CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47512 – net/sched: fq_pie: prevent dismantle issue
https://notcve.org/view.php?id=CVE-2021-47512
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: prevent dismantle issue For some reason, fq_pie_destroy() did not copy working code from pie_destroy() and other qdiscs, thus causing elusive bug. Before calling del_timer_sync(&q->adapt_timer), we need to ensure timer will not rearm itself. rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579 (t=10501 jiffies g=13085 q=3989) NMI bac... • https://git.kernel.org/stable/c/ec97ecf1ebe485a17cd8395a5f35e6b80b57665a •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47511 – ALSA: pcm: oss: Fix negative period/buffer sizes
https://notcve.org/view.php?id=CVE-2021-47511
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers. This patch changes the code to handle with ssize_t and adds the proper error checks appropriately. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: A... • https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47510 – btrfs: fix re-dirty process of tree-log nodes
https://notcve.org/view.php?id=CVE-2021-47510
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. #!/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/\${d} done mount /dev/sda /mnt/test mount /dev/sdb /mnt/scratch for dir in test scratch; do echo 3 >/proc/sys/vm/drop_caches fio --directory=/mnt/\${dir} --name=fio.\${dir} --rw=read --size=50G --bs=64m \ --numjobs=$(nproc) --time_based --ramp_time=... • https://git.kernel.org/stable/c/d3575156f6623eecf086a20bcf99a63f1598109c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47509 – ALSA: pcm: oss: Limit the period size to 16MB
https://notcve.org/view.php?id=CVE-2021-47509
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size (the fragment shift in OSS) instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of the period size, too. As of this patch, we set to 16MB limit, which should cover all use cases. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: oss: Limitar el tamaño del período a 1... • https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47508 – btrfs: free exchange changeset on failures
https://notcve.org/view.php?id=CVE-2021-47508
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64): comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s) hex dump (first 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................ 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ backtrace: [<00000000ac0176d2>] ulist_add_merge+0x60/0x150... • https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47507 – nfsd: Fix nsfd startup race (again)
https://notcve.org/view.php?id=CVE-2021-47507
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") has re-opened rpc_pipefs_event() race against nfsd_net_id registration (register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76 ("nfsd: fix nsfd startup race triggering BUG_ON"). Restore the order of register_pernet_subsys() vs register_cld_notifier(). Add WARN_ON() to prevent a future regression. Crash info: Unable to ... • https://git.kernel.org/stable/c/8677e99150b0830d29cc1318b4cc559e176940bb •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47506 – nfsd: fix use-after-free due to delegation race
https://notcve.org/view.php?id=CVE-2021-47506
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to del_recall_lru. If we then exit nfs4_set_delegation without hashing the delegation, it will be freed as soon as the callback is done with it, without ever being removed from del_recall_lru. Symptoms show up later as use-a... • https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47505 – aio: fix use-after-free due to missing POLLFREE handling
https://notcve.org/view.php?id=CVE-2021-47505
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is okay for blocking polls, since a blocking poll occurs within one task; however, non-blocking polls require another solution. This solution is for the queue to be cleared before it is freed, by sending a POLLFREE not... • https://git.kernel.org/stable/c/2c14fa838cbefc23cf1c73ca167ed85b274b2913 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47504 – io_uring: ensure task_work gets run as part of cancelations
https://notcve.org/view.php?id=CVE-2021-47504
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to be processed through task_work, then we can be sleeping uninterruptibly in io_uring_cancel_generic() and never process it. Hence we don't make forward progress and we end up with an uninterruptible sleep warning. While in there, correct a comment that should be IFF, not IIF. En el kernel de Linux, se ha resuelto la s... • https://git.kernel.org/stable/c/8e12976c0c19ebc14b60046b1348c516a74c25a2 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47503 – scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
https://notcve.org/view.php?id=CVE-2021-47503
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:device_del+0x63/0x440 Call Trace: device_unregister+0x17/0x60 scsi_remove_host+0xee/0x2a0 pm8001_pci_probe+0x6ef/0x1b90 [pm80xx] local_pci_probe+0x3f/0x90 We cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host() has no... • https://git.kernel.org/stable/c/05c6c029a44d9f43715577e33e95eba87f44d285 • CWE-476: NULL Pointer Dereference •