CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47246 – net/mlx5e: Fix page reclaim for dead peer hairpin
https://notcve.org/view.php?id=CVE-2021-47246
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device is removed/unbound before the hairpin flow is deleted, then the send queue is not destroyed which leads to a stack trace on pci device remove: [ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): MANAG... • https://git.kernel.org/stable/c/4d8fcf216c90bc25e34ae2200aa8985ee3158898 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47245 – netfilter: synproxy: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47245
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of boun... • https://git.kernel.org/stable/c/48b1de4c110a7afa4b85862f6c75af817db26fad •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47244 – mptcp: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47244
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP op... • https://git.kernel.org/stable/c/cec37a6e41aae7bf3df9a3da783380a4d9325fd8 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47243 – sch_cake: Fix out of bounds when parsing TCP options and header
https://notcve.org/view.php?id=CVE-2021-47243
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix... • https://git.kernel.org/stable/c/8b7138814f29933898ecd31dfc83e35a30ee69f5 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47241 – ethtool: strset: fix message length calculation
https://notcve.org/view.php?id=CVE-2021-47241
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message payload length (684) not sufficient WARNING: CPU: 0 PID: 30967 at net/ethtool/netlink.c:369 ethnl_default_doit+0x87a/0xa20 and a splat. As usually with such warnings three conditions must be met for the warning to trigger: - there must be no sk... • https://git.kernel.org/stable/c/71921690f9745fef60a2bad425f30adf8cdc9da0 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47240 – net: qrtr: fix OOB Read in qrtr_endpoint_post
https://notcve.org/view.php?id=CVE-2021-47240
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. The problem was in wrong _size_ type: if (len != ALIGN(size, 4) + hdrlen) goto err; If size from qrtr_hdr is 4294967293 (0xfffffffd), the result of ALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293 in header this check won't fail and skb_put_data(skb, data + hdrlen, size); will read out of bound from data, whi... • https://git.kernel.org/stable/c/194ccc88297ae78d0803adad83c6dcc369787c9e •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47239 – net: usb: fix possible use-after-free in smsc75xx_bind
https://notcve.org/view.php?id=CVE-2021-47239
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xx_bind The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind") fails to clean up the work scheduled in smsc75xx_reset-> smsc75xx_set_multicast, which leads to use-after-free if the work is scheduled to start after the deallocation. In addition, this patch also removes a dangling pointer - dev->data[0]. This patch calls cancel_work_sync to cancel the scheduled work and set the da... • https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47238 – net: ipv4: fix memory leak in ip_mc_add1_src
https://notcve.org/view.php?id=CVE-2021-47238
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc includ... • https://git.kernel.org/stable/c/24803f38a5c0b6c57ed800b47e695f9ce474bc3a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47237 – net: hamradio: fix memory leak in mkiss_close
https://notcve.org/view.php?id=CVE-2021-47237
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkiss_close My local syzbot instance hit memory leak in mkiss_open()[1]. The problem was in missing free_netdev() in mkiss_close(). In mkiss_open() netdevice is allocated and then registered, but in mkiss_close() netdevice was only unregistered, but not freed. Fail log: BUG: memory leak unreferenced object 0xffff8880281ba000 (size 4096): comm "syz-executor.1", pid 11443, jiffies 4295046091 (age 17.660s) hex... • https://git.kernel.org/stable/c/815f62bf742718458ba822a7e1f51f285eb997f2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47236 – net: cdc_eem: fix tx fixup skb leak
https://notcve.org/view.php?id=CVE-2021-47236
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it return NULL, usbnet_start_xmit() will have no chance to free original skb. fix it by free orginal skb in eem_tx_fixup() first, then check skb clone status, if failed, return NULL to usbnet. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: cdc_eem: corrige la fuga de skb de reparación de tx cu... • https://git.kernel.org/stable/c/9f722c0978b04acba209f8ca1896ad05814bc3a3 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •