CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47501 – i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
https://notcve.org/view.php?id=CVE-2021-47501
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptors using debugfs there was a crash due to NULL pointer dereference in i40e_dbg_dump_desc. Added a check to i40e_dbg_dump_desc that checks if VSI type is correct for dumping RX/TX descriptors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i40e: Se corrigió la desreferencia del puntero NULL en i40e_dbg_dump_desc Al intentar vo... • https://git.kernel.org/stable/c/02e9c290814cc143ceccecb14eac3e7a05da745e • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47500 – iio: mma8452: Fix trigger reference couting
https://notcve.org/view.php?id=CVE-2021-47500
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before as... • https://git.kernel.org/stable/c/ae6d9ce05691bf79694074db7c7da980080548af •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47499 – iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
https://notcve.org/view.php?id=CVE-2021-47499
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the memory allocated by iio_triggered_buffer_setup() will not be freed, and cause memory leak as follows: unreferenced object 0xffff888009551400 (size 512): comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s) hex dump (first 32 bytes): 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......... • https://git.kernel.org/stable/c/a25691c1f9674090fb66586cf4c5d60d3efdf339 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36013 – Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
https://notcve.org/view.php?id=CVE-2024-36013
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack sum... • https://git.kernel.org/stable/c/73ffa904b78287f6acf8797e040150aa26a4af4a • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36012 – Bluetooth: msft: fix slab-use-after-free in msft_do_close()
https://notcve.org/view.php?id=CVE-2024-36012
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. =======================... • https://git.kernel.org/stable/c/bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47498 – dm rq: don't queue request to blk-mq during DM suspend
https://notcve.org/view.php?id=CVE-2021-47498
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nr_requests or others, and request may come during suspend, so simply ask for blk-mq to requeue it. Fixes one kernel panic issue when running updating nr_requests and dm-mpath suspend/resume stress test. En el kernel de Linux, se ha... • https://git.kernel.org/stable/c/8ca9745efe3528feb06ca4e117188038eea2d351 • CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47497 – nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
https://notcve.org/view.php?id=CVE-2021-47497
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in d... • https://git.kernel.org/stable/c/69aba7948cbe53f2f1827e84e9dd0ae470a5072e • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47496 – net/tls: Fix flipped sign in tls_err_abort() calls
https://notcve.org/view.php?id=CVE-2021-47496
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47495 – usbnet: sanity check for maxpacket
https://notcve.org/view.php?id=CVE-2021-47495
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: verificación de cordura para maxpacket maxpacket de 0 no tiene sentido y falla ya que necesitamos dividirlo por él. Abandonar. V2: error tipográfico corregido en el registro y problemas de estilo In the Linux kern... • https://git.kernel.org/stable/c/b9eba0a4a527e04d712f0e0401e5391ef124b33e • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47494 – cfg80211: fix management registrations locking
https://notcve.org/view.php?id=CVE-2021-47494
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev, but cfg80211_mgmt_registrations_update() iterated it without holding all the correct spinlocks, causing list corruption. Rather than trying to fix it with fine-grained locking, just move the lock to the wiphy/rdev (still need the list on each wdev), we already need to hold the wdev lock to change it, so there's ... • https://git.kernel.org/stable/c/6cd536fe62ef58d7c4eac2da07ab0ed7fd19010d •