CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47276 – ftrace: Do not blindly read the ip address in ftrace_bug()
https://notcve.org/view.php?id=CVE-2021-47276
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) returned -EINVAL and not -EFAULT, as the bug caused more than one error to occur. But because -EINVAL was returned, the ftrace_bug() tried to report what was at the location of the ip address, and read it directly. This caused the machine t... • https://git.kernel.org/stable/c/05736a427f7e16be948ccbf39782bd3a6ae16b14 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47275 – bcache: avoid oversized read request in cache missing code path
https://notcve.org/view.php?id=CVE-2021-47275
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss() will be called in cache_lookup_fn() in the following code block, [code block 1] 526 unsigned int sectors = KEY_INODE(k) == s->iop.inode 527 ? min_t(uint64_t, INT_MAX, 528 KEY_START(k) - bio->bi_iter.bi_sector) 529 : ... • https://git.kernel.org/stable/c/555002a840ab88468e252b0eedf0b05e2ce7099c •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47274 – tracing: Correct the length check which causes memory corruption
https://notcve.org/view.php?id=CVE-2021-47274
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [1640542.554277] general protection fault: 0000 [#1] SMP PTI [1640542.554856] CPU: 17 PID: 26996 Comm: python Kdump: loaded Tainted:G [1640542.556629] RIP: 0010:kmem_cache_alloc+0x90/0x190 [1640542.559074] RSP: 0018:ffffb16faa597df8 EFLAGS: 00010286 [1640542.5595... • https://git.kernel.org/stable/c/2e584b1a02eeb860e286d39bc408b25ebc5ec844 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47270 – usb: fix various gadgets null ptr deref on 10gbps cabling.
https://notcve.org/view.php?id=CVE-2021-47270
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10gbps. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: repara varios gadgets null ptr deref en cableado de 10gbps. Esto evita una desreferencia de puntero null en f_{ecm,eem,hid,loopback,printer,rndis,serial,sour... • https://git.kernel.org/stable/c/eaef50c760576bca70b87fdc26eb87a3660529f8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47269 – usb: dwc3: ep0: fix NULL pointer exception
https://notcve.org/view.php?id=CVE-2021-47269
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing. By adding this validation from the patch we can actually report a wrong index back to the caller. In our usecase we are using a composite ... • https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47267 – usb: fix various gadget panics on 10gbps cabling
https://notcve.org/view.php?id=CVE-2021-47267
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps), high-speed (USB2.0 - 480Mbps), super-speed (USB3.0 - 5Gbps), super-speed-plus (USB3.1 - 10Gbps). The differences between full/high/super-speed descriptors are usually substantial (due to changes in the maximum usb bloc... • https://git.kernel.org/stable/c/fd24be23abf3e94260be0f00bb42c7e91d495f87 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47266 – RDMA/ipoib: Fix warning caused by destroying non-initial netns
https://notcve.org/view.php?id=CVE-2021-47266
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the device vanish instead of moving it back to the initial netns, This is happening because default_device_exit() skips the interfaces due to having rtnl_link_ops set. Steps to reporoduce: ip netns add foo ip link set... • https://git.kernel.org/stable/c/dc1d4c658b9c123e31054fffcbc0b23566694b1a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47265 – RDMA: Verify port when creating flow rule
https://notcve.org/view.php?id=CVE-2021-47265
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the below oops. Call trace: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs] ib_uverbs_cmd_v... • https://git.kernel.org/stable/c/436f2ad05a0b65b1467ddf51bc68171c381bf844 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47262 – KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
https://notcve.org/view.php?id=CVE-2021-47262
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complete copy is necessary to ensure that the tracepoint can't outlive the data/memory it consumes and deference stale memory. Because the tracepoint itself is defined by kvm, if kvm-intel and/or kvm-amd are built as m... • https://git.kernel.org/stable/c/380e0055bc7e4a5c687436ba3ccebb4667836b95 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47261 – IB/mlx5: Fix initializing CQ fragments buffer
https://notcve.org/view.php?id=CVE-2021-47261
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize operation. However, the offending commit started to use function get_cqe() for getting the CQEs, the issue with this change is that get_cqe() always returns CQEs from cq->buf, which leads us to initialize the wrong buffer, and in cas... • https://git.kernel.org/stable/c/388ca8be00370db132464e27f745b8a0add19fcb •