CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46988 – userfaultfd: release page in error path to avoid BUG_ON
https://notcve.org/view.php?id=CVE-2021-46988
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmem_mfill_atomic_pte(). We successfully account the blocks, we shmem_alloc_page(), but then the copy_from_user() fails. We return -ENOENT. We don't release the page we allocated. 2. • https://git.kernel.org/stable/c/cb658a453b9327ce96ce5222c24d162b5b65b564 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46985 – ACPI: scan: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2021-46985
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: scan: Corregir pérdida de memoria en una ruta de manejo de errores Si falla 'acpi_device_set_name()' debemos liberar 'acpi_device_bus_id->bus_id' o hay una (potencial) memoria filtración. In the Li... • https://git.kernel.org/stable/c/e5cdbe419004e172f642e876a671a9ff1c52f8bb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46981 – nbd: Fix NULL pointer in flush_workqueue
https://notcve.org/view.php?id=CVE-2021-46981
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still null. Disconnect /dev/nbdX, then reference a null recv_workq. The protection by config_refs in nbd_genl_disconnect is useless. [ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 656.368943] #PF: supervisor write access in kernel mode [ 656.369844] #PF: error_code(0x0002) - not-present... • https://git.kernel.org/stable/c/e9e006f5fcf2bab59149cb38a48a4817c1b538b4 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36784 – i2c: cadence: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36784
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la sig... • https://git.kernel.org/stable/c/7fa32329ca03148fb2c07b4ef3247b8fc0488d6a •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36780 – i2c: sprd: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36780
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la sigui... • https://git.kernel.org/stable/c/8b9ec0719834fe66146d138d62ed66cef025c864 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46974 – bpf: Fix masking negation logic upon negative dst register
https://notcve.org/view.php?id=CVE-2021-46974
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inve... • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-46966 – ACPI: custom_method: fix potential use-after-free issue
https://notcve.org/view.php?id=CVE-2021-46966
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function. En el kernel de Linux... • https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46960 – cifs: Return correct error code from smb2_get_enc_key
https://notcve.org/view.php?id=CVE-2021-46960
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947] ------------[ cut here ]------------ [440700.386948] err = 1 [440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm... • https://git.kernel.org/stable/c/61cfac6f267dabcf2740a7ec8a0295833b28b5f5 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46955 – openvswitch: fix stack OOB read while fragmenting IPv4 packets
https://notcve.org/view.php?id=CVE-2021-46955
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60 Read of size 1 at addr ffff888112fc713c by task handler2/1367 CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+40... • https://git.kernel.org/stable/c/119bbaa6795a4f4aed46994cc7d9ab01989c87e3 •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46953 – ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
https://notcve.org/view.php?id=CVE-2021-46953
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks whether the mapping of the interrupt actially succeeded. Even more, should the firmware report an illegal interrupt number that overlaps with the GIC SGI range, this can result in an IPI being unmapped, and subsequent... • https://git.kernel.org/stable/c/ca9ae5ec4ef0ed13833b03297ab319676965492c •