CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47163 – tipc: wait and exit until all work queues are done
https://notcve.org/view.php?id=CVE-2021-47163
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: [] ? process_one_work+0x1a7/0x360 [] ? worker_thread+0x30/0x390 [] ? create_worker+0x1a0/0x1... • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47162 – tipc: skb_linearize the head skb when reassembling msgs
https://notcve.org/view.php?id=CVE-2021-47162
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get'ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as... • https://git.kernel.org/stable/c/45c8b7b175ceb2d542e0fe15247377bf3bce29ec •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47161 – spi: spi-fsl-dspi: Fix a resource leak in an error handling path
https://notcve.org/view.php?id=CVE-2021-47161
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the error handling path of the probe function, as already done in the remove function En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: spi-fsl-dspi: reparar una fuga de recursos en una ruta de manejo de errores 'dspi_request_dma()' debe deshacerse mediante una llamada 'dspi_release_dma(... • https://git.kernel.org/stable/c/90ba37033cb94207e97c4ced9be575770438213b • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47160 – net: dsa: mt7530: fix VLAN traffic leaks
https://notcve.org/view.php?id=CVE-2021-47160
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will... • https://git.kernel.org/stable/c/83163f7dca5684816d01c8ccf4857aa74801e7b7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47159 – net: dsa: fix a crash if ->get_sset_count() fails
https://notcve.org/view.php?id=CVE-2021-47159
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad... • https://git.kernel.org/stable/c/badf3ada60ab8f76f9488dc8f5c0c57f70682f5a •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47153 – i2c: i801: Don't generate an interrupt on bus reset
https://notcve.org/view.php?id=CVE-2021-47153
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of... • https://git.kernel.org/stable/c/636752bcb5177a301d0266270661581de8624828 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47150 – net: fec: fix the potential memory leak in fec_enet_init()
https://notcve.org/view.php?id=CVE-2021-47150
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: soluciona la posible pérdida de memoria en fec_enet_init() Si la memoria asignada para cbd_... • https://git.kernel.org/stable/c/59d0f746564495c7f54526674deabfcf101236a1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47149 – net: fujitsu: fix potential null-ptr-deref
https://notcve.org/view.php?id=CVE-2021-47149
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fujitsu: corrige el potencial null-ptr-deref En fmvj18x_get_hwinfo(), si ioremap falla, habrá un puntero NULL deref. Para solucionar este problema, verifique ... • https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47146 – mld: fix panic in mld_newpack()
https://notcve.org/view.php?id=CVE-2021-47146
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip ne... • https://git.kernel.org/stable/c/72e09ad107e78d69ff4d3b97a69f0aad2b77280f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47145 – btrfs: do not BUG_ON in link_to_fixup_dir
https://notcve.org/view.php?id=CVE-2021-47145
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffff... • https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf •