CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e https://git.kernel.org/stable/c/0687411e2a8858262de2fc4a1d576016fd77292e https://git.kernel.org/stable/c/a8e23e3c1ff9ec598ab1b3a941ace6045027781f https://git.kernel.org/stable/c/50d7e03ad487cc45fc85164a299b945a41756ac0 https://git.kernel.org/stable/c/0b10ab80695d61422337ede6ff496552d8ace99d • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrigió la desreferencia del puntero NULL en la función udf_symlink. En la función udf_symlink, a epos.bh se le asigna el valor devuelto por udf_tgetblk. La función udf_tgetblk está definida en udf/misc.c y devuelve el valor de la función sb_getblk que podría ser NULL. • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9 https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5 https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238 https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02 https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted. • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 https://access.redhat.com/security/cve/CVE-2021-47352 https://bugzilla.redhat.com/show_bug.cgi?id=2282401 • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47351 – ubifs: Fix races between xattr_{set|get} and listxattr operations
https://notcve.org/view.php?id=CVE-2021-47351
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: corrige ejecucións entre las operaciones xattr_{set|get} y listxattr. UBIFS puede producir algunos problemas con las operaciones xattr_{set|get} y listxattr simultáneas, como fallas de aserción y corrupción de memoria. , valor xattr obsoleto [1]. Solucónelo importando un nuevo rw-lock en @ubifs_inode para serializar las operaciones de escritura en xattr, las operaciones de lectura simultáneas siguen siendo efectivas, al igual que ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1@huawei.com • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d https://git.kernel.org/stable/c/7adc05b73d91a5e3d4ca7714fa53ad9b70c53d08 https://git.kernel.org/stable/c/38dde03eb239605f428f3f1e4baa73d4933a4cc6 https://git.kernel.org/stable/c/9558612cb829f2c022b788f55d6b8437d5234a82 https://git.kernel.org/stable/c/c0756f75c22149d20fcb7d8409827cee905eb386 https://git.kernel.org/stable/c/f4e3634a3b642225a530c292fdb1e8a4007507f5 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47348 – drm/amd/display: Avoid HDCP over-read and corruption
https://notcve.org/view.php?id=CVE-2021-47348
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: evita la sobrelectura y la corrupción de HDCP. En lugar de leer los 5 bytes deseados del campo de destino real, el código leía 8. Esto podría resultar en un archivo dañado. valor si los 3 bytes finales fueran distintos de cero, por lo tanto, utilice un búfer de rebote de tamaño adecuado e inicializado en cero, y lea solo 5 bytes antes de convertir a u64. • https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •