CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47547 – net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
https://notcve.org/view.php?id=CVE-2021-47547
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be out of bound. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tulip: de4x5: soluciona el problema de que la matriz 'lp->phy[8]' puede estar fuera de límites En la línea 5001, si todos los ID de la... • https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47546 – ipv6: fix memory leak in fib6_rule_suppress
https://notcve.org/view.php?id=CVE-2021-47546
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a `fib` rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as wg-quick). In such scenarios, every incoming packet will leak an allocation in `ip6_dst_cache` slab cache. After some hours of `bpftrace`-ing and source code reading, I tracked down the issue to ca7a03c41753 ("ipv6: do n... • https://git.kernel.org/stable/c/ca7a03c4175366a92cee0ccc4fec0038c3266e26 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47544 – tcp: fix page frag corruption on page fault
https://notcve.org/view.php?id=CVE-2021-47544
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar to the one addressed by commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from memory reclaim"). Here the nested access to the task page frag is caused by a page fault on the (mmapped) user-space memory buffe... • https://git.kernel.org/stable/c/5640f7685831e088fe6c2e1f863a6805962f8e81 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47542 – net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
https://notcve.org/view.php?id=CVE-2021-47542
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg, and there is a dereference of it in qlcnic_83xx_add_rings(), which could lead to a NULL pointer dereference on failure of the indirect function like qlcnic_83xx_alloc_mbx_args(). Fix this bug by adding a check of alloc_mbx_args(), th... • https://git.kernel.org/stable/c/7f9664525f9cb507de9198a395a111371413f230 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47541 – net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
https://notcve.org/view.php?id=CVE-2021-47541
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). After that mlx4_en_alloc_resources() is called and there is a dereference of &tmp->tx_cq[t][i] in mlx4_en_alloc_resources(), which could lead to a use after free problem on failure of mlx4_en_copy_priv(). Fix this bug by adding a check o... • https://git.kernel.org/stable/c/ec25bc04ed8e12947738468cbe2191f1529f9e39 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47540 – mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
https://notcve.org/view.php?id=CVE-2021-47540
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_mode routine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find an IBSS to join [ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69 [ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 103.073670] Mem abort ... • https://git.kernel.org/stable/c/37f4ca907c462d7c8a1ac9e7e3473681b5f893dd • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47539 – rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
https://notcve.org/view.php?id=CVE-2021-47539
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as it holds a ref to rxrpc_peer. [DH: v2: Changed to abstract out the bundle freeing code into a function] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rxrpc: corrige la fuga de rxrpc_peer en rxrpc_look_up_bundle() Es necesario llamar a rxrpc_put_peer() para el paquete candidato antes de kfree(), ya que c... • https://git.kernel.org/stable/c/245500d853e9f20036cec7df4f6984ece4c6bf26 •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47538 – rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
https://notcve.org/view.php?id=CVE-2021-47538
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a function] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rxrpc: corrigió la fuga de rxrpc_local en rxrpc_lookup_peer() Es necesario llamar a rxrpc_put_local() para el candidato par antes de kfree(), ya que contiene ... • https://git.kernel.org/stable/c/e8e51ce79c157188e209e5ea0afaf6b42dd76104 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47537 – octeontx2-af: Fix a memleak bug in rvu_mbox_init()
https://notcve.org/view.php?id=CVE-2021-47537
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_regions'. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inco... • https://git.kernel.org/stable/c/98c5611163603d3d8012b1bf64ab48fd932cf734 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47536 – net/smc: fix wrong list_del in smc_lgr_cleanup_early
https://notcve.org/view.php?id=CVE-2021-47536
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the real link group from the list and later memseted the link group structure. We got a list corruption panic when testing: [ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000... • https://git.kernel.org/stable/c/a0a62ee15a829ebf8aeec55a4f1688230439b3e0 •