CVE-2021-39685
 
 CVE-2021-39686
 
-    Description
+    A race condition was discovered in the Android binder driver, that
+    could lead to incorrect security checks.  On systems where the
+    binder driver is loaded, a local user could exploit this for
+    privilege escalation.
 
 CVE-2021-39698
 
-    Description
+    Linus Torvalds reported a flaw in the file polling implementation,
+    which could lead to a use-after-free.  A local user could exploit
+    this for denial of service (memory corruption or crash) or
+    possibly for privilege escalation.
 
 CVE-2021-39713
 
-    Description
+    The syzbot tool found a race condition in the network scheduling
+    subsystem which could lead to a use-after-free.  A local user
+    could exploit this for denial of service (memory corruption or
+    crash) or possibly for privilege escalation.
 
 CVE-2021-41864
 
diff --git a/dsa-texts/4.9.303-1 b/dsa-texts/4.9.303-1
index d345dbad9..b3654410c 100644
--- a/dsa-texts/4.9.303-1
+++ b/dsa-texts/4.9.303-1
@@ -112,15 +112,30 @@ CVE-2021-39685
 
 CVE-2021-39686
 
-    Description
+    A race condition was discovered in the Android binder driver, that
+    could lead to incorrect security checks.  On systems where the
+    binder driver is loaded, a local user could exploit this for
+    privilege escalation.
+
+    This driver is not enabled in Debian's official kernel
+    configurations.
 
 CVE-2021-39698
 
-    Description
+    Linus Torvalds reported a flaw in the file polling implementation,
+    which could lead to a use-after-free.  A local user could exploit
+    this for denial of service (memory corruption or crash) or
+    possibly for privilege escalation.
 
 CVE-2021-39714
 
-    Description
+    A potential reference count overflow was found in the Android Ion
+    driver.  On systems where the Ion driver is loaded, a local user
+    could exploit this for denial of service (memory corruption or
+    crash) or possibly for privilege escalation.
+
+    This driver is not enabled in Debian's official kernel
+    configurations.
 
 CVE-2021-43976
 
diff --git a/dsa-texts/5.10.103-1 b/dsa-texts/5.10.103-1
index 8992ede99..235524912 100644
--- a/dsa-texts/5.10.103-1
+++ b/dsa-texts/5.10.103-1
@@ -19,7 +19,9 @@ leaks.
 
 CVE-2020-36310
 
-    Description
+    A flaw was discovered in the KVM implementation for AMD processors,
+    which could lead to an infinite loop.  A malicious VM guest could
+    exploit this to cause a denial of service.
 
 CVE-2022-0001