CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47235 – net: ethernet: fix potential use-after-free in ec_bhf_remove
https://notcve.org/view.php?id=CVE-2021-47235
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ec_bhf_remove static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pc... • https://git.kernel.org/stable/c/6af55ff52b02d492d45db88df3e461fa51a6f753 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47234 – phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init()
https://notcve.org/view.php?id=CVE-2021-47234
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() Use clk_disable_unprepare() in the error path of mtk_phy_init() to fix some resource leaks. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: phy: phy-mtk-tphy: solucione algunas fugas de recursos en mtk_phy_init() Utilice clk_disable_unprepare() en la ruta de error de mtk_phy_init() para solucionar algunas fugas de recursos. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47233 – regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL
https://notcve.org/view.php?id=CVE-2021-47233
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL devm_gpiod_get_array_optional may return NULL if no GPIO was assigned. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: regulador: rt4801: corrige la desreferencia del puntero NULL si priv->enable_gpios es NULL, devm_gpiod_get_array_optional puede devolver NULL si no se asignó ningún GPIO. • https://git.kernel.org/stable/c/ba8a26a7ce8617f9f3d6230de34b2302df086b41 •
CVSS: 9.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47232 – can: j1939: fix Use-after-Free, hold skb ref while in use
https://notcve.org/view.php?id=CVE-2021-47232
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix Use-after-Free, hold skb ref while in use This patch fixes a Use-after-Free found by the syzbot. The problem is that a skb is taken from the per-session skb queue, without incrementing the ref count. This leads to a Use-after-Free if the skb is taken concurrently from the session queue due to a CTS. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: j1939: corrige Use-after-Free, mantenga presionada la r... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47231 – can: mcba_usb: fix memory leak in mcba_usb
https://notcve.org/view.php?id=CVE-2021-47231
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent. In mcba_usb_start() 20 coherent buffers are allocated and there is nothing, that frees them: 1) In callback function the urb is resubmitted and that's all 2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER is not set (see mcba_usb_start) and this flag cann... • https://git.kernel.org/stable/c/51f3baad7de943780ce0c17bd7975df567dd6e14 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47230 – KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
https://notcve.org/view.php?id=CVE-2021-47230
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If RSM fails (which isn't correctly emulated), KVM will bail without calling post_leave_smm() and leave the MMU in a bad state. The bad MMU role can lead to a NULL pointer dereference when grabbing a shadow page's rmap ... • https://git.kernel.org/stable/c/9ec19493fb86d6d5fbf9286b94ff21e56ef66376 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47229 – PCI: aardvark: Fix kernel panic during PIO transfer
https://notcve.org/view.php?id=CVE-2021-47229
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START register when previous transfer has not yet completed (which is indicated by value 1 in PIO_START) causes an External Abort on CPU, which results in kernel panic: SError Interrupt on CPU0, code 0xbf000002 -- SError Kernel panic - not syncing: Asynchronous SError Interrupt To prevent kernel panic, it is required to reject a ... • https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47228 – x86/ioremap: Map EFI-reserved memory as encrypted for SEV
https://notcve.org/view.php?id=CVE-2021-47228
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices(), efi_mem_reserve() is used to preserve it by inserting a new EFI memory descriptor and marking it with the EFI_MEMORY_RUNTIME attribute. Under SEV, memory marked with the EFI_MEMORY_RUNTIME attribute needs to be mapped encrypted by Li... • https://git.kernel.org/stable/c/58c909022a5a56cd1d9e89c8c5461fd1f6a27bb5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47227 – x86/fpu: Prevent state corruption in __fpu__restore_sig()
https://notcve.org/view.php?id=CVE-2021-47227
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entirely invalid state on which XRSTOR will #GP. validate_user_xstate_header() can detect some of that corruption, but that leaves the onus on callers to clear the buffer. Prior to XSAVES support, it was possible just... • https://git.kernel.org/stable/c/b860eb8dce5906b14e3a7f3c771e0b3d6ef61b94 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47226 – x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer
https://notcve.org/view.php?id=CVE-2021-47226
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The actual conditions under which this might occur are unclear [1], but it seems plausible that this might be triggered if one sibling thread unmaps a page and invalidates the shared TLB while another sibling thread is executing XRSTOR on the ... • https://git.kernel.org/stable/c/1d731e731c4cd7cbd3b1aa295f0932e7610da82f •