CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47564 – net: marvell: prestera: fix double free issue on err path
https://notcve.org/view.php?id=CVE-2021-47564
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() that cases prestera driver to crash (see below). Trace: Internal error: Oops: 96000044 [#1] SMP Modules linked in: prestera_pci prestera uio_pdrv_genirq CPU: 1 PID: 881 Comm: ip Not tainted 5.15.0 #1 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : prestera_bridge_destroy+0x2c/0xb0 [prestera] lr : prestera_bri... • https://git.kernel.org/stable/c/e1189d9a5fbec8153dbe03f3589bc2baa96694e2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47563 – ice: avoid bpf_prog refcount underflow
https://notcve.org/view.php?id=CVE-2021-47563
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface via ethtool's set_channels(). There is an issue around the bpf_prog refcounting when VSI is being rebuilt - since ice_prepare_xdp_rings() is called with vsi->xdp_prog as an argument that is used later on by ice_v... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47562 – ice: fix vsi->txq_map sizing
https://notcve.org/view.php?id=CVE-2021-47562
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->txq_map's size is equal to the doubled vsi->alloc_txq, which is not correct due to the fact that XDP rings were previously based on the Rx queue count. Below splat can be seen when ethtool -L is used and XDP rings are configured: [ 682.... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47561 – i2c: virtio: disable timeout handling
https://notcve.org/view.php?id=CVE-2021-47561
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: disable timeout handling If a timeout is hit, it can result is incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating on the buffers it was given while the guest has freed them. Here is, for example, the start of a slub_debug splat which was triggered on the next transfer after one transfer was forced to timeout by setting a breakpoint in the backend (rust-vmm/vhost-device):... • https://git.kernel.org/stable/c/3cfc88380413d20f777dc6648a38f683962e52bf •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47560 – mlxsw: spectrum: Protect driver from buggy firmware
https://notcve.org/view.php?id=CVE-2021-47560
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem ... • https://git.kernel.org/stable/c/28b1987ef5064dd5c43538ba1168ef7b801f3cad • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47559 – net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
https://notcve.org/view.php?id=CVE-2021-47559
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times). 7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next. 1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, &lower); CID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS)... • https://git.kernel.org/stable/c/cb9d43f6775457cac75544bc4197f26ac2b6f294 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47558 – net: stmmac: Disable Tx queues when reconfiguring the interface
https://notcve.org/view.php?id=CVE-2021-47558
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a kernel panic when doing any of the 3 following actions: * reconfiguring the number of queues (ethtool -L) * reconfiguring the size of the ring buffers (ethtool -G) * installing/removing an XDP program (ip l set dev ethX xdp) Prevent th... • https://git.kernel.org/stable/c/0366f7e06a6bee7eace3946a6b67fb88b828bc5c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47557 – net/sched: sch_ets: don't peek at classes beyond 'nbands'
https://notcve.org/view.php?id=CVE-2021-47557
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a consequence, it's possible to see a NULL dereference crash, caused by the attempt to call cl->qdisc->ops->peek(cl->qdisc) when cl->qdisc is NULL: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access ... • https://git.kernel.org/stable/c/dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47556 – ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
https://notcve.org/view.php?id=CVE-2021-47556
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce settings on a device where the driver provides only _one_ of the callbacks results in a NULL pointer dereference instead of an -EOPNOTSUPP. Fix the condition so that the availability of both callbacks is ensured. This... • https://git.kernel.org/stable/c/f3ccfda1931977b80267ba54070a1aeafa18f6ca • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47555 – net: vlan: fix underflow for the real_dev refcnt
https://notcve.org/view.php?id=CVE-2021-47555
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100 ip link del dev dummy1 When the dummy netdevice is removed, we will get a WARNING as following: ======================================================================= refcount_t: decrement hit 0; leaking ... • https://git.kernel.org/stable/c/700602b662d7eaa816b1a3cb0abe7a85de358fd4 •