CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47268 – usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port
https://notcve.org/view.php?id=CVE-2021-47268
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port A pending hrtimer may expire after the kthread_worker of tcpm port is destroyed, see below kernel dump when do module unload, fix it by cancel the 2 hrtimers. [ 111.517018] Unable to handle kernel paging request at virtual address ffff8000118cb880 [ 111.518786] blk_update_request: I/O error, dev sda, sector 60061185 op 0x0:(READ) flags 0x0 phys_seg 1 prio class... • https://git.kernel.org/stable/c/3ed8e1c2ac9914a2fcb08ec13476b85319536cea •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47267 – usb: fix various gadget panics on 10gbps cabling
https://notcve.org/view.php?id=CVE-2021-47267
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps), high-speed (USB2.0 - 480Mbps), super-speed (USB3.0 - 5Gbps), super-speed-plus (USB3.1 - 10Gbps). The differences between full/high/super-speed descriptors are usually substantial (due to changes in the maximum usb bloc... • https://git.kernel.org/stable/c/fd24be23abf3e94260be0f00bb42c7e91d495f87 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47266 – RDMA/ipoib: Fix warning caused by destroying non-initial netns
https://notcve.org/view.php?id=CVE-2021-47266
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces"), if the IPoIB device is moved to non-initial netns, destroying that netns lets the device vanish instead of moving it back to the initial netns, This is happening because default_device_exit() skips the interfaces due to having rtnl_link_ops set. Steps to reporoduce: ip netns add foo ip link set... • https://git.kernel.org/stable/c/dc1d4c658b9c123e31054fffcbc0b23566694b1a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47265 – RDMA: Verify port when creating flow rule
https://notcve.org/view.php?id=CVE-2021-47265
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the below oops. Call trace: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs] ib_uverbs_cmd_v... • https://git.kernel.org/stable/c/436f2ad05a0b65b1467ddf51bc68171c381bf844 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47264 – ASoC: core: Fix Null-point-dereference in fmt_single_name()
https://notcve.org/view.php?id=CVE-2021-47264
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix Null-point-dereference in fmt_single_name() Check the return value of devm_kstrdup() in case of Null-point-dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: core: corrige la desreferencia de punto nulo en fmt_single_name(). Verifique el valor de retorno de devm_kstrdup() en caso de dereferencia de punto nulo. In the Linux kernel, the following vulnerability has been resolved: ASoC: core: F... • https://git.kernel.org/stable/c/45dd9943fce08f1b38352ff9453682253bdf19b7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47263 – gpio: wcd934x: Fix shift-out-of-bounds error
https://notcve.org/view.php?id=CVE-2021-47263
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban check UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gpio: wcd934x: corrección de error de desplazamiento fuera de los límites. La máscara de bits para los pines 0 a 4 es BIT(0) a BI... • https://git.kernel.org/stable/c/59c324683400b41caa6d85b091e812ee3d5415c3 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47262 – KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
https://notcve.org/view.php?id=CVE-2021-47262
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A complete copy is necessary to ensure that the tracepoint can't outlive the data/memory it consumes and deference stale memory. Because the tracepoint itself is defined by kvm, if kvm-intel and/or kvm-amd are built as m... • https://git.kernel.org/stable/c/380e0055bc7e4a5c687436ba3ccebb4667836b95 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47261 – IB/mlx5: Fix initializing CQ fragments buffer
https://notcve.org/view.php?id=CVE-2021-47261
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize operation. However, the offending commit started to use function get_cqe() for getting the CQEs, the issue with this change is that get_cqe() always returns CQEs from cq->buf, which leads us to initialize the wrong buffer, and in cas... • https://git.kernel.org/stable/c/388ca8be00370db132464e27f745b8a0add19fcb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47260 – NFS: Fix a potential NULL dereference in nfs_get_client()
https://notcve.org/view.php?id=CVE-2021-47260
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so this code will lead to an Oops. It's better to return an error pointer. I expect that this is dead code so hopefully no one is affected. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFS: corrija una posible desreferencia NULL en nfs_get_client() Ninguna de las personas que llaman espera retorno... • https://git.kernel.org/stable/c/31434f496abb9f3410b10f541462fe58613dd3ad •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47259 – NFS: Fix use-after-free in nfs4_init_client()
https://notcve.org/view.php?id=CVE-2021-47259
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting somewhere between 5.7 and 5.10, but I traced the patch that introduced the clear_bit() call to 4.13. So something must have changed in the refcounting of the clp pointer to make this call to nfs_put_client() the v... • https://git.kernel.org/stable/c/8dcbec6d20eb881ba368d0aebc3a8a678aebb1da • CWE-416: Use After Free •