CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47324 – watchdog: Fix possible use-after-free in wdt_startup()
https://notcve.org/view.php?id=CVE-2021-47324
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel ... • https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47323 – watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
https://notcve.org/view.php?id=CVE-2021-47323
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En... • https://git.kernel.org/stable/c/0015581a79bbf8e521f85dddb7d3e4a66b9f51d4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47321 – watchdog: Fix possible use-after-free by calling del_timer_sync()
https://notcve.org/view.php?id=CVE-2021-47321
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En... • https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47320 – nfs: fix acl memory leak of posix_acl_create()
https://notcve.org/view.php?id=CVE-2021-47320
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in advance. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfs: corrige la pérdida de memoria acl de posix_acl_create(). Al buscar en otro informe de nfs xfstests, encontré que acl y default_acl en nfs3_proc_create() y ... • https://git.kernel.org/stable/c/013cdf1088d7235da9477a2375654921d9b9ba9f •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47319 – virtio-blk: Fix memory leak among suspend/resume procedure
https://notcve.org/view.php?id=CVE-2021-47319
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fix memory leak among suspend/resume procedure The vblk->vqs should be freed before we call init_vqs() in virtblk_restore(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-blk: corrige la pérdida de memoria entre el procedimiento de suspensión/reanudación. El vblk->vqs debe liberarse antes de llamar a init_vqs() en virtblk_restore(). In the Linux kernel, the following vulnerability has been resolved: v... • https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47315 – memory: fsl_ifc: fix leak of IO mapping on probe failure
https://notcve.org/view.php?id=CVE-2021-47315
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la fuga de asignación de IO en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe desasigna... • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47314 – memory: fsl_ifc: fix leak of private memory on probe failure
https://notcve.org/view.php?id=CVE-2021-47314
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la pérdida de memoria privada en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe liberar la memoria asignada para la estructura privada... • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47310 – net: ti: fix UAF in tlan_remove_one
https://notcve.org/view.php?id=CVE-2021-47310
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ti: corrige UAF en tlan_remove_one priv son datos privados de netdev y no se pueden usar después de la llamada free_netdev(). Usar priv después de free_ne... • https://git.kernel.org/stable/c/1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47309 – net: validate lwtstate->data before returning from skb_tunnel_info()
https://notcve.org/view.php?id=CVE-2021-47309
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as mpls_iptunnel_encap, etc and these are not compatible. So skb_tunnel_info() should validate before returning that pointer. Splat looks like: BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan] Read of size 2 at addr ... • https://git.kernel.org/stable/c/61adedf3e3f1d3f032c5a6a299978d91eff6d555 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b • CWE-125: Out-of-bounds Read •