diff --git a/2018/7xxx/CVE-2018-7557.json b/2018/7xxx/CVE-2018-7557.json index d82fb54491a..dfb008b4746 100644 --- a/2018/7xxx/CVE-2018-7557.json +++ b/2018/7xxx/CVE-2018-7557.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data." + "value": "The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data." } ] }, @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-65", "url": "https://security.gentoo.org/glsa/202003-65" + }, + { + "refsource": "MISC", + "name": "https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae", + "url": "https://github.com/FFmpeg/FFmpeg/commit/e724bd1dd9efea3abb8586d6644ec07694afceae" } ] } diff --git a/2020/11xxx/CVE-2020-11494.json b/2020/11xxx/CVE-2020-11494.json index 9454420c388..397419fb225 100644 --- a/2020/11xxx/CVE-2020-11494.json +++ b/2020/11xxx/CVE-2020-11494.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4." + "value": "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4." } ] }, @@ -111,6 +111,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html", "url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28" } ] } diff --git a/2020/13xxx/CVE-2020-13143.json b/2020/13xxx/CVE-2020-13143.json index 0619455f2d1..5618cd8c7fb 100644 --- a/2020/13xxx/CVE-2020-13143.json +++ b/2020/13xxx/CVE-2020-13143.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4." + "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4." } ] }, @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4414-1", "url": "https://usn.ubuntu.com/4414-1/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" } ] } diff --git a/2020/13xxx/CVE-2020-13974.json b/2020/13xxx/CVE-2020-13974.json index 631c7db33e8..873cc1b8227 100644 --- a/2020/13xxx/CVE-2020-13974.json +++ b/2020/13xxx/CVE-2020-13974.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case." + "value": "An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case." } ] }, @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4485-1", "url": "https://usn.ubuntu.com/4485-1/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b" } ] } diff --git a/2020/15xxx/CVE-2020-15393.json b/2020/15xxx/CVE-2020-15393.json index de76f323ac6..e6ba1aca552 100644 --- a/2020/15xxx/CVE-2020-15393.json +++ b/2020/15xxx/CVE-2020-15393.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770." + "value": "In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770." } ] }, @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=831eebad70a25f55b5745453ac252d4afe997187", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=831eebad70a25f55b5745453ac252d4afe997187" } ] } diff --git a/2020/9xxx/CVE-2020-9383.json b/2020/9xxx/CVE-2020-9383.json index bc53622bb1f..f6b12702913 100644 --- a/2020/9xxx/CVE-2020-9383.json +++ b/2020/9xxx/CVE-2020-9383.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2." + "value": "An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2." } ] }, @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4698", "url": "https://www.debian.org/security/2020/dsa-4698" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530" } ] }