CVE-2021-47321 – watchdog: Fix possible use-after-free by calling del_timer_sync()
https://notcve.org/view.php?id=CVE-2021-47321
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perro guardián: solucione el posible use after free llamando a del_timer_sync(). La ruta de eliminación de este controlador llama a del_timer(). • https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270 https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111 https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4 https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c • CWE-416: Use After Free •
CVE-2021-47319 – virtio-blk: Fix memory leak among suspend/resume procedure
https://notcve.org/view.php?id=CVE-2021-47319
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fix memory leak among suspend/resume procedure The vblk->vqs should be freed before we call init_vqs() in virtblk_restore(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-blk: corrige la pérdida de memoria entre el procedimiento de suspensión/reanudación. El vblk->vqs debe liberarse antes de llamar a init_vqs() en virtblk_restore(). • https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815 https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358 https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0 https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae •
CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b https://git.kernel.org/stable/c/4921b1618045ffab71b1050bf0014df3313a2289 https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03 https://git.kernel.org/stable/c/a4a54c54af2516caa9c145015844543cfc84316a https://git.kernel.org/stable/c/8511293e643a18b248510ae5734e4f360754348c https://git.kernel.org/stable/c/b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe • CWE-125: Out-of-bounds Read •
CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de nodo NULL, por lo que se debe evitar eliminar la referencia a él en cifs_compose_mount_options(). Direcciones-Cobertura: 1476408 ("Nulo explícito desreferenciado") • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796 https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306 •
CVE-2021-47297 – net: fix uninit-value in caif_seqpkt_sendmsg
https://notcve.org/view.php?id=CVE-2021-47297
In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we cann't just judge msg->msg_iter.iov->base directlly. We can use nr_segs to judge msg in caif_seqpkt_sendmsg whether has data buffers. ===================================================== BUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343 ___sys_sendmsg net/socket.c:2397 [inline] __sys_sendmmsg+0x808/0xc90 net/socket.c:2480 __compat_sys_sendmmsg net/compat.c:656 [inline] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: corrige el valor uninit en caif_seqpkt_sendmsg. Cuando nr_segs es igual a cero en iovec_from_user, el objeto msg->msg_iter.iov es la memoria de pila uninit en caif_seqpkt_sendmsg que está definida en ___sys_sendmsg. Entonces no podemos simplemente juzgar msg->msg_iter.iov->base directamente. • https://git.kernel.org/stable/c/bece7b2398d073d11b2e352405a3ecd3a1e39c60 https://git.kernel.org/stable/c/d9d646acad2c3590e189bb5d5c86ab8bd8a2dfc3 https://git.kernel.org/stable/c/5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db https://git.kernel.org/stable/c/ffe31dd70b70a40cd6b21b78c1713a23e021843a https://git.kernel.org/stable/c/452c3ed7bf63721b07bc2238ed1261bb26027e85 https://git.kernel.org/stable/c/9413c0abb57f70a953b1116318d6aa478013c35d https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff https://git.kernel.org/stable/c/d4c7797ab1517515f0d08b3bc1c6b4888 •