From 54a159b8d89e1d6859fabd56e57954749c60798b Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 17 Aug 2023 17:59:20 +0200 Subject: advisory updates --- dsa-texts/5.10.191-1 | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) (limited to 'dsa-texts') diff --git a/dsa-texts/5.10.191-1 b/dsa-texts/5.10.191-1 index f0106abd..5755f7e9 100644 --- a/dsa-texts/5.10.191-1 +++ b/dsa-texts/5.10.191-1 @@ -30,23 +30,36 @@ CVE-2023-1206 CVE-2023-1380 - Description + Jisoo Jang reported a heap out-of-bounds read in the brcmfmac + Wi-Fi driver. On systems using this driver, a local user could + exploit this to read sensitive information or to cause a + denial of service. CVE-2023-2002 - Description + Ruiahn Li reported an incorrect permissions check in the Bluetooth + subsystem. A local user could exploit this to reconfigure local + Bluetooth interfaces, resulting in information leaks, spoofing, + or denial of service (loss of connection). CVE-2023-2007 - Description + Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-use + flaw in the dpt_i2o SCSI controller driver. A local user with access + to a SCSI device using this driver could exploit this for privilege escalation. + + This flaw has been mitigated by removing support for the I2OUSRCMD operation. CVE-2023-2124 - Description + Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing + metadata validation may result in denial of service or potential + privilege escalation if a corrupted XFS disk image is mounted. CVE-2023-2269 - Description + Zheng Zhang reported that improper handling of locking in the + device mapper implementation may result in denial of service. CVE-2023-2898 @@ -68,11 +81,14 @@ CVE-2023-3111 CVE-2023-3212 - Description + Yang Lan that missing validation in the GFS2 filesystem could result in + denial of service via a NULL pointer dereference when mounting a + malformed GFS2 filesystem. CVE-2023-3268 - Description + It was discovered that an out-of-bounds memory access in relayfs could + result in denial of service or an information leak. CVE-2023-3338 -- cgit v1.2.3