CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47614 – RDMA/irdma: Fix a user-after-free in add_pble_prm
https://notcve.org/view.php?id=CVE-2021-47614
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdma_hmc_sd_one. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/irdma: corrige un user-after-free en add_pble_prm Cuando falla irdma_hmc_sd_one, el 'fragmento' se libera mientras todavía está en la lis... • https://git.kernel.org/stable/c/e8c4dbc2fcacf5a7468d312168bb120c27c38b32 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47613 – i2c: virtio: fix completion handling
https://notcve.org/view.php?id=CVE-2021-47613
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called without any of the queued buffers being completed (for example, with virtio-pci and shared interrupts) or with only some of the buffers being completed (since the driver makes them available to the device in multip... • https://git.kernel.org/stable/c/3cfc88380413d20f777dc6648a38f683962e52bf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:k... • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47611 – mac80211: validate extended element ID is present
https://notcve.org/view.php?id=CVE-2021-47611
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: validar que el ID del elemento extendido esté presente Antes de intentar analizar un elemento extendido, verifique que el ID del elemento extendido esté presente. In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/41cbb0f5a29592874355e4159489eb08337cd50e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47610 – drm/msm: Fix null ptr access msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2021-47610
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.29102... • https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59 •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47609 – firmware: arm_scpi: Fix string overflow in SCPI genpd driver
https://notcve.org/view.php?id=CVE-2021-47609
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: ... • https://git.kernel.org/stable/c/8bec4337ad4023b26de35d3b0c3a3b2735ffc5c7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47608 – bpf: Fix kernel address leakage in atomic fetch
https://notcve.org/view.php?id=CVE-2021-47608
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registers in atomics w/ BPF_FETCH") around check_mem_access() handling is buggy since this would allow for unprivileged users to leak kernel pointers. For example, an atomic fetch/and with -1 on a stack destination which holds a spilled pointer will migrate the spilled register type into a scalar, which can then be exported out... • https://git.kernel.org/stable/c/37086bfdc737ea6f66bf68dcf16757004d68e1e1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47607 – bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
https://notcve.org/view.php?id=CVE-2021-47607
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val] BPF_R0 = cmpxchg{32,64}(DST_REG + insn->off, BPF_R0, SRC_REG) `-[mem-loc] `-[old-val] Given a BPF insn can only have two registers (dst, src), the R0 is fixed and used as an auxilliary register for input (old value) as well as output (returning old value from memory location).... • https://git.kernel.org/stable/c/5ffa25502b5ab3d639829a2d1e316cff7f59a41e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47606 – net: netlink: af_netlink: Prevent empty skb by adding a check on len.
https://notcve.org/view.php?id=CVE-2021-47606
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 and skb->data_len=0 in the randomized corruption step as shown below. skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); Crash Report: [ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port... • https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47605 – vduse: fix memory corruption in vduse_dev_ioctl()
https://notcve.org/view.php?id=CVE-2021-47605
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are both type u32. So if the offset if out of bounds then the "dev->config_size - config.offset" subtraction results in a very high u32 value. The out of bounds offset can result in memory corruption. • https://git.kernel.org/stable/c/c8a6153b6c59d95c0e091f053f6f180952ade91e •