CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47145 – btrfs: do not BUG_ON in link_to_fixup_dir
https://notcve.org/view.php?id=CVE-2021-47145
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffff... • https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47144 – drm/amd/amdgpu: fix refcount leak
https://notcve.org/view.php?id=CVE-2021-47144
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/amdgpu: corrige la fuga de refcount [Por qué] el objeto gema rfb->base.obj[0] se obtiene según num_planes en amdgpufb_create, per... • https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47143 – net/smc: remove device from smcd_dev_list after failed device_add()
https://notcve.org/view.php?id=CVE-2021-47143
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/smc: eliminar dispositivo de smcd_dev_list después de fallar devic... • https://git.kernel.org/stable/c/c6ba7c9ba43de1b57e9a53946e7ff988554c84ed •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47142 – drm/amdgpu: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2021-47142
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_des... • https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47141 – gve: Add NULL pointer checks when freeing irqs.
https://notcve.org/view.php?id=CVE-2021-47141
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gve: agrega comprobaciones de puntero NULL al liberar irqs. Al liberar bloques de notificaciones, indexamos priv->ms... • https://git.kernel.org/stable/c/893ce44df56580fb878ca5af9c4a5fd87567da50 •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47138 – cxgb4: avoid accessing registers when clearing filters
https://notcve.org/view.php?id=CVE-2021-47138
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxgb4: evita acceder a los regi... • https://git.kernel.org/stable/c/b1a79360ee862f8ada4798ad2346fa45bb41b527 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47137 – net: lantiq: fix memory corruption in RX ring
https://notcve.org/view.php?id=CVE-2021-47137
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: lantiq: corrige la corrupción de la... • https://git.kernel.org/stable/c/fe1a56420cf2ec28c8eceef672b87de0bbe1a260 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26642 – netfilter: nf_tables: disallow anonymous set with timeout flag
https://notcve.org/view.php?id=CVE-2024-26642
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permitir conjuntos anónimos con indicador de tiempo de espera Los conjuntos anónimos nunca se usan con tiempo de espera del espacio de usuario, r... • https://git.kernel.org/stable/c/761da2935d6e18d178582dbdf315a3a458555505 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52620 – netfilter: nf_tables: disallow timeout for anonymous sets
https://notcve.org/view.php?id=CVE-2023-52620
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permite el tiempo de espera para conjuntos anónimos Nunca se usa desde el espacio de usuario, no permita estos parámetros. A vulnerability was found in netfilter/nf_tables componets of Linux Kernel allows an userspace to set timeouts for anony... • https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26641 – ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
https://notcve.org/view.php?id=CVE-2024-26641
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in I... • https://git.kernel.org/stable/c/0d3c703a9d1723c7707e0680019ac8ff5922db42 • CWE-20: Improper Input Validation •