CVE-2021-47473 – scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
https://notcve.org/view.php?id=CVE-2021-47473
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change: bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN bsg_job->request->msgcode != FC_BSG_RPT_ELS but changed it to: bsg_job->request->msgcode == FC_BSG_RPT_ELS instead. Change the == to a != to avoid leaking the fcport structure or freeing unallocated memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: corrige una pérdida de memoria en una ruta de error de qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: corrige una pérdida de memoria en una ruta de error de qla2x00_process_els()" ), destinado a cambiar: bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN bsg_job->request->msgcode != FC_BSG_RPT_ELS pero lo cambió a: bsg_job->request->msgcode == FC_BSG_RPT_ELS en su lugar. • https://git.kernel.org/stable/c/8c0eb596baa51f2b43949c698c644727ef17805c https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad •
CVE-2021-47469 – spi: Fix deadlock when adding SPI controllers on SPI buses
https://notcve.org/view.php?id=CVE-2021-47469
In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of doing so for the parent controller and hence already holding the global spi_add_lock. Since we only care about concurrency within a single SPI bus move the lock to be per controller, avoiding the deadlock. This can be easily triggered in the case of spi-mux. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: soluciona el punto muerto al agregar controladores SPI en buses SPI. Actualmente tenemos un spi_add_lock global que utilizamos cuando agregamos nuevos dispositivos para que podamos verificar que no estamos intentando reutilizar un selección de chip que ya está controlado. • https://git.kernel.org/stable/c/722ef19a161ce3fffb3d1b01ce2301c306639bdd https://git.kernel.org/stable/c/6098475d4cb48d821bdf453c61118c56e26294f0 •
CVE-2021-47468 – isdn: mISDN: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2021-47468
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turned off. [ 44.169899 ] irq event stamp: 0 [ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 44.170627 ] hardirqs last disabled at (0): [<ffffffff814209ed>] copy_process+0x132d/0x3e00 [ 44.171240 ] softirqs last enabled at (0): [<ffffffff81420a1a>] copy_process+0x135a/0x3e00 [ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 44.172318 ] Preemption disabled at: [ 44.172320 ] [<ffffffffa009b0a9>] nj_release+0x69/0x500 [netjet] [ 44.174441 ] Call Trace: [ 44.174630 ] dump_stack_lvl+0xa8/0xd1 [ 44.174912 ] dump_stack+0x15/0x17 [ 44.175166 ] ___might_sleep+0x3a2/0x510 [ 44.175459 ] ? nj_release+0x69/0x500 [netjet] [ 44.175791 ] __might_sleep+0x82/0xe0 [ 44.176063 ] ? start_flush_work+0x20/0x7b0 [ 44.176375 ] start_flush_work+0x33/0x7b0 [ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170 [ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0 [ 44.177372 ] ? • https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b https://git.kernel.org/stable/c/ef269a8808cb1759245a98a7fe16fceaebad894c https://git.kernel.org/stable/c/37e4f57b22cc5ebb3f80cf0f74fdeb487f082367 https://git.kernel.org/stable/c/a5b34409d3fc52114c828be4adbc30744fa3258b https://git.kernel.org/stable/c/4054b869dc263228d30a4755800b78f0f2ba0c89 https://git.kernel.org/stable/c/9f591cbdbed3d7822b2bdba89b34a6d7b434317d https://git.kernel.org/stable/c/f5966ba53013149bcf94e1536644a958dd00a026 https://git.kernel.org/stable/c/6510e80a0b81b5d814e3aea6297ba42f5 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVE-2021-47467 – kunit: fix reference count leak in kfree_at_end
https://notcve.org/view.php?id=CVE-2021-47467
In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the returned resource object, whose refcount increased inside, causing a refcount leak. Fix this issue by calling kunit_alloc_resource() instead of kunit_alloc_and_get_resource(). Fixed the following when applying: Shuah Khan <skhan@linuxfoundation.org> CHECK: Alignment should match open parenthesis + kunit_alloc_resource(test, NULL, kfree_res_free, GFP_KERNEL, (void *)to_free); En el kernel de Linux, se resolvió la siguiente vulnerabilidad: kunit: corrige la fuga del recuento de referencias en kfree_at_end El problema del recuento de referencias ocurre en la ruta normal de kfree_at_end(). Cuando se invoca kunit_alloc_and_get_resource(), la función se olvida de manejar el objeto de recurso devuelto, cuyo recuento aumentó en el interior, lo que provoca una fuga de recuento. Solucione este problema llamando a kunit_alloc_resource() en lugar de kunit_alloc_and_get_resource(). Se corrigió lo siguiente al aplicar: Shuah Khan VERIFICAR: La alineación debe coincidir con el paréntesis abierto + kunit_alloc_resource(test, NULL, kfree_res_free, GFP_KERNEL, (void *)to_free); • https://git.kernel.org/stable/c/bbdd158b40b66a9403391a517f24ef6613573446 https://git.kernel.org/stable/c/f62314b1ced25c58b86e044fc951cd6a1ea234cf •
CVE-2021-47466 – mm, slub: fix potential memoryleak in kmem_cache_open()
https://notcve.org/view.php?id=CVE-2021-47466
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm, slub: corrige una posible pérdida de memoria en kmem_cache_open() En la ruta del error, es posible que se haya filtrado el random_seq del caché slub. Solucione este problema usando __kmem_cache_release() para liberar todos los recursos relevantes. • https://git.kernel.org/stable/c/210e7a43fa905bccafa9bb5966fba1d71f33eb8b https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930 https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461 https://access.redhat.com/security/cve/CVE-2021-47466 https://bugzilla.redhat.com/show_bug.cgi?id=2282890 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •