CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47384 – hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
https://notcve.org/view.php?id=CVE-2021-47384
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multi-line alignments] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (w83793) Corrija la desreferencia del puntero NULL eliminando el campo de estructura innecesario. Si el controlador lee el valor tmp suficiente para (tmp & 0x08) && (!(tmp & 0x80)) && (( tmp & 0x7) == ((tmp >> 4) & 0x7)) desde el dispositivo, luego se produce la desreferencia del puntero null. (Es posible si tmp = 0b0xyz1xyz, donde los mismos literales significan los mismos números) Además, lm75[] ya no sirve para nada después de cambiar a devm_i2c_new_dummy_device() en w83791d_detect_subclients(). • https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623 https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616 https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783 https://access.redhat.com/security/cve/CVE-2021-47384 https://bugzilla.redhat.com/show_bug.cgi?id=2282356 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47383 – tty: Fix out-of-bound vmalloc access in imageblit
https://notcve.org/view.php?id=CVE-2021-47383
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates a wrong value to fbcon_display->vrows, which makes the real_y() return a wrong value of y, and that value, eventually, causes the imageblit to access an out-of-bound address value. To solve this issue I made the resize_screen() be called even if the screen does not need any resizing, so it will "fix and fill" the fb_var_screeninfo independently. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tty: corrige el acceso vmalloc fuera de los límites en imageblit. Este problema ocurre cuando un programa de espacio de usuario realiza un ioctl FBIOPUT_VSCREENINFO pasando la estructura fb_var_screeninfo que contiene solo los campos xres, yres y bits_per_pixel con valores. Si esta estructura es la misma que la ioctl anterior, vc_resize() la detecta y no llama a resize_screen(), dejando fb_var_screeninfo incompleto. • https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f https://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b https://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9 https://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325 https://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a https://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560 https://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b https://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47382 – s390/qeth: fix deadlock during failing recovery
https://notcve.org/view.php?id=CVE-2021-47382
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_remove. Call qeth_set_offline() directly in the qeth_do_reset() error case and then a new variant of ccwgroup_set_offline(), without taking discipline_mutex. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/qeth: arreglar el punto muerto durante la recuperación fallida. La confirmación 0b9902c1fcc5 ("s390/qeth: arreglar el punto muerto durante la recuperación") se eliminó tomando discipline_mutex dentro de qeth_do_reset(), solucionando posibles puntos muertos. Sin embargo, se omitió una ruta de error que todavía requiere discipline_mutex y, por lo tanto, tiene el potencial de bloqueo original. • https://git.kernel.org/stable/c/b41b554c1ee75070a14c02a88496b1f231c7eacc https://git.kernel.org/stable/c/af0c184ea106051e428b5a0b5f2dfd31cbc54c52 https://git.kernel.org/stable/c/0bfe741741327822d1482c7edef0184636d08b40 https://git.kernel.org/stable/c/d2b59bd4b06d84a4eadb520b0f71c62fe8ec0a62 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47381 – ASoC: SOF: Fix DSP oops stack dump output contents
https://notcve.org/view.php?id=CVE-2021-47381
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: corrige el contenido de salida del volcado de pila de DSP. Corrija el argumento @buf dado a hex_dump_to_buffer() y la dirección de pila utilizada en la salida de error de volcado. • https://git.kernel.org/stable/c/e657c18a01c85d2c4ec0e96d52be8ba42b956593 https://git.kernel.org/stable/c/a6bb576ead074ca6fa3b53cb1c5d4037a23de81b https://git.kernel.org/stable/c/ac4dfccb96571ca03af7cac64b7a0b2952c97f3a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47380 – HID: amd_sfh: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47380
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@suse.cz: rebase] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: amd_sfh: corrige una posible desreferencia del puntero NULL devm_add_action_or_reset() puede invocar repentinamente amd_mp2_pci_remove() en el registro, lo que provocará una desreferencia del puntero NULL ya que los datos correspondientes aún no se han inicializado. El parche mueve la inicialización de los datos antes de devm_add_action_or_reset(). Encontrado por el proyecto de verificación de controladores de Linux (linuxtesting.org). [jkosina@suse.cz: rebase] • https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38 https://git.kernel.org/stable/c/d46ef750ed58cbeeba2d9a55c99231c30a172764 •