CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47320 – nfs: fix acl memory leak of posix_acl_create()
https://notcve.org/view.php?id=CVE-2021-47320
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in advance. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfs: corrige la pérdida de memoria acl de posix_acl_create(). Al buscar en otro informe de nfs xfstests, encontré que acl y default_acl en nfs3_proc_create() y ... • https://git.kernel.org/stable/c/013cdf1088d7235da9477a2375654921d9b9ba9f •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47319 – virtio-blk: Fix memory leak among suspend/resume procedure
https://notcve.org/view.php?id=CVE-2021-47319
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fix memory leak among suspend/resume procedure The vblk->vqs should be freed before we call init_vqs() in virtblk_restore(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-blk: corrige la pérdida de memoria entre el procedimiento de suspensión/reanudación. El vblk->vqs debe liberarse antes de llamar a init_vqs() en virtblk_restore(). In the Linux kernel, the following vulnerability has been resolved: v... • https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47315 – memory: fsl_ifc: fix leak of IO mapping on probe failure
https://notcve.org/view.php?id=CVE-2021-47315
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la fuga de asignación de IO en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe desasigna... • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47314 – memory: fsl_ifc: fix leak of private memory on probe failure
https://notcve.org/view.php?id=CVE-2021-47314
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la pérdida de memoria privada en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe liberar la memoria asignada para la estructura privada... • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47311 – net: qcom/emac: fix UAF in emac_remove
https://notcve.org/view.php?id=CVE-2021-47311
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: qcom/emac: corrige UAF en emac_remove adpt son datos privados de netdev y no se pueden usar después de la llamada a free_netdev(). Usar adpt después de... • https://git.kernel.org/stable/c/54e19bc74f3380d414681762ceed9f7245bc6a6e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47310 – net: ti: fix UAF in tlan_remove_one
https://notcve.org/view.php?id=CVE-2021-47310
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ti: corrige UAF en tlan_remove_one priv son datos privados de netdev y no se pueden usar después de la llamada free_netdev(). Usar priv después de free_ne... • https://git.kernel.org/stable/c/1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47309 – net: validate lwtstate->data before returning from skb_tunnel_info()
https://notcve.org/view.php?id=CVE-2021-47309
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as mpls_iptunnel_encap, etc and these are not compatible. So skb_tunnel_info() should validate before returning that pointer. Splat looks like: BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan] Read of size 2 at addr ... • https://git.kernel.org/stable/c/61adedf3e3f1d3f032c5a6a299978d91eff6d555 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de no... • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47305 – dma-buf/sync_file: Don't leak fences on merge failure
https://notcve.org/view.php?id=CVE-2021-47305
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the error path, we weren't calling dma_fence_put() so all those fences got leaked. Also, in the krealloc_array failure case, we weren't freeing the fences array. Instead, ensure that i and fences are always zero-initialized and dma_fence_put() all the fences and kfree(fences) on every error path. En el kernel de Linux... • https://git.kernel.org/stable/c/a02b9dc90d844cc7df7b63264e7920cc425052d9 •