CVE-2021-47427 – scsi: iscsi: Fix iscsi_task use after free
https://notcve.org/view.php?id=CVE-2021-47427
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsi_task use after free Commit d39df158518c ("scsi: iscsi: Have abort handler get ref to conn") added iscsi_get_conn()/iscsi_put_conn() calls during abort handling but then also changed the handling of the case where we detect an already completed task where we now end up doing a goto to the common put/cleanup code. This results in a iscsi_task use after free, because the common cleanup code will do a put on the iscsi_tas... • https://git.kernel.org/stable/c/d39df158518ccc3bf24ee18082b5e100c8f014aa •
CVE-2021-47426 – bpf, s390: Fix potential memory leak about jit_data
https://notcve.org/view.php?id=CVE-2021-47426
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf, s390: solucione una posible pérdida de memoria sobre jit_data. Asegúrese de liberar jit_data mediante kfree() en la ruta de error. • https://git.kernel.org/stable/c/1c8f9b91c456f5b47a377a0c8c5d4130fc39433a •
CVE-2021-47425 – i2c: acpi: fix resource leak in reconfiguration device addition
https://notcve.org/view.php?id=CVE-2021-47425
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a reference count leak and render the adapter unremovable. Make sure to put the adapter after creating the client in the same manner that we do for OF. [wsa: fixed title] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c... • https://git.kernel.org/stable/c/525e6fabeae286848592363bda13bc34b59bb5ac •
CVE-2021-47424 – i40e: Fix freeing of uninitialized misc IRQ vector
https://notcve.org/view.php?id=CVE-2021-47424
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a kernel Oops: Trying to free already-free IRQ 266 WARNING: CPU: 0 PID: 5 at kernel/irq/manage.c:1731 __free_irq+0x9a/0x300 Workqueue: events work_for_cpu_fn RIP: 0010:__free_irq+0x9a/0x300 Call Trace: ? synchronize_irq+0x3a/0xa0 free_irq+... • https://git.kernel.org/stable/c/c17401a1dd210a5f22ab1ec7c7366037c158a14c •
CVE-2021-47423 – drm/nouveau/debugfs: fix file release memory leak
https://notcve.org/view.php?id=CVE-2021-47423
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau/debugfs: corrige la pérdida de memoria de liberación de archivos. Cuando se usa single_open() para abrir, se debe llamar a single_release(); de lo contrario, se ejecutará la 'op' a... • https://git.kernel.org/stable/c/6e9fc177399f08446293fec7607913fdbc95e191 •
CVE-2021-47422 – drm/nouveau/kms/nv50-: fix file release memory leak
https://notcve.org/view.php?id=CVE-2021-47422
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau/kms/nv50-: corrige la pérdida de memoria de liberación de archivos. Cuando se usa single_open() para abrir, se debe llamar a single_release(); de lo contrario, se debe llamar a l... • https://git.kernel.org/stable/c/12885ecbfe62df4358d452080d3b8feef54ec8cb •
CVE-2021-47421 – drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume
https://notcve.org/view.php?id=CVE-2021-47421
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd, it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCI driver will continue the execution of PCI resume callback report_resume by pci_walk_bridge, and the callback will go into amdgpu_pci_resume finally, where write lock is releasd unconditionally without acquiring such loc... • https://git.kernel.org/stable/c/c9a6b82f45e261d247b980a7949aaa6a9bfffe01 •
CVE-2021-47420 – drm/amdkfd: fix a potential ttm->sg memory leak
https://notcve.org/view.php?id=CVE-2021-47420
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix a potential ttm->sg memory leak Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr, but isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdkfd: soluciona una posible pérdida de memoria de ttm->sg. La memoria se asigna para ttm->sg mediante kmalloc en kfd_mem_dmamap_userptr, pero kfree no la libera en kfd_mem_dmaunmap_userpt... • https://git.kernel.org/stable/c/264fb4d332f5e76743818480e482464437837c52 •
CVE-2021-47419 – net/sched: sch_taprio: properly cancel timer from taprio_destroy()
https://notcve.org/view.php?id=CVE-2021-47419
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: properly cancel timer from taprio_destroy() There is a comment in qdisc_create() about us not calling ops->reset() in some cases. err_out4: /* * Any broken qdiscs that would require a ops->reset() here? * The qdisc was never in action so it shouldn't be necessary. */ As taprio sets a timer before actually receiving a packet, we need to cancel it from ops->destroy, just in case ops->reset has not been called. syzbot re... • https://git.kernel.org/stable/c/c71c512f4a65267e6a18163f4df729c489a51035 •
CVE-2021-47418 – net_sched: fix NULL deref in fifo_set_limit()
https://notcve.org/view.php?id=CVE-2021-47418
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net_sched: fix NULL deref in fifo_set_limit() syzbot reported another NULL deref in fifo_set_limit() [1] I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev lo parent 1:0 pfifo_fast tc qd change dev lo root handle 1:0 tbf limit 300000 burst 70000 rate 100Mbit pfifo_fast does not have a change() operation. Make fifo_set_limit() more robust about this. [1] BUG:... • https://git.kernel.org/stable/c/fb0305ce1b03f6ff17f84f2c63daccecb45f2805 •