CVE-2021-47618 – ARM: 9170/1: fix panic when kasan and kprobe are enabled
https://notcve.org/view.php?id=CVE-2021-47618
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing instruction simulation, it is necessary to construct assembly function execution environment in C language through binding registers. after kasan is enabled, the register binding relationship will be destroyed, resulti... • https://git.kernel.org/stable/c/35aa1df4328340f38edc46f00837f08d33d49f63 •
CVE-2021-47617 – PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
https://notcve.org/view.php?id=CVE-2021-47617
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8: If a power controller detects a main power fault on the hot-plug slot, it must automatically set its internal main power fault latch [...]. The main power fault latch is c... • https://git.kernel.org/stable/c/a8cc52270f3d8e8f4faf01ffd6c4a95bbfb55ba4 •
CVE-2024-38620 – Bluetooth: HCI: Remove HCI_AMP support
https://notcve.org/view.php?id=CVE-2024-38620
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP and Primary controllers, as only HCI_PRIMARY is left, this also remove hdev->dev_type altogether. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: HCI: eliminar la compatibilidad con HC... • https://git.kernel.org/stable/c/244bc377591c3882f454882357bc730c90cbedb5 •
CVE-2024-38619 – usb-storage: alauda: Check whether the media is initialized
https://notcve.org/view.php?id=CVE-2024-38619
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). - Add a member "media_initialized" to struct alauda_info. - Change a condition in alauda_check_media() to ensure the first initialization. - Add an error check for the return value of alauda_init_media(). En el ... • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f • CWE-457: Use of Uninitialized Variable •
CVE-2021-47616 – RDMA: Fix use-after-free in rxe_queue_cleanup
https://notcve.org/view.php?id=CVE-2021-47616
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA: Fix use-after-free in rxe_queue_cleanup On error handling path in rxe_qp_from_init() qp->sq.queue is freed and then rxe_create_qp() will drop last reference to this object. qp clean up function will try to free this queue one time and it causes UAF bug. Fix it by zeroing queue pointer after freeing queue in rxe_qp_from_init(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA: corrige el use-after-free en rxe_que... • https://git.kernel.org/stable/c/514aee660df493cd673154a6ba6bab745ec47b8c •
CVE-2021-47614 – RDMA/irdma: Fix a user-after-free in add_pble_prm
https://notcve.org/view.php?id=CVE-2021-47614
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdma_hmc_sd_one. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/irdma: corrige un user-after-free en add_pble_prm Cuando falla irdma_hmc_sd_one, el 'fragmento' se libera mientras todavía está en la ... • https://git.kernel.org/stable/c/e8c4dbc2fcacf5a7468d312168bb120c27c38b32 • CWE-416: Use After Free •
CVE-2021-47613 – i2c: virtio: fix completion handling
https://notcve.org/view.php?id=CVE-2021-47613
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called without any of the queued buffers being completed (for example, with virtio-pci and shared interrupts) or with only some of the buffers being completed (since the driver makes them available to the device in mul... • https://git.kernel.org/stable/c/3cfc88380413d20f777dc6648a38f683962e52bf •
CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 001... • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 •
CVE-2021-47611 – mac80211: validate extended element ID is present
https://notcve.org/view.php?id=CVE-2021-47611
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: validar que el ID del elemento extendido esté presente Antes de intentar analizar un elemento extendido, verifique que el ID del elemento extendido esté presente. • https://git.kernel.org/stable/c/41cbb0f5a29592874355e4159489eb08337cd50e •
CVE-2021-47610 – drm/msm: Fix null ptr access msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2021-47610
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0... • https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59 •