CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47563 – ice: avoid bpf_prog refcount underflow
https://notcve.org/view.php?id=CVE-2021-47563
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface via ethtool's set_channels(). There is an issue around the bpf_prog refcounting when VSI is being rebuilt - since ice_prepare_xdp_rings() is called with vsi->xdp_prog as an argument that is used later on by ice_v... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47562 – ice: fix vsi->txq_map sizing
https://notcve.org/view.php?id=CVE-2021-47562
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->txq_map's size is equal to the doubled vsi->alloc_txq, which is not correct due to the fact that XDP rings were previously based on the Rx queue count. Below splat can be seen when ethtool -L is used and XDP rings are configured: [ 682.... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47560 – mlxsw: spectrum: Protect driver from buggy firmware
https://notcve.org/view.php?id=CVE-2021-47560
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem ... • https://git.kernel.org/stable/c/28b1987ef5064dd5c43538ba1168ef7b801f3cad • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47559 – net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
https://notcve.org/view.php?id=CVE-2021-47559
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times). 7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next. 1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, &lower); CID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS)... • https://git.kernel.org/stable/c/cb9d43f6775457cac75544bc4197f26ac2b6f294 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47558 – net: stmmac: Disable Tx queues when reconfiguring the interface
https://notcve.org/view.php?id=CVE-2021-47558
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a kernel panic when doing any of the 3 following actions: * reconfiguring the number of queues (ethtool -L) * reconfiguring the size of the ring buffers (ethtool -G) * installing/removing an XDP program (ip l set dev ethX xdp) Prevent th... • https://git.kernel.org/stable/c/0366f7e06a6bee7eace3946a6b67fb88b828bc5c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47557 – net/sched: sch_ets: don't peek at classes beyond 'nbands'
https://notcve.org/view.php?id=CVE-2021-47557
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a consequence, it's possible to see a NULL dereference crash, caused by the attempt to call cl->qdisc->ops->peek(cl->qdisc) when cl->qdisc is NULL: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access ... • https://git.kernel.org/stable/c/dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47555 – net: vlan: fix underflow for the real_dev refcnt
https://notcve.org/view.php?id=CVE-2021-47555
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100 ip link del dev dummy1 When the dummy netdevice is removed, we will get a WARNING as following: ======================================================================= refcount_t: decrement hit 0; leaking ... • https://git.kernel.org/stable/c/700602b662d7eaa816b1a3cb0abe7a85de358fd4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47553 – sched/scs: Reset task stack state in bringup_cpu()
https://notcve.org/view.php?id=CVE-2021-47553
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the active stack frames, and when shadow call stacks are in use. When shadow call stacks (SCS) are in use the task's saved SCS SP is left pointing at an arbitrary point within the task's shadow call stack. When a CPU ... • https://git.kernel.org/stable/c/3c51d82d0b7862d7d246016c74b4390fb1fa1f11 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47552 – blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
https://notcve.org/view.php?id=CVE-2021-47552
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in blk_release_queue(). However, this way has caused kernel oops[1], reported by Changhui. The log shows that scsi_device can be freed before running blk_release_queue(), which is expected too since scsi_device is rel... • https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47551 – drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
https://notcve.org/view.php?id=CVE-2021-47551
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since there is no resume in this case. When reset been triggered again, driver should avoid to do uninitialization again. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/amdkfd: corrige el pánico del... • https://git.kernel.org/stable/c/74aafe99efb68f15e50be9f7032c2168512f98a8 • CWE-770: Allocation of Resources Without Limits or Throttling •