From 79af44ff7f5f8525f32bb6ee1f1c7096826a052c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 2 Jan 2024 11:22:42 +0100 Subject: Add remaining CVE descriptions for 5.10.205-1 fixes --- dsa-texts/5.10.205-1 | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'dsa-texts') diff --git a/dsa-texts/5.10.205-1 b/dsa-texts/5.10.205-1 index 02e49bd4..742401c4 100644 --- a/dsa-texts/5.10.205-1 +++ b/dsa-texts/5.10.205-1 @@ -6,10 +6,36 @@ may lead to a privilege escalation, denial of service or information leaks. CVE-2021-44879 + + Wenqing Liu reported a NULL pointer dereference in the f2fs + implementation. An attacker able to mount a specially crafted image + can take advantage of this flaw for denial of service. + CVE-2023-5178 + + Alon Zahavi reported a use-after-free flaw in the NVMe-oF/TCP + subsystem in the queue intialization setup, which may result in + denial of service or privilege escalation. + CVE-2023-5197 + + Kevin Rich discovered a use-after-free flaw in the netfilter + subsystem which may result in denial of service or privilege + escalation for a user with the CAP_NET_ADMIN capability in any user + or network namespace. + CVE-2023-5717 + + Budimir Markovic reported a heap out-of-bounds write vulnerability + in the Linux kernel's Performance Events system caused due to + improper handling of event groups, which may result in denial of + service or privilege escalation. + CVE-2023-6121 + + Alon Zahavi reported an out-of-bounds read vulnerability in the + NVMe-oF/TCP which may result in information leak. + CVE-2023-6531 Jann Horn discovered a use-after-free flaw due to a race condition -- cgit v1.2.3