CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47601 – tee: amdtee: fix an IS_ERR() vs NULL bug
https://notcve.org/view.php?id=CVE-2021-47601
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: amdtee: corrige un error IS_ERR() vs NULL La función __get_free_pages() no devuelve punteros de error, devuelve NULL, así que corrija esta condición para evitar una desreferencia a NULL. In the Linux k... • https://git.kernel.org/stable/c/757cc3e9ff1d72d014096399d6e2bf03974d9da1 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47600 – dm btree remove: fix use after free in rebalance_children()
https://notcve.org/view.php?id=CVE-2021-47600
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm btree remove: corrige el use after free en rebalance_children() Mueve dm_tm_unlock() después de dm_tm_dec(). • https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47599 – btrfs: use latest_dev in btrfs_show_devname
https://notcve.org/view.php?id=CVE-2021-47599
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: btrfs_show_devname+0x108/0x1b4 [btrfs] show_mountinfo+0x234/0x2c4 m_show+0x28/0x34 seq_read_iter+0x12c/0x3c4 vfs_read+0... • https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47598 – sch_cake: do not call cake_destroy() from cake_init()
https://notcve.org/view.php?id=CVE-2021-47598
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline] WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 ... • https://git.kernel.org/stable/c/046f6fd5daefac7f5abdafb436b30f63bc7c602b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47597 – inet_diag: fix kernel-infoleak for UDP sockets
https://notcve.org/view.php?id=CVE-2021-47597
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill() might make the same mistake in the future, so fix this in inet_sk_diag_fill(). [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyo... • https://git.kernel.org/stable/c/3c4d05c8056724aff3abc20650807dd828fded54 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47596 – net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
https://notcve.org/view.php?id=CVE-2021-47596
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem. So fixes it by check the instance register state to avoid use after free. En el k... • https://git.kernel.org/stable/c/d8355240cf8fb8b9e002b5c8458578435cea85c2 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47593 – mptcp: clear 'kern' flag from fallback sockets
https://notcve.org/view.php?id=CVE-2021-47593
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp sockets (any userspace-exposed socket). But in case of fallback, accept() can return a plain tcp sk. In such case, sk is still tagged as 'kernel' and setsockopt will work. This will crash the kernel, The subflow extension has a NULL ctx... • https://git.kernel.org/stable/c/cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47589 – igbvf: fix double free in `igbvf_probe`
https://notcve.org/view.php?id=CVE-2021-47589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which is added by `netif_napi_add` in igbvf_alloc_queues(). Ho... • https://git.kernel.org/stable/c/d4e0fe01a38a073568aee541a0247fe734095979 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47588 – sit: do not call ipip6_dev_free() from sit_init_net()
https://notcve.org/view.php?id=CVE-2021-47588
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against multiple invocations, but other drivers do not implement this strategy. syzbot reported: dst_release underflow WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 Modules linked in: CP... • https://git.kernel.org/stable/c/cf124db566e6b036b8bcbe8decbed740bdfac8c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47587 – net: systemport: Add global locking for descriptor lifecycle
https://notcve.org/view.php?id=CVE-2021-47587
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once which is the case when using multiple transmit que... • https://git.kernel.org/stable/c/80105befdb4b8cea924711b40b2462b87df65b62 •