CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47257 – net: ieee802154: fix null deref in parse dev addr
https://notcve.org/view.php?id=CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ieee802154: corrige el deref null en analizar dev addr. Se corrige un error lógico que podría resultar en un deref null si el usuario configura el modo incorrectamente para el tipo de dirección dado. • https://git.kernel.org/stable/c/1f95741981c899c4724647291fec5faa3c777185 https://git.kernel.org/stable/c/c6998ccfefa652bac3f9b236821e392af43efa1e https://git.kernel.org/stable/c/5f728ec65485625e30f46e5b4917ff023ad29ea0 https://git.kernel.org/stable/c/d0f47648b87b6d5f204cb7f3cbce6d36dab85a67 https://git.kernel.org/stable/c/c7836de2cadd88bc2f20f2c5a3d4ef4c73aef627 https://git.kernel.org/stable/c/fdd51e34f45311ab6e48d2147cbc2904731b9993 https://git.kernel.org/stable/c/9fdd04918a452980631ecc499317881c1d120b70 https://access.redhat.com/security/cve/CVE-2021-47257 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47254 – gfs2: Fix use-after-free in gfs2_glock_shrink_scan
https://notcve.org/view.php?id=CVE-2021-47254
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: corrige use-after-free en gfs2_glock_shrink_scan. El indicador GLF_LRU se marca en lru_lock en gfs2_glock_remove_from_lru() para eliminar el glock de la lista lru en __gfs2_glock_put(). En la ruta de escaneo de reducción, la misma bandera se borra en lru_lock pero debido a cond_resched_lock(&lru_lock) en gfs2_dispose_glock_lru(), se puede avanzar en el lado de venta sin eliminar la glock de la lista de lru. Mantenga GLF_LRU en la ventana de ejecución abierta por cond_resched_lock(&lru_lock) para garantizar un comportamiento correcto en ambos lados; borre GLF_LRU después de list_del en lru_lock. • https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4 https://git.kernel.org/stable/c/92869945cc5b78ee8a1ef90336fe070893e3458a https://git.kernel.org/stable/c/0364742decb0f02bc183404868b82896f7992595 https://git.kernel.org/stable/c/094bf5670e762afa243d2c41a5c4ab71c7447bf4 https://git.kernel.org/stable/c/86fd5b27db743a0ce0cc245e3a34813b2aa6ec1d https://git.kernel.org/stable/c/a61156314b66456ab6a291ed5deba1ebd002ab3c https://git.kernel.org/stable/c/e87ef30fe73e7e10d2c85bdcc778dcec24dca553 https://git.kernel.org/stable/c/1ab19c5de4c537ec0d9b21020395a5b5a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47253 – drm/amd/display: Fix potential memory leak in DMUB hw_init
https://notcve.org/view.php?id=CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resume scenarios. [How] Allocate memory for the DC wrapper to DMUB only if it was not allocated before. No need to reallocate it on suspend/resume. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige una posible pérdida de memoria en DMUB hw_init [Por qué] Al reanudar ejecutamos DMUB hw_init que asigna memoria: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc Eso resulta en pérdida de memoria en escenarios de suspensión/reanudación. [Cómo] Asigne memoria para el contenedor DC a DMUB solo si no se asignó antes. No es necesario reasignarlo al suspender/reanudar. • https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47250 – net: ipv4: fix memory leak in netlbl_cipsov4_add_std
https://notcve.org/view.php?id=CVE-2021-47250
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350 [<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 [<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47 [<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae The memory of doi_def->map.std pointing is allocated in netlbl_cipsov4_add_std, but no place has freed it. It should be freed in cipso_v4_doi_free which frees the cipso DOI resource. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la pérdida de memoria en netlbl_cipsov4_add_std. Reportado por syzkaller: BUG: pérdida de memoria objeto sin referencia 0xffff888105df7000 (tamaño 64): comm "syz-executor842", pid 360, jiffies 4294824824 ( edad 22,546 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [en línea] [<00000000e67ed558> ] kzalloc include/linux/slab.h:720 [en línea] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [en línea] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x234 0 net/netlabel/netlabel_cipso_v4.c: 416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [en línea] 00000204d7a1c>] genl_rcv_msg+0x2bf /0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 11 [ <000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [en línea] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] enviar mensaje+0x789/0xc70 net/netlink/ af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [en línea] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d19 69>] ____sys_sendmsg+0x658/0x7d0 neto/ socket.c:2350 [<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 4ee8b6a5>] do_syscall_64+0x37/0x90 arco /x86/entry/common.c:47 [<00000000171c7cee>] Entry_SYSCALL_64_after_hwframe+0x44/0xae La memoria de apuntamiento doi_def->map.std está asignada en netlbl_cipsov4_add_std, pero no se ha liberado ningún lugar. Debe liberarse en cipso_v4_doi_free, lo que libera el recurso cipso DOI. • https://git.kernel.org/stable/c/96cb8e3313c7a12e026c1ed510522ae6f6023875 https://git.kernel.org/stable/c/212166510582631994be4f4b3fe15e10a03c1dd4 https://git.kernel.org/stable/c/086e92b1d68c6338535f715aad173f8cf4bfbc8c https://git.kernel.org/stable/c/6dcea66d3bb519b426282588f38e884e07893c1f https://git.kernel.org/stable/c/5340858147e3dc60913fb3dd0cbb758ec4a26e66 https://git.kernel.org/stable/c/398a24447eb60f060c8994221cb5ae6caf355fa1 https://git.kernel.org/stable/c/deeeb65c6ee404f2d1fb80b38b2730645c0f4663 https://git.kernel.org/stable/c/0ffb460be3abac86f884a8c548bb02724 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47249 – net: rds: fix memory leak in rds_recvmsg
https://notcve.org/view.php?id=CVE-2021-47249
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:rds: corrige pérdida de memoria en rds_recvmsg. Syzbot informó pérdida de memoria en rds. • https://git.kernel.org/stable/c/bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a •