CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47356 – mISDN: fix possible use-after-free in HFC_cleanup()
https://notcve.org/view.php?id=CVE-2021-47356
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mISDN: corrige posible use after free en HFC_cleanup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7 https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5 https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124 https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0 https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020 https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: nicstar: corrige el posible use after free en nicstar_cleanup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 https://git.kernel.org/stable/c/4e2a0848ea2cab0716d46f85a8ccd5fa9a493e51 https://git.kernel.org/stable/c/c471569632654e57c83512e0fc1ba0dbb4544ad6 https://git.kernel.org/stable/c/a7a7b2848312cc4c3a42b6e42a8ab2e441857aba https://git.kernel.org/stable/c/bdf5334250c69fabf555b7322c75249ea7d5f148 https://git.kernel.org/stable/c/a7f7c42e31157d1f0871d6a8e1a0b73a6b4ea785 https://git.kernel.org/stable/c/2f958b6f6ba0854b39be748d21dfe71e0fe6580f https://git.kernel.org/stable/c/5b991df8881088448cb223e769e37cab8 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e https://git.kernel.org/stable/c/0687411e2a8858262de2fc4a1d576016fd77292e https://git.kernel.org/stable/c/a8e23e3c1ff9ec598ab1b3a941ace6045027781f https://git.kernel.org/stable/c/50d7e03ad487cc45fc85164a299b945a41756ac0 https://git.kernel.org/stable/c/0b10ab80695d61422337ede6ff496552d8ace99d • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrigió la desreferencia del puntero NULL en la función udf_symlink. En la función udf_symlink, a epos.bh se le asigna el valor devuelto por udf_tgetblk. La función udf_tgetblk está definida en udf/misc.c y devuelve el valor de la función sb_getblk que podría ser NULL. • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9 https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5 https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238 https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02 https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted. • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 https://access.redhat.com/security/cve/CVE-2021-47352 https://bugzilla.redhat.com/show_bug.cgi?id=2282401 • CWE-20: Improper Input Validation •