CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47532 – drm/msm/devfreq: Fix OPP refcnt leak
https://notcve.org/view.php?id=CVE-2021-47532
In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/devfreq: corrige la fuga de referencia de OPP • https://git.kernel.org/stable/c/9bc95570175a7fbca29d86d22c54bbf399f4ad5a https://git.kernel.org/stable/c/a4eb55901df1dce8c6944438bbdf57caf08911e2 https://git.kernel.org/stable/c/59ba1b2b4825342676300f66d785764be3fcb093 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47531 – drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
https://notcve.org/view.php?id=CVE-2021-47531
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); ...and _then_ we modified those mappings with our own. Now that `obj->funcs->mmap()` is no longer NULL we don't run the default code. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP was important because we're now getting crashes on Chromebooks that use ARC++ while logging out. • https://git.kernel.org/stable/c/510410bfc034c57cc3caf1572aa47c1017bab2f9 https://git.kernel.org/stable/c/8e2b7fe5e8a4be5e571561d9afcfbd92097288ba https://git.kernel.org/stable/c/3466d9e217b337bf473ee629c608e53f9f3ab786 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47530 – drm/msm: Fix wait_fence submitqueue leak
https://notcve.org/view.php?id=CVE-2021-47530
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. In particular, when the fence has already been signalled. Split out a helper to simplify handling this in the various different return paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/msm: corrige la fuga de la cola de envío de wait_fence No estábamos eliminando la referencia de la cola de envío en todas las rutas. En particular, cuando la valla ya ha sido señalizada. • https://git.kernel.org/stable/c/a61acbbe9cf873f869fc634ae6f72f214f5994cc https://git.kernel.org/stable/c/4c3cdbf2540319ea674f1f3c54f31f14c6f39647 https://git.kernel.org/stable/c/ea0006d390a28012f8187717aea61498b2b341e5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47529 – iwlwifi: Fix memory leaks in error handling path
https://notcve.org/view.php?id=CVE-2021-47529
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Fix memory leaks in error handling path Should an error occur (invalid TLV len or memory allocation failure), the memory already allocated in 'reduce_power_data' should be freed before returning, otherwise it is leaking. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iwlwifi: soluciona pérdidas de memoria en la ruta de manejo de errores. Si ocurre un error (lengua TLV no válida o falla en la asignación de memoria), la memoria ya asignada en 'reduce_power_data' debe liberarse antes de regresar; de lo contrario, está goteando. • https://git.kernel.org/stable/c/9dad325f9d57508b154f0bebbc341a8528e5729c https://git.kernel.org/stable/c/4768935c25403ba96e7a745645df24a51a774b7e https://git.kernel.org/stable/c/a571bc28326d9f3e13f5f2d9cda2883e0631b0ce • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47528 – usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
https://notcve.org/view.php?id=CVE-2021-47528
In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() In cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to pep->ring and there is a dereference of it in cdnsp_endpoint_init(), which could lead to a NULL pointer dereference on failure of cdnsp_ring_alloc(). Fix this bug by adding a check of pep->ring. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_USB_CDNSP_GADGET=y show no new warnings, and our static analyzer no longer warns about this code. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: cdnsp: corrige una desreferencia de puntero NULL en cdnsp_endpoint_init() En cdnsp_endpoint_init(), cdnsp_ring_alloc() se asigna a pep->ring y hay una desreferencia del mismo en cdnsp_endpoint_init( ), lo que podría provocar una desreferencia del puntero NULL en caso de falla de cdnsp_ring_alloc(). Corrija este error agregando una marca de pep->ring. • https://git.kernel.org/stable/c/3d82904559f4f5a2622db1b21de3edf2eded7664 https://git.kernel.org/stable/c/7d94bc8e335cb33918e52efdbe192c36707bfa24 https://git.kernel.org/stable/c/37307f7020ab38dde0892a578249bf63d00bca64 • CWE-476: NULL Pointer Dereference •