CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47314 – memory: fsl_ifc: fix leak of private memory on probe failure
https://notcve.org/view.php?id=CVE-2021-47314
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la pérdida de memoria privada en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe liberar la memoria asignada para la estructura privada. Solucione este problema utilizando la asignación administrada de recursos. • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 https://git.kernel.org/stable/c/8018476756066e97ecb886c3dc024aeb7d5792ad https://git.kernel.org/stable/c/3b45b8a7d549bd92ec94b5357c2c2c1a7ed107e4 https://git.kernel.org/stable/c/7626ffbea708e5aba6912295c012d2b409a1769f https://git.kernel.org/stable/c/ee1aa737ba0b75ab8af3444c4ae5bdba36aed6e6 https://git.kernel.org/stable/c/443f6ca6fd186b4fa4e6f377b6e19a91feb1a0d5 https://git.kernel.org/stable/c/b5789e23773f4a852fbfe244b63f675e265d3a7f https://git.kernel.org/stable/c/48ee69825f7480622ed447b0249123236 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47310 – net: ti: fix UAF in tlan_remove_one
https://notcve.org/view.php?id=CVE-2021-47310
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ti: corrige UAF en tlan_remove_one priv son datos privados de netdev y no se pueden usar después de la llamada free_netdev(). Usar priv después de free_netdev() puede causar un error en UAF. • https://git.kernel.org/stable/c/1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6 https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9 https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193 https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1 https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405 https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47309 – net: validate lwtstate->data before returning from skb_tunnel_info()
https://notcve.org/view.php?id=CVE-2021-47309
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as mpls_iptunnel_encap, etc and these are not compatible. So skb_tunnel_info() should validate before returning that pointer. Splat looks like: BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan] Read of size 2 at addr ffff888106ec2698 by task ping/811 CPU: 1 PID: 811 Comm: ping Not tainted 5.13.0+ #1195 Call Trace: dump_stack_lvl+0x56/0x7b print_address_description.constprop.8.cold.13+0x13/0x2ee ? vxlan_get_route+0x418/0x4b0 [vxlan] ? vxlan_get_route+0x418/0x4b0 [vxlan] kasan_report.cold.14+0x83/0xdf ? vxlan_get_route+0x418/0x4b0 [vxlan] vxlan_get_route+0x418/0x4b0 [vxlan] [ ... ] vxlan_xmit_one+0x148b/0x32b0 [vxlan] [ ... ] vxlan_xmit+0x25c5/0x4780 [vxlan] [ ... ] dev_hard_start_xmit+0x1ae/0x6e0 __dev_queue_xmit+0x1f39/0x31a0 [ ... ] neigh_xmit+0x2f9/0x940 mpls_xmit+0x911/0x1600 [mpls_iptunnel] lwtunnel_xmit+0x18f/0x450 ip_finish_output2+0x867/0x2040 [ ... ] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: validar lwtstate->data antes de regresar de skb_tunnel_info() skb_tunnel_info() devuelve un puntero de lwtstate->data como tipo ip_tunnel_info sin validación. lwtstate->data puede tener varios tipos como mpls_iptunnel_encap, etc. y estos no son compatibles. Entonces skb_tunnel_info() debería validarse antes de devolver ese puntero. • https://git.kernel.org/stable/c/61adedf3e3f1d3f032c5a6a299978d91eff6d555 https://git.kernel.org/stable/c/e7f3c9df40515a6c6b46f36c4c94cf48a043f887 https://git.kernel.org/stable/c/b61d327cd3cc5ea591f3bf751dd11e034f388bb5 https://git.kernel.org/stable/c/83bdcfbd968bcc91a0632b7b625e4a9b0cba5e0d https://git.kernel.org/stable/c/8bb1589c89e61e3b182dd546f1021928ebb5c2a6 https://git.kernel.org/stable/c/8aa13a86964cdec4fd969ef677c6614ff068641a https://git.kernel.org/stable/c/2179d96ec702cc33ead02a9ce40ece599b8538c5 https://git.kernel.org/stable/c/a915379594f1e045421635c6316d8f3ff •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b https://git.kernel.org/stable/c/4921b1618045ffab71b1050bf0014df3313a2289 https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03 https://git.kernel.org/stable/c/a4a54c54af2516caa9c145015844543cfc84316a https://git.kernel.org/stable/c/8511293e643a18b248510ae5734e4f360754348c https://git.kernel.org/stable/c/b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de nodo NULL, por lo que se debe evitar eliminar la referencia a él en cifs_compose_mount_options(). Direcciones-Cobertura: 1476408 ("Nulo explícito desreferenciado") • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796 https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306 •