CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47604 – vduse: check that offset is within bounds in get_config()
https://notcve.org/view.php?id=CVE-2021-47604
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: vduse: check that offset is within bounds in get_config() This condition checks "len" but it does not check "offset" and that could result in an out of bounds read if "offset > dev->config_size". The problem is that since both variables are unsigned the "dev->config_size - offset" subtraction would result in a very high unsigned value. I think these checks might not be necessary because "len" and "offset" are supposed to already have been v... • https://git.kernel.org/stable/c/c8a6153b6c59d95c0e091f053f6f180952ade91e •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47603 – audit: improve robustness of the audit queue handling
https://notcve.org/view.php?id=CVE-2021-47603
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditd_thread() could get blocked attempting to send audit records to the userspace audit daemon. With the kernel thread blocked it is possible that the audit queue could grow unbounded as certain audit record generating events must be exempt from the queue limits else the system enter a deadlock state. This patc... • https://git.kernel.org/stable/c/5b52330bbfe63b3305765354d6046c9f7f89c011 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47602 – mac80211: track only QoS data frames for admission control
https://notcve.org/view.php?id=CVE-2021-47602
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an uninitialized value here due to a status of a non-QoS nullfunc packet, which isn't even long enough to contain the QoS header. Fix this to only do anything for QoS data packets. En el kernel de Linux, se resolvió la ... • https://git.kernel.org/stable/c/02219b3abca59fca81711bfe7ee78df7abad97ce •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47601 – tee: amdtee: fix an IS_ERR() vs NULL bug
https://notcve.org/view.php?id=CVE-2021-47601
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: amdtee: corrige un error IS_ERR() vs NULL La función __get_free_pages() no devuelve punteros de error, devuelve NULL, así que corrija esta condición para evitar una desreferencia a NULL. In the Linux k... • https://git.kernel.org/stable/c/757cc3e9ff1d72d014096399d6e2bf03974d9da1 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47600 – dm btree remove: fix use after free in rebalance_children()
https://notcve.org/view.php?id=CVE-2021-47600
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm btree remove: corrige el use after free en rebalance_children() Mueve dm_tm_unlock() después de dm_tm_dec(). • https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47599 – btrfs: use latest_dev in btrfs_show_devname
https://notcve.org/view.php?id=CVE-2021-47599
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: btrfs_show_devname+0x108/0x1b4 [btrfs] show_mountinfo+0x234/0x2c4 m_show+0x28/0x34 seq_read_iter+0x12c/0x3c4 vfs_read+0... • https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47598 – sch_cake: do not call cake_destroy() from cake_init()
https://notcve.org/view.php?id=CVE-2021-47598
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline] WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 ... • https://git.kernel.org/stable/c/046f6fd5daefac7f5abdafb436b30f63bc7c602b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47597 – inet_diag: fix kernel-infoleak for UDP sockets
https://notcve.org/view.php?id=CVE-2021-47597
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of inet_sk_diag_fill() might make the same mistake in the future, so fix this in inet_sk_diag_fill(). [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyo... • https://git.kernel.org/stable/c/3c4d05c8056724aff3abc20650807dd828fded54 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47596 – net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
https://notcve.org/view.php?id=CVE-2021-47596
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client instance uninstall process, but acceletion engine device uninstall process still use it to trace runtime information. This causes a use after free problem. So fixes it by check the instance register state to avoid use after free. En el k... • https://git.kernel.org/stable/c/d8355240cf8fb8b9e002b5c8458578435cea85c2 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47595 – net/sched: sch_ets: don't remove idle classes from the round-robin list
https://notcve.org/view.php?id=CVE-2021-47595
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2) mausezahn ddd0 -A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -b 00:c1:a0:c1:a0:00 -t udp & 3) tc qdisc change dev ddd0 handle 10: ets bands 4 strict 2 quanta 2500 2500 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 crashes systemati... • https://git.kernel.org/stable/c/ae2659d2c670252759ee9c823c4e039c0e05a6f2 •