CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47623 – powerpc/fixmap: Fix VM debug warning on unmap
https://notcve.org/view.php?id=CVE-2021-47623
In the Linux kernel, the following vulnerability has been resolved: powerpc/fixmap: Fix VM debug warning on unmap Unmapping a fixmap entry is done by calling __set_fixmap() with FIXMAP_PAGE_CLEAR as flags. Today, powerpc __set_fixmap() calls map_kernel_page(). map_kernel_page() is not happy when called a second time for the same page. WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8 CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty #682 NIP: c0017cd4 LR: c00187f0 CTR: 00000010 REGS: e1011d50 TRAP: 0700 Not tainted (5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty) MSR: 00029032 <EE,ME,IR,DR,RI> CR: 42000208 XER: 00000000 GPR00: c0165fec e1011e10 c14c0000 c0ee2550 ff800000 c0f3d000 00000000 c001686c GPR08: 00001000 b00045a9 00000001 c0f58460 c0f50000 00000000 c0007e10 00000000 GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 GPR24: 00000000 00000000 c0ee2550 00000000 c0f57000 00000ff8 00000000 ff800000 NIP [c0017cd4] set_pte_at+0xc/0x1e8 LR [c00187f0] map_kernel_page+0x9c/0x100 Call Trace: [e1011e10] [c0736c68] vsnprintf+0x358/0x6c8 (unreliable) [e1011e30] [c0165fec] __set_fixmap+0x30/0x44 [e1011e40] [c0c13bdc] early_iounmap+0x11c/0x170 [e1011e70] [c0c06cb0] ioremap_legacy_serial_console+0x88/0xc0 [e1011e90] [c0c03634] do_one_initcall+0x80/0x178 [e1011ef0] [c0c0385c] kernel_init_freeable+0xb4/0x250 [e1011f20] [c0007e34] kernel_init+0x24/0x140 [e1011f30] [c0016268] ret_from_kernel_thread+0x5c/0x64 Instruction dump: 7fe3fb78 48019689 80010014 7c630034 83e1000c 5463d97e 7c0803a6 38210010 4e800020 81250000 712a0001 41820008 <0fe00000> 9421ffe0 93e1001c 48000030 Implement unmap_kernel_page() which clears an existing pte. • https://git.kernel.org/stable/c/67baac10dd5ad1e9f50e8f2659984b3b0728d54e https://git.kernel.org/stable/c/43ae0ccc4d2722b833fb59b905af129428e06d03 https://git.kernel.org/stable/c/033fd42c18d9b2121595b6f1e8419a115f9ac5b7 https://git.kernel.org/stable/c/aec982603aa8cc0a21143681feb5f60ecc69d718 https://access.redhat.com/security/cve/CVE-2021-47623 https://bugzilla.redhat.com/show_bug.cgi?id=2298107 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47622 – scsi: ufs: Fix a deadlock in the error handler
https://notcve.org/view.php?id=CVE-2021-47622
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows: Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Call trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0x12c/0x298 blk_mq_get_tag+0x210/0x480 __blk_mq_alloc_request+0x1c8/0x284 blk_get_request+0x74/0x134 ufshcd_exec_dev_cmd+0x68/0x640 ufshcd_verify_dev_init+0x68/0x35c ufshcd_probe_hba+0x12c/0x1cb8 ufshcd_host_reset_and_restore+0x88/0x254 ufshcd_reset_and_restore+0xd0/0x354 ufshcd_err_handler+0x408/0xc58 process_one_work+0x24c/0x66c worker_thread+0x3e8/0xa4c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved request. • https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724 https://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768 https://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48783 – net: dsa: lantiq_gswip: fix use after free in gswip_remove()
https://notcve.org/view.php?id=CVE-2022-48783
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus). • https://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef https://git.kernel.org/stable/c/b5652bc50dde7b84e93dfb25479b64b817e377c1 https://git.kernel.org/stable/c/2443ba2fe396bdde187a2fdfa6a57375643ae93c https://git.kernel.org/stable/c/f48bd34137718042872d06f2c7332b3267a29165 https://git.kernel.org/stable/c/df2495f329b08ac0d0d3e6334a01955ae839005e https://git.kernel.org/stable/c/c61f599b8d33adfa256126a6695c734c0de331cb https://git.kernel.org/stable/c/8c6ae46150a453f8ae9a6cd49b45f354f478587d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48778 – mtd: rawnand: gpmi: don't leak PM reference in error path
https://notcve.org/view.php?id=CVE-2022-48778
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped. • https://git.kernel.org/stable/c/29218853877a748a2ca41d9957a84b2d6a7f56a7 https://git.kernel.org/stable/c/538a5e208e7d29e8b3cb1d79bbb757e8c763b680 https://git.kernel.org/stable/c/0fe08bf9909f02eb487af2cc829f2853ea69bc96 https://git.kernel.org/stable/c/c447696e2f825df7800b0630352bea2d45d09baa https://git.kernel.org/stable/c/4cd3281a910a5adf73b2a0a82241dd67844d0b25 https://git.kernel.org/stable/c/a4eeeaca50199e3f19eb13ac3b7e0bbb93e22de4 https://git.kernel.org/stable/c/4a7ec50298b1127c5024a750c969ea0794899545 https://git.kernel.org/stable/c/58d3111eafce9e4398654b07f0b1dac27 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48777 – mtd: parsers: qcom: Fix kernel panic on skipped partition
https://notcve.org/view.php?id=CVE-2022-48777
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty) the kernel panics in the cleanup function as the name entry is NULL. Rework the parser logic by first checking the real partition number and then allocate the space and set the data for the valid partitions. The logic was also fundamentally wrong as with a skipped partition, the parts number returned was incorrect by not decreasing it for the skipped partitions. • https://git.kernel.org/stable/c/803eb124e1a64e42888542c3444bfe6dac412c7f https://git.kernel.org/stable/c/eb03cb6e03ffd9173e18e5fe87e4e3ce83820453 https://git.kernel.org/stable/c/a2995fe23095ceda2dc382fbe057f5e164595548 https://git.kernel.org/stable/c/65d003cca335cabc0160d3cd7daa689eaa9dd3cd •