CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47311 – net: qcom/emac: fix UAF in emac_remove
https://notcve.org/view.php?id=CVE-2021-47311
In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: qcom/emac: corrige UAF en emac_remove adpt son datos privados de netdev y no se pueden usar después de la llamada a free_netdev(). Usar adpt después de free_netdev() puede causar un error en UAF. • https://git.kernel.org/stable/c/54e19bc74f3380d414681762ceed9f7245bc6a6e https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81 https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7 https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833 https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839 https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47310 – net: ti: fix UAF in tlan_remove_one
https://notcve.org/view.php?id=CVE-2021-47310
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ti: corrige UAF en tlan_remove_one priv son datos privados de netdev y no se pueden usar después de la llamada free_netdev(). Usar priv después de free_netdev() puede causar un error en UAF. • https://git.kernel.org/stable/c/1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6 https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9 https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193 https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1 https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405 https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47309 – net: validate lwtstate->data before returning from skb_tunnel_info()
https://notcve.org/view.php?id=CVE-2021-47309
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info type without validation. lwtstate->data can have various types such as mpls_iptunnel_encap, etc and these are not compatible. So skb_tunnel_info() should validate before returning that pointer. Splat looks like: BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan] Read of size 2 at addr ffff888106ec2698 by task ping/811 CPU: 1 PID: 811 Comm: ping Not tainted 5.13.0+ #1195 Call Trace: dump_stack_lvl+0x56/0x7b print_address_description.constprop.8.cold.13+0x13/0x2ee ? vxlan_get_route+0x418/0x4b0 [vxlan] ? vxlan_get_route+0x418/0x4b0 [vxlan] kasan_report.cold.14+0x83/0xdf ? vxlan_get_route+0x418/0x4b0 [vxlan] vxlan_get_route+0x418/0x4b0 [vxlan] [ ... ] vxlan_xmit_one+0x148b/0x32b0 [vxlan] [ ... ] vxlan_xmit+0x25c5/0x4780 [vxlan] [ ... ] dev_hard_start_xmit+0x1ae/0x6e0 __dev_queue_xmit+0x1f39/0x31a0 [ ... ] neigh_xmit+0x2f9/0x940 mpls_xmit+0x911/0x1600 [mpls_iptunnel] lwtunnel_xmit+0x18f/0x450 ip_finish_output2+0x867/0x2040 [ ... ] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: validar lwtstate->data antes de regresar de skb_tunnel_info() skb_tunnel_info() devuelve un puntero de lwtstate->data como tipo ip_tunnel_info sin validación. lwtstate->data puede tener varios tipos como mpls_iptunnel_encap, etc. y estos no son compatibles. Entonces skb_tunnel_info() debería validarse antes de devolver ese puntero. • https://git.kernel.org/stable/c/61adedf3e3f1d3f032c5a6a299978d91eff6d555 https://git.kernel.org/stable/c/e7f3c9df40515a6c6b46f36c4c94cf48a043f887 https://git.kernel.org/stable/c/b61d327cd3cc5ea591f3bf751dd11e034f388bb5 https://git.kernel.org/stable/c/83bdcfbd968bcc91a0632b7b625e4a9b0cba5e0d https://git.kernel.org/stable/c/8bb1589c89e61e3b182dd546f1021928ebb5c2a6 https://git.kernel.org/stable/c/8aa13a86964cdec4fd969ef677c6614ff068641a https://git.kernel.org/stable/c/2179d96ec702cc33ead02a9ce40ece599b8538c5 https://git.kernel.org/stable/c/a915379594f1e045421635c6316d8f3ff •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b https://git.kernel.org/stable/c/4921b1618045ffab71b1050bf0014df3313a2289 https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03 https://git.kernel.org/stable/c/a4a54c54af2516caa9c145015844543cfc84316a https://git.kernel.org/stable/c/8511293e643a18b248510ae5734e4f360754348c https://git.kernel.org/stable/c/b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de nodo NULL, por lo que se debe evitar eliminar la referencia a él en cifs_compose_mount_options(). Direcciones-Cobertura: 1476408 ("Nulo explícito desreferenciado") • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796 https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306 •