CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47049 – Drivers: hv: vmbus: Use after free in __vmbus_open()
https://notcve.org/view.php?id=CVE-2021-47049
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: Usar después de liberar en __vmbus_open() La variable "open_in... • https://git.kernel.org/stable/c/6f3d791f300618caf82a2be0c27456edd76d5164 •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47024 – vsock/virtio: free queued packets when closing socket
https://notcve.org/view.php?id=CVE-2021-47024
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before re... • https://git.kernel.org/stable/c/ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47015 – bnxt_en: Fix RX consumer index logic in the error path.
https://notcve.org/view.php?id=CVE-2021-47015
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order. If the RX consumer index indicates an out of order buffer completion, it means we are hitting a hardware bug and the driver will abort all remaining RX packets and reset the RX ring. The RX consumer index that we pass to bnxt_discard_rx() is not correct. We should be passing the current index (tmp_raw_cons) instead of ... • https://git.kernel.org/stable/c/a1b0e4e684e9c300b9e759b46cb7a0147e61ddff •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47013 – net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
https://notcve.org/view.php?id=CVE-2021-47013
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len t... • https://git.kernel.org/stable/c/b9b17debc69d27cd55e21ee51a5ba7fc50a426cf • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47006 – ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
https://notcve.org/view.php?id=CVE-2021-47006
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()") set a default event->overflow_handler in perf_event_alloc(), and replace the check event->overflow_handler with is_default_overflow_handler(), but one is missing. Currently, the bp->overflow_handler can not be NULL. As a result, enable_single_step() is always not invoked. Comment... • https://git.kernel.org/stable/c/1879445dfa7bbd6fe21b09c5cc72f4934798afed •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46992 – netfilter: nftables: avoid overflows in nft_hash_buckets()
https://notcve.org/view.php?id=CVE-2021-46992
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Goo... • https://git.kernel.org/stable/c/0ed6389c483dc77cdbdd48de0ca7ce41723dd667 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46990 – powerpc/64s: Fix crashes when toggling entry flush barrier
https://notcve.org/view.php?id=CVE-2021-46990
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip... • https://git.kernel.org/stable/c/4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46988 – userfaultfd: release page in error path to avoid BUG_ON
https://notcve.org/view.php?id=CVE-2021-46988
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmem_mfill_atomic_pte(). We successfully account the blocks, we shmem_alloc_page(), but then the copy_from_user() fails. We return -ENOENT. We don't release the page we allocated. 2. • https://git.kernel.org/stable/c/cb658a453b9327ce96ce5222c24d162b5b65b564 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46985 – ACPI: scan: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2021-46985
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: scan: Corregir pérdida de memoria en una ruta de manejo de errores Si falla 'acpi_device_set_name()' debemos liberar 'acpi_device_bus_id->bus_id' o hay una (potencial) memoria filtración. In the Li... • https://git.kernel.org/stable/c/e5cdbe419004e172f642e876a671a9ff1c52f8bb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46981 – nbd: Fix NULL pointer in flush_workqueue
https://notcve.org/view.php?id=CVE-2021-46981
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still null. Disconnect /dev/nbdX, then reference a null recv_workq. The protection by config_refs in nbd_genl_disconnect is useless. [ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 656.368943] #PF: supervisor write access in kernel mode [ 656.369844] #PF: error_code(0x0002) - not-present... • https://git.kernel.org/stable/c/e9e006f5fcf2bab59149cb38a48a4817c1b538b4 •