CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47496 – net/tls: Fix flipped sign in tls_err_abort() calls
https://notcve.org/view.php?id=CVE-2021-47496
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47495 – usbnet: sanity check for maxpacket
https://notcve.org/view.php?id=CVE-2021-47495
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: verificación de cordura para maxpacket maxpacket de 0 no tiene sentido y falla ya que necesitamos dividirlo por él. Abandonar. V2: error tipográfico corregido en el registro y problemas de estilo In the Linux kern... • https://git.kernel.org/stable/c/b9eba0a4a527e04d712f0e0401e5391ef124b33e • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47493 – ocfs2: fix race between searching chunks and release journal_head from buffer_head
https://notcve.org/view.php?id=CVE-2021-47493
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head() resulting in the below vmcore. PID: 106879 TASK: ffff880244ba9c00 CPU: 2 COMMAND: "loop3" Call trace: panic oops_end no_context __bad_area_nosemaphore bad_area_nosemaphore __do_page_fault do_page_fault page_fault [exception RIP: ocfs2_block_group_find_clear_bits+316... • https://git.kernel.org/stable/c/5043fbd294f5909a080ade0f04b70a4da9e122b7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47492 – mm, thp: bail out early in collapse_file for writeback page
https://notcve.org/view.php?id=CVE-2021-47492
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm, thp: bail out early in collapse_file for writeback page Currently collapse_file does not explicitly check PG_writeback, instead, page_has_private and try_to_release_page are used to filter writeback pages. This does not work for xfs with blocksize equal to or larger than pagesize, because in such case xfs has no page->private. This makes collapse_file bail out early for writeback page. Otherwise, xfs end_page_writeback will panic as fol... • https://git.kernel.org/stable/c/99cb0dbd47a15d395bf3faa78dc122bc5efe3fc0 • CWE-372: Incomplete Internal State Distinction •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47491 – mm: khugepaged: skip huge page collapse for special files
https://notcve.org/view.php?id=CVE-2021-47491
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB misses for large text segments. But it doesn't restrict the file types so a THP could be collapsed for a non-regular file, for example, block device, if it is opened readonly and mapped with EXEC permission. This may cause bugs, like [1] and [2].... • https://git.kernel.org/stable/c/99cb0dbd47a15d395bf3faa78dc122bc5efe3fc0 • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47490 – drm/ttm: fix memleak in ttm_transfered_destroy
https://notcve.org/view.php?id=CVE-2021-47490
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttm_transfered_destroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=214029 Bug: https://bugzilla.kernel.org/show_bug.cgi?id=214447 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/ttm: corrige memleak en ttm_transfered_destroy También necesitamos limpiar las barreras para detectar objetos fantasma. Error: https://bugzilla.kernel.org/sh... • https://git.kernel.org/stable/c/bd99782f3ca491879e8524c89b1c0f40071903bd •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47485 – IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
https://notcve.org/view.php?id=CVE-2021-47485
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on user controlled buffers. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/qib: Protege contra el desbordamiento del búfer en los campos de struct qib_user_sdma_pkt. El desbordamiento de add... • https://git.kernel.org/stable/c/f931551bafe1f10ded7f5282e2aa162c267a2e5d •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47483 – regmap: Fix possible double-free in regcache_rbtree_exit()
https://notcve.org/view.php?id=CVE-2021-47483
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows: BUG: KASAN: double-free or invalid-free in ... • https://git.kernel.org/stable/c/3f4ff561bc88b074d5e868dde4012d89cbb06c87 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47482 – net: batman-adv: fix error handling
https://notcve.org/view.php?id=CVE-2021-47482
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleani... • https://git.kernel.org/stable/c/c6c8fea29769d998d94fcec9b9f14d4b52b349d3 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47480 – scsi: core: Put LLD module refcnt after SCSI device is released
https://notcve.org/view.php?id=CVE-2021-47480
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is released because shost->hostt is required in the release handler. Make sure to put LLD module refcnt after SCSI device is released. Fixes a kernel panic of 'BUG: unable to handle page fault for address' reported by... • https://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813 •