CVE-2021-47535 – drm/msm/a6xx: Allocate enough space for GMU registers
https://notcve.org/view.php?id=CVE-2021-47535
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the memory allocation for the array. That leads to a KASAN warning (this was on the chromeos-5.4 kernel, which has the problematic commit backported to it): BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144... • https://git.kernel.org/stable/c/142639a52a01e90c512a9a8d2156997e02a65b53 • CWE-787: Out-of-bounds Write •
CVE-2021-47534 – drm/vc4: kms: Add missing drm_crtc_commit_put
https://notcve.org/view.php?id=CVE-2021-47534
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC commit so that we can properly synchronize commits. However, the refcounting was off and we thus ended up leaking the drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to prevent the leakage. En el kernel de Linux, se res... • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d •
CVE-2021-47533 – drm/vc4: kms: Clear the HVS FIFO commit pointer once done
https://notcve.org/view.php?id=CVE-2021-47533
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a wait on the previous commit done on a given HVS FIFO. However, we never cleared that pointer once done. Since drm_crtc_commit_put can free the drm_crtc_commit structure directly if we were the last user, this means that it can lead to a use-after free if we were to duplicate the state, and ... • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d •
CVE-2021-47532 – drm/msm/devfreq: Fix OPP refcnt leak
https://notcve.org/view.php?id=CVE-2021-47532
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/devfreq: corrige la fuga de referencia de OPP • https://git.kernel.org/stable/c/9bc95570175a7fbca29d86d22c54bbf399f4ad5a •
CVE-2021-47531 – drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
https://notcve.org/view.php?id=CVE-2021-47531
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot =... • https://git.kernel.org/stable/c/510410bfc034c57cc3caf1572aa47c1017bab2f9 •
CVE-2021-47530 – drm/msm: Fix wait_fence submitqueue leak
https://notcve.org/view.php?id=CVE-2021-47530
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. In particular, when the fence has already been signalled. Split out a helper to simplify handling this in the various different return paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/msm: corrige la fuga de la cola de envío de wait_fence No estábamos eliminando la referencia de la cola de envío en todas las rutas. ... • https://git.kernel.org/stable/c/a61acbbe9cf873f869fc634ae6f72f214f5994cc •
CVE-2021-47529 – iwlwifi: Fix memory leaks in error handling path
https://notcve.org/view.php?id=CVE-2021-47529
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Fix memory leaks in error handling path Should an error occur (invalid TLV len or memory allocation failure), the memory already allocated in 'reduce_power_data' should be freed before returning, otherwise it is leaking. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iwlwifi: soluciona pérdidas de memoria en la ruta de manejo de errores. Si ocurre un error (lengua TLV no válida o falla en la asignación de memori... • https://git.kernel.org/stable/c/9dad325f9d57508b154f0bebbc341a8528e5729c • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-47528 – usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
https://notcve.org/view.php?id=CVE-2021-47528
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() In cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to pep->ring and there is a dereference of it in cdnsp_endpoint_init(), which could lead to a NULL pointer dereference on failure of cdnsp_ring_alloc(). Fix this bug by adding a check of pep->ring. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security ope... • https://git.kernel.org/stable/c/3d82904559f4f5a2622db1b21de3edf2eded7664 • CWE-476: NULL Pointer Dereference •
CVE-2021-47527 – serial: core: fix transmit-buffer reset and memleak
https://notcve.org/view.php?id=CVE-2021-47527
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_close") converted serial core to use tty_port_close() but failed to notice that the transmit buffer still needs to be freed on final close. Not freeing the transmit buffer means that the buffer is no longer cleared on next open so that any ioctl() waiting for the buffer to drain might wait indefinitely (e.g. on term... • https://git.kernel.org/stable/c/761ed4a94582ab291aa24dcbea4e01e8936488c8 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-47526 – serial: liteuart: Fix NULL pointer dereference in ->remove()
https://notcve.org/view.php?id=CVE-2021-47526
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fix NULL pointer dereference in ->remove() drvdata has to be set in _probe() - otherwise platform_get_drvdata() causes null pointer dereference BUG in _remove(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: liteuart: se corrige la desreferencia del puntero NULL en ->remove() drvdata debe configurarse en _probe(); de lo contrario, platform_get_drvdata() provoca un ERROR de desreferencia del ... • https://git.kernel.org/stable/c/1da81e5562fac8286567422cc56a7fbd0dc646d4 • CWE-476: NULL Pointer Dereference •