CVE-2021-47362 – drm/amd/pm: Update intermediate power state for SI
https://notcve.org/view.php?id=CVE-2021-47362
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference. For ex: on platforms where PCI speed change is supported through ACPI ATCS method, the link speed of current state needs to be queried before deciding on changing to final power state's link speed. The logic to query ATCS-support was broken on certain platforms. The issue became visible when broken ATCS-support logic got fixed with commit f9b7f3703ff9 ("drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)"). Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Actualizar el estado de energía intermedio para SI. Actualiza el estado actual como estado de arranque durante la inicialización de dpm. Durante la inicialización posterior, se llama a set_power_state para realizar la transición al estado de energía final. set_power_state se refiere a valores del estado actual y sin el estado actual poblado, podría resultar en una desreferencia del puntero NULL. • https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68 https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105 https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa •
CVE-2021-47361 – mcb: fix error handling in mcb_alloc_bus()
https://notcve.org/view.php?id=CVE-2021-47361
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mcb: corrige el manejo de errores en mcb_alloc_bus() Hay dos errores: 1) Si ida_simple_get() falla, entonces este código llama a put_device(carrier) pero aún no hemos llamado a get_device( transportista) y probablemente eso conduzca a un uso posterior gratuito. 2) Después de device_initialize() entonces necesitamos usar put_device() para liberar el bus. Esto liberará los recursos internos vinculados al dispositivo y llamará a mcb_free_bus() que liberará el resto. • https://git.kernel.org/stable/c/5d9e2ab9fea4cdf0a2522f5cbed2e7fbb220d757 https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0 https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0 https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499 https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952 •
CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos! • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 https://git.kernel.org/stable/c/71826b068884050d5fdd37fda857ba1539c513d3 •
CVE-2021-47358 – staging: greybus: uart: fix tty use after free
https://notcve.org/view.php?id=CVE-2021-47358
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: greybus: uart: corrige el use after free de tty. El espacio de usuario puede mantener un tty abierto indefinidamente y los controladores de tty no deben liberar las estructuras subyacentes hasta que el último usuario se haya ido. Cambie al uso del contador de referencia del puerto tty para administrar la vida útil del estado tty de greybus para evitar su uso después de una desconexión. • https://git.kernel.org/stable/c/a18e15175708d39abbe9746ddc3479466b7800c3 https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69 https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14 https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6 https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1 https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39 •
CVE-2021-47357 – atm: iphase: fix possible use-after-free in ia_module_exit()
https://notcve.org/view.php?id=CVE-2021-47357
In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: iphase: corrige posible use after free en ia_module_exit(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 https://git.kernel.org/stable/c/a832ee2f2145f57443b2d565f8cb5490e8339f42 https://git.kernel.org/stable/c/bcdd2be48edd8c6867fb44112cb8d18086beae29 https://git.kernel.org/stable/c/89ce0b0747f319eb70f85bc820dcc43cebbd5417 https://git.kernel.org/stable/c/c9172498d4d62c9b64e5fb37c1ee0343e65fe51b https://git.kernel.org/stable/c/e759ff76ebbbfcdcf83b6634c54dc47828573d8b https://git.kernel.org/stable/c/b58d246a058ae88484758cd4ab27b3180fd5ecf8 https://git.kernel.org/stable/c/d1fb12412874c94ad037e11d0ecdd1140 •