CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47254 – gfs2: Fix use-after-free in gfs2_glock_shrink_scan
https://notcve.org/view.php?id=CVE-2021-47254
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window ... • https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47253 – drm/amd/display: Fix potential memory leak in DMUB hw_init
https://notcve.org/view.php?id=CVE-2021-47253
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resume scenarios. [How] Allocate memory for the DC wrapper to DMUB only if it was not allocated before. No need to reallocate it on suspend/resume. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/dis... • https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c •
CVSS: 0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47252 – batman-adv: Avoid WARN_ON timing related checks
https://notcve.org/view.php?id=CVE-2021-47252
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARN_ON must be used to denote kernel bugs and not to print simple warnings. A warning can simply be printed using pr_warn. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: batman-adv: Evite comprobaciones re... • https://git.kernel.org/stable/c/ef0a937f7a1450d3a133ccd83c9c7d07587e7a00 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47250 – net: ipv4: fix memory leak in netlbl_cipsov4_add_std
https://notcve.org/view.php?id=CVE-2021-47250
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00... • https://git.kernel.org/stable/c/96cb8e3313c7a12e026c1ed510522ae6f6023875 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47249 – net: rds: fix memory leak in rds_recvmsg
https://notcve.org/view.php?id=CVE-2021-47249
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won'... • https://git.kernel.org/stable/c/bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47245 – netfilter: synproxy: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47245
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of boun... • https://git.kernel.org/stable/c/48b1de4c110a7afa4b85862f6c75af817db26fad •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47238 – net: ipv4: fix memory leak in ip_mc_add1_src
https://notcve.org/view.php?id=CVE-2021-47238
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc includ... • https://git.kernel.org/stable/c/24803f38a5c0b6c57ed800b47e695f9ce474bc3a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47237 – net: hamradio: fix memory leak in mkiss_close
https://notcve.org/view.php?id=CVE-2021-47237
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkiss_close My local syzbot instance hit memory leak in mkiss_open()[1]. The problem was in missing free_netdev() in mkiss_close(). In mkiss_open() netdevice is allocated and then registered, but in mkiss_close() netdevice was only unregistered, but not freed. Fail log: BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex... • https://git.kernel.org/stable/c/815f62bf742718458ba822a7e1f51f285eb997f2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47236 – net: cdc_eem: fix tx fixup skb leak
https://notcve.org/view.php?id=CVE-2021-47236
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it return NULL, usbnet_start_xmit() will have no chance to free original skb. fix it by free orginal skb in eem_tx_fixup() first, then check skb clone status, if failed, return NULL to usbnet. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: cdc_eem: corrige la fuga de skb de reparación de tx cu... • https://git.kernel.org/stable/c/9f722c0978b04acba209f8ca1896ad05814bc3a3 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47235 – net: ethernet: fix potential use-after-free in ec_bhf_remove
https://notcve.org/view.php?id=CVE-2021-47235
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ec_bhf_remove static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pc... • https://git.kernel.org/stable/c/6af55ff52b02d492d45db88df3e461fa51a6f753 •