CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47013 – net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
https://notcve.org/view.php?id=CVE-2021-47013
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len t... • https://git.kernel.org/stable/c/b9b17debc69d27cd55e21ee51a5ba7fc50a426cf • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47006 – ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
https://notcve.org/view.php?id=CVE-2021-47006
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()") set a default event->overflow_handler in perf_event_alloc(), and replace the check event->overflow_handler with is_default_overflow_handler(), but one is missing. Currently, the bp->overflow_handler can not be NULL. As a result, enable_single_step() is always not invoked. Comment... • https://git.kernel.org/stable/c/1879445dfa7bbd6fe21b09c5cc72f4934798afed •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46992 – netfilter: nftables: avoid overflows in nft_hash_buckets()
https://notcve.org/view.php?id=CVE-2021-46992
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Goo... • https://git.kernel.org/stable/c/0ed6389c483dc77cdbdd48de0ca7ce41723dd667 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46990 – powerpc/64s: Fix crashes when toggling entry flush barrier
https://notcve.org/view.php?id=CVE-2021-46990
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip... • https://git.kernel.org/stable/c/4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46988 – userfaultfd: release page in error path to avoid BUG_ON
https://notcve.org/view.php?id=CVE-2021-46988
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmem_mfill_atomic_pte(). We successfully account the blocks, we shmem_alloc_page(), but then the copy_from_user() fails. We return -ENOENT. We don't release the page we allocated. 2. • https://git.kernel.org/stable/c/cb658a453b9327ce96ce5222c24d162b5b65b564 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46985 – ACPI: scan: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2021-46985
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: scan: Corregir pérdida de memoria en una ruta de manejo de errores Si falla 'acpi_device_set_name()' debemos liberar 'acpi_device_bus_id->bus_id' o hay una (potencial) memoria filtración. In the Li... • https://git.kernel.org/stable/c/e5cdbe419004e172f642e876a671a9ff1c52f8bb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46981 – nbd: Fix NULL pointer in flush_workqueue
https://notcve.org/view.php?id=CVE-2021-46981
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still null. Disconnect /dev/nbdX, then reference a null recv_workq. The protection by config_refs in nbd_genl_disconnect is useless. [ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 656.368943] #PF: supervisor write access in kernel mode [ 656.369844] #PF: error_code(0x0002) - not-present... • https://git.kernel.org/stable/c/e9e006f5fcf2bab59149cb38a48a4817c1b538b4 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36784 – i2c: cadence: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36784
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la sig... • https://git.kernel.org/stable/c/7fa32329ca03148fb2c07b4ef3247b8fc0488d6a •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36780 – i2c: sprd: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36780
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la sigui... • https://git.kernel.org/stable/c/8b9ec0719834fe66146d138d62ed66cef025c864 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46974 – bpf: Fix masking negation logic upon negative dst register
https://notcve.org/view.php?id=CVE-2021-46974
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inve... • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b •