CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47116 – ext4: fix memory leak in ext4_mb_init_backend on error path.
https://notcve.org/view.php?id=CVE-2021-47116
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: corrige la pérdida de memoria en ext4_mb_init_backend en la ruta de error. Solucione una pérdida de memoria descubierta por syzbot cuando un sistema de archivos está dañado con un s_log_groups_pe... • https://git.kernel.org/stable/c/2050c6e5b161e5e25ce3c420fef58b24fa388a49 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47114 – ocfs2: fix data corruption by fallocate
https://notcve.org/view.php?id=CVE-2021-47114
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at that time isize is not yet updated to match the new size, if writeback is kicked in, it will invoke ocfs2_writepage()->block_write_full_page() where the pages out of inode size will be dropped. That will cause file c... • https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47113 – btrfs: abort in rename_exchange if we fail to insert the second ref
https://notcve.org/view.php?id=CVE-2021-47113
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because we insert the inode ref for one side of the rename, and then for the other side. If this second inode ref insert fails we'll leave the first one dangling and leave a corrupt file system behind. Fix this by aborting if we did the insert... • https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47112 – x86/kvm: Teardown PV features on boot CPU as well
https://notcve.org/view.php?id=CVE-2021-47112
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to make sure hypervisor doesn't write to stale locations after we jump to the previously hibernated kernel (which can try to place anything there). For secondary CPUs the job is already done by kvm_cpu_down_prepare(), ... • https://git.kernel.org/stable/c/7620a669111b52f224d006dea9e1e688e2d62c54 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47110 – x86/kvm: Disable kvmclock on all CPUs on shutdown
https://notcve.org/view.php?id=CVE-2021-47110
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate. Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock re... • https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26625 – llc: call sock_orphan() at release time
https://notcve.org/view.php?id=CVE-2024-26625
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()") Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: ... • https://git.kernel.org/stable/c/43815482370c510c569fd18edb57afcb0fa8cab6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52607 – powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
https://notcve.org/view.php?id=CVE-2023-52607
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/mm: corrige la desreferencia del puntero nulo en pgtable_cache_add kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ... • https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611 • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52606 – powerpc/lib: Validate size for vector operations
https://notcve.org/view.php?id=CVE-2023-52606
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/l... • https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52604 – FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
https://notcve.org/view.php?id=CVE-2023-52604
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52603 – UBSAN: array-index-out-of-bounds in dtSplitRoot
https://notcve.org/view.php?id=CVE-2023-52603
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace:... • https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af •