CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos! I... • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36788 – drm/nouveau: avoid a use-after-free when BO init fails
https://notcve.org/view.php?id=CVE-2020-36788
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm(). En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47358 – staging: greybus: uart: fix tty use after free
https://notcve.org/view.php?id=CVE-2021-47358
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: greybus: uart: corrige el use after free de tty. ... • https://git.kernel.org/stable/c/a18e15175708d39abbe9746ddc3479466b7800c3 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47357 – atm: iphase: fix possible use-after-free in ia_module_exit()
https://notcve.org/view.php?id=CVE-2021-47357
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el k... • https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47356 – mISDN: fix possible use-after-free in HFC_cleanup()
https://notcve.org/view.php?id=CVE-2021-47356
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de ... • https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el... • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corr... • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux, s... • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerability... • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47351 – ubifs: Fix races between xattr_{set|get} and listxattr operations
https://notcve.org/view.php?id=CVE-2021-47351
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-houtao1... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •