CVE-2021-47517 – ethtool: do not perform operations on net devices being unregistered
https://notcve.org/view.php?id=CVE-2021-47517
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: do not perform operations on net devices being unregistered There is a short period between a net device starts to be unregistered and when it is actually gone. In that time frame ethtool operations could still be performed, which might end up in unwanted or undefined behaviours[1]. Do not allow ethtool operations after a net device starts its unregistration. This patch targets the netlink part as the ioctl one isn't affected: t... • https://git.kernel.org/stable/c/041b1c5d4a53e97fc9e029ae32469552ca12cb9b •
CVE-2021-47516 – nfp: Fix memory leak in nfp_cpp_area_cache_add()
https://notcve.org/view.php?id=CVE-2021-47516
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfp_cpp_area_cache_add() In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a CPP area structure. But in line 807 (#2), when the cache is allocated failed, this CPP area structure is not freed, which will result in memory leak. We can fix it by freeing the CPP area when the cache is allocated failed (#2). 792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size) 793 { 794 struct nfp_cpp_area... • https://git.kernel.org/stable/c/4cb584e0ee7df70fd0376aee60cf701855ea8c81 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-47515 – seg6: fix the iif in the IPv6 socket control block
https://notcve.org/view.php?id=CVE-2021-47515
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510): IPCB(skb)->iif = skb->skb_iif; If that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH header, the seg6_do_srh_encap(...) performs the required encapsulation. In this case, the seg6_do_srh_encap function c... • https://git.kernel.org/stable/c/c630ec8bdadae9d557b1ceb9d6c06e149108a0d4 • CWE-476: NULL Pointer Dereference •
CVE-2021-47514 – devlink: fix netns refcount leak in devlink_nl_cmd_reload()
https://notcve.org/view.php?id=CVE-2021-47514
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: devlink: fix netns refcount leak in devlink_nl_cmd_reload() While preparing my patch series adding netns refcount tracking, I spotted bugs in devlink_nl_cmd_reload() Some error paths forgot to release a refcount on a netns. To fix this, we can reduce the scope of get_net()/put_net() section around the call to devlink_reload(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: devlink: corrige la fuga de refcount de netns e... • https://git.kernel.org/stable/c/ccdf07219da6bd1f43c6ddcde4c0e36993c7365a •
CVE-2021-47513 – net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
https://notcve.org/view.php?id=CVE-2021-47513
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 ("Resource leak") Addresses-Coverity-ID: 1492899 ("Resource leak") En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:dsa:felix: Reparar pérdida de memoria en felix_setup_mmio_filtering Evitar una pérdida de memoria si no hay un puerto de CPU definido. Direcciones-Coverit... • https://git.kernel.org/stable/c/8d5f7954b7c8de54902a8beda141064a7e2e6ee0 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-47512 – net/sched: fq_pie: prevent dismantle issue
https://notcve.org/view.php?id=CVE-2021-47512
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: prevent dismantle issue For some reason, fq_pie_destroy() did not copy working code from pie_destroy() and other qdiscs, thus causing elusive bug. Before calling del_timer_sync(&q->adapt_timer), we need to ensure timer will not rearm itself. rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579 (t=10501 jiffies g=13085 ... • https://git.kernel.org/stable/c/ec97ecf1ebe485a17cd8395a5f35e6b80b57665a •
CVE-2021-47511 – ALSA: pcm: oss: Fix negative period/buffer sizes
https://notcve.org/view.php?id=CVE-2021-47511
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers. This patch changes the code to handle with ssize_t and adds the proper error checks appropriately. En el kernel de Linux, se ha resuelto la siguiente vulnerabilida... • https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2 •
CVE-2021-47510 – btrfs: fix re-dirty process of tree-log nodes
https://notcve.org/view.php?id=CVE-2021-47510
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. #!/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/\${d} done mount /dev/sda /mnt/test mount /dev/sdb /mnt/scratch for dir in test scratch; do echo 3 >/proc/sys/vm/drop_caches fio --directory=/mnt/\${dir} --name=fio.\${dir} --rw=read --size=50G --bs=64... • https://git.kernel.org/stable/c/d3575156f6623eecf086a20bcf99a63f1598109c •
CVE-2021-47509 – ALSA: pcm: oss: Limit the period size to 16MB
https://notcve.org/view.php?id=CVE-2021-47509
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size (the fragment shift in OSS) instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of the period size, too. As of this patch, we set to 16MB limit, which should cover all use cases. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: oss: Limitar el tamaño del período ... • https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc •
CVE-2021-47508 – btrfs: free exchange changeset on failures
https://notcve.org/view.php?id=CVE-2021-47508
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64): comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s) hex dump (first 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................ 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ backtrace: [<00000000... • https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519 •