CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: nicstar: corrige el posible use after free en nicstar_cleanup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 https://git.kernel.org/stable/c/4e2a0848ea2cab0716d46f85a8ccd5fa9a493e51 https://git.kernel.org/stable/c/c471569632654e57c83512e0fc1ba0dbb4544ad6 https://git.kernel.org/stable/c/a7a7b2848312cc4c3a42b6e42a8ab2e441857aba https://git.kernel.org/stable/c/bdf5334250c69fabf555b7322c75249ea7d5f148 https://git.kernel.org/stable/c/a7f7c42e31157d1f0871d6a8e1a0b73a6b4ea785 https://git.kernel.org/stable/c/2f958b6f6ba0854b39be748d21dfe71e0fe6580f https://git.kernel.org/stable/c/5b991df8881088448cb223e769e37cab8 •
CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e https://git.kernel.org/stable/c/0687411e2a8858262de2fc4a1d576016fd77292e https://git.kernel.org/stable/c/a8e23e3c1ff9ec598ab1b3a941ace6045027781f https://git.kernel.org/stable/c/50d7e03ad487cc45fc85164a299b945a41756ac0 https://git.kernel.org/stable/c/0b10ab80695d61422337ede6ff496552d8ace99d • CWE-787: Out-of-bounds Write •
CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: Se corrigió la desreferencia del puntero NULL en la función udf_symlink. En la función udf_symlink, a epos.bh se le asigna el valor devuelto por udf_tgetblk. La función udf_tgetblk está definida en udf/misc.c y devuelve el valor de la función sb_getblk que podría ser NULL. • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c https://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9 https://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d https://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5 https://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b https://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238 https://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02 https://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01 • CWE-476: NULL Pointer Dereference •
CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted. • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 https://access.redhat.com/security/cve/CVE-2021-47352 https://bugzilla.redhat.com/show_bug.cgi?id=2282401 • CWE-20: Improper Input Validation •
CVE-2021-47348 – drm/amd/display: Avoid HDCP over-read and corruption
https://notcve.org/view.php?id=CVE-2021-47348
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: evita la sobrelectura y la corrupción de HDCP. En lugar de leer los 5 bytes deseados del campo de destino real, el código leía 8. Esto podría resultar en un archivo dañado. valor si los 3 bytes finales fueran distintos de cero, por lo tanto, utilice un búfer de rebote de tamaño adecuado e inicializado en cero, y lea solo 5 bytes antes de convertir a u64. • https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e https://git.kernel.org/stable/c/44c7c901cb368a9f2493748f213b247b5872639f https://git.kernel.org/stable/c/3b2b93a485fb7a970bc8b5daef16f4cf579d172f https://git.kernel.org/stable/c/06888d571b513cbfc0b41949948def6cb81021b2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •