CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47428 – powerpc/64s: fix program check interrupt emergency stack path
https://notcve.org/view.php?id=CVE-2021-47428
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping over it. By a small miracle this is the correct place to build up a new interrupt frame with the existing stack pointer, so things basically worked okay with an added weird looking 700 trap frame on top (which had the wrong ->nip so it didn't decode bug messages either). Fix this by avoiding using numeric labels when jumping over non-trivial macros. Before: LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637 NIP: 7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0 REGS: c0000000fffb3a50 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 00000700 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 NIP [7265677368657265] 0x7265677368657265 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 Call Trace: [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable) --- interrupt: 700 at decrementer_common_virt+0xb8/0x230 NIP: c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 22424282 XER: 20040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000 GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230 LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 --- interrupt: 700 Instruction dump: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX ---[ end trace 6d28218e0cc3c949 ]--- After: ------------[ cut here ]------------ kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638 NIP: c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0 REGS: c0000000fffb3d60 TRAP: 0700 Not tainted MSR: 9000000000021031 <SF,HV,ME,IR,DR,LE> CR: 24482227 XER: 00040000 CFAR: c0000000000098b0 IRQMASK: 0 GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868 GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009 GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00 GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90 GPR20: 00000000100eed90 00000 ---truncated--- En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/64s: programa de reparación, verificación, interrupción, ruta de pila de emergencia. La ruta de pila de emergencia saltaba a una etiqueta 3: dentro de la macro __GEN_COMMON_BODY para la ruta normal después de haber terminado, en lugar de saltar por encima. él. Por un pequeño milagro, este es el lugar correcto para construir un nuevo marco de interrupción con el puntero de pila existente, por lo que las cosas básicamente funcionaron bien con un marco de trampa 700 de aspecto extraño agregado en la parte superior (que tenía el ->nip incorrecto, por lo que no decodificar mensajes de error tampoco). • https://git.kernel.org/stable/c/0a882e28468f48ab3d9a36dde0a5723ea29ed1ed https://git.kernel.org/stable/c/411b38fe68ba20a8bbe724b0939762c3f16e16ca https://git.kernel.org/stable/c/c835b3d1d6362b4a4ebb192da7e7fd27a0a45d01 https://git.kernel.org/stable/c/3e607dc4df180b72a38e75030cb0f94d12808712 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47426 – bpf, s390: Fix potential memory leak about jit_data
https://notcve.org/view.php?id=CVE-2021-47426
In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf, s390: solucione una posible pérdida de memoria sobre jit_data. Asegúrese de liberar jit_data mediante kfree() en la ruta de error. • https://git.kernel.org/stable/c/1c8f9b91c456f5b47a377a0c8c5d4130fc39433a https://git.kernel.org/stable/c/a326f9c01cfbee4450ae49ce618ae6cbc0f76842 https://git.kernel.org/stable/c/29fdb11ca88d3c490a3d56f0dc77eb9444d086be https://git.kernel.org/stable/c/d590a410e472417a22336c7c37685bfb38e801f2 https://git.kernel.org/stable/c/686cb8b9f6b46787f035afe8fbd132a74e6b1bdd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47425 – i2c: acpi: fix resource leak in reconfiguration device addition
https://notcve.org/view.php?id=CVE-2021-47425
In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a reference count leak and render the adapter unremovable. Make sure to put the adapter after creating the client in the same manner that we do for OF. [wsa: fixed title] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: acpi: corrige la fuga de recursos en la reconfiguración del dispositivo añdido acpi_i2c_find_adapter_by_handle() llama a bus_find_device() que toma una referencia en el adaptador que nunca se libera, lo que resultará en una fuga de recuento de referencias y haga que el adaptador no sea extraíble. Asegúrese de colocar el adaptador después de crear el cliente de la misma manera que lo hacemos para OF. [wsa: título fijo] • https://git.kernel.org/stable/c/525e6fabeae286848592363bda13bc34b59bb5ac https://git.kernel.org/stable/c/b8090a84d7758b929d348bafbd86bb7a10c5fb63 https://git.kernel.org/stable/c/3d9d458a8aaafa47268ea4f1b4114a9f12927989 https://git.kernel.org/stable/c/60bacf259e8c2eb2324f3e13275200baaee9494b https://git.kernel.org/stable/c/f86de018fd7a24ee07372d55ffa7824f0c674a95 https://git.kernel.org/stable/c/90f1077c9184ec2ae9989e4642f211263f301694 https://git.kernel.org/stable/c/6558b646ce1c2a872fe1c2c7cb116f05a2c1950f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47424 – i40e: Fix freeing of uninitialized misc IRQ vector
https://notcve.org/view.php?id=CVE-2021-47424
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a kernel Oops: Trying to free already-free IRQ 266 WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 __free_irq+0x9a/0x300 Workqueue: events work_for_cpu_fn RIP: 0010:__free_irq+0x9a/0x300 Call Trace: ? synchronize_irq+0x3a/0xa0 free_irq+0x2e/0x60 i40e_clear_interrupt_scheme+0x53/0x190 [i40e] i40e_probe.part.108+0x134b/0x1a40 [i40e] ? kmem_cache_alloc+0x158/0x1c0 ? acpi_ut_update_ref_count.part.1+0x8e/0x345 ? acpi_ut_update_object_reference+0x15e/0x1e2 ? • https://git.kernel.org/stable/c/c17401a1dd210a5f22ab1ec7c7366037c158a14c https://git.kernel.org/stable/c/60ad4cde0ad28921f9ea25b0201c774b95ffa4b4 https://git.kernel.org/stable/c/17063cac4088b8e2fc0f633abddca5426ed58312 https://git.kernel.org/stable/c/97aeed72af4f83ae51534f0a2473ff52f8d66236 https://git.kernel.org/stable/c/75099439209d3cda439a1d9b00d19a50f0066fef https://git.kernel.org/stable/c/2e5a20573a926302b233b0c2e1077f5debc7ab2e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47423 – drm/nouveau/debugfs: fix file release memory leak
https://notcve.org/view.php?id=CVE-2021-47423
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau/debugfs: corrige la pérdida de memoria de liberación de archivos. Cuando se usa single_open() para abrir, se debe llamar a single_release(); de lo contrario, se ejecutará la 'op' asignada en single_open(). filtrado. • https://git.kernel.org/stable/c/6e9fc177399f08446293fec7607913fdbc95e191 https://git.kernel.org/stable/c/df0c9418923679bc6d0060bdb1b5bf2c755159e0 https://git.kernel.org/stable/c/9f9d4c88b2edc7924e19c44909cfc3fa4e4d3d43 https://git.kernel.org/stable/c/1508b09945bde393326a9dab73b1fc35f672d771 https://git.kernel.org/stable/c/11cd944bb87d9e575b94c07c952105eda745b459 https://git.kernel.org/stable/c/f69556a42043b5444ca712ee889829ba89fdcba8 https://git.kernel.org/stable/c/88c3610045ca6e699331b6bb5c095c5565f30721 https://git.kernel.org/stable/c/f5a8703a9c418c6fc54eb772712dfe764 •