CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47203 – scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
https://notcve.org/view.php?id=CVE-2021-47203
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list re... • https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47202 – thermal: Fix NULL pointer dereferences in of_thermal_ functions
https://notcve.org/view.php?id=CVE-2021-47202
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 1200... • https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47201 – iavf: free q_vectors before queues in iavf_disable_vf
https://notcve.org/view.php?id=CVE-2021-47201
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_vf(). This resolves a panic encountered when the interface is disabled and then later brought up again after PF communication is restored. In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before ... • https://git.kernel.org/stable/c/65c7006f234c9ede887d468f595f259a5c5cc552 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47198 – scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
https://notcve.org/view.php?id=CVE-2021-47198
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free acce... • https://git.kernel.org/stable/c/dbebf865b3239595c1d4dba063b122862583b52a • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47194 – cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
https://notcve.org/view.php?id=CVE-2021-47194
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. En el kerne... • https://git.kernel.org/stable/c/ac800140c20e7ae51117e71289065bedd4930fc2 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47193 – scsi: pm80xx: Fix memory leak during rmmod
https://notcve.org/view.php?id=CVE-2021-47193
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: pm80xx: se corrigió la pérdida de memoria durante rmmod, el controlador no pudo liberar toda la memoria asignada. Esto puede provocar una pérdida de memoria durante la eliminación d... • https://git.kernel.org/stable/c/269a4311b15f68d24e816f43f123888f241ed13d • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47192 – scsi: core: sysfs: Fix hang when device state is set via sysfs
https://notcve.org/view.php?id=CVE-2021-47192
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery, iscsid will call into the kernel to set the dev's state to running, and with that patch we now call scsi_rescan_device() with the state_mutex held. If the SCSI error handler thread is just starting to test the device ... • https://git.kernel.org/stable/c/69aa1a1a569f5c6d554b59352130ef363342ed4c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47191 – scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
https://notcve.org/view.php?id=CVE-2021-47191
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x... • https://git.kernel.org/stable/c/3e20cb072679bdb47747ccc8bee3233a4cf0765a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47190 – perf bpf: Avoid memory leak from perf_env__insert_btf()
https://notcve.org/view.php?id=CVE-2021-47190
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/3792cb2ff43b1b193136a03ce1336462a827d792 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47189 – btrfs: fix memory ordering between normal and ordered work functions
https://notcve.org/view.php?id=CVE-2021-47189
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don't guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is se... • https://git.kernel.org/stable/c/08a9ff3264181986d1d692a4e6fce3669700c9f8 •