CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47382 – s390/qeth: fix deadlock during failing recovery
https://notcve.org/view.php?id=CVE-2021-47382
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_remove. Call qeth_set_offline() directly in the qeth_do_reset() error case and then a new variant of ccwgroup_set_offline(), without taking discipline_mutex. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/qeth: arreglar el punto muerto durante la recuperación fallida. La confirmación 0b9902c1fcc5 ("s390/qeth: arreglar el punto muerto durante la recuperación") se eliminó tomando discipline_mutex dentro de qeth_do_reset(), solucionando posibles puntos muertos. Sin embargo, se omitió una ruta de error que todavía requiere discipline_mutex y, por lo tanto, tiene el potencial de bloqueo original. • https://git.kernel.org/stable/c/b41b554c1ee75070a14c02a88496b1f231c7eacc https://git.kernel.org/stable/c/af0c184ea106051e428b5a0b5f2dfd31cbc54c52 https://git.kernel.org/stable/c/0bfe741741327822d1482c7edef0184636d08b40 https://git.kernel.org/stable/c/d2b59bd4b06d84a4eadb520b0f71c62fe8ec0a62 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47381 – ASoC: SOF: Fix DSP oops stack dump output contents
https://notcve.org/view.php?id=CVE-2021-47381
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: corrige el contenido de salida del volcado de pila de DSP. Corrija el argumento @buf dado a hex_dump_to_buffer() y la dirección de pila utilizada en la salida de error de volcado. • https://git.kernel.org/stable/c/e657c18a01c85d2c4ec0e96d52be8ba42b956593 https://git.kernel.org/stable/c/a6bb576ead074ca6fa3b53cb1c5d4037a23de81b https://git.kernel.org/stable/c/ac4dfccb96571ca03af7cac64b7a0b2952c97f3a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47380 – HID: amd_sfh: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47380
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@suse.cz: rebase] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: amd_sfh: corrige una posible desreferencia del puntero NULL devm_add_action_or_reset() puede invocar repentinamente amd_mp2_pci_remove() en el registro, lo que provocará una desreferencia del puntero NULL ya que los datos correspondientes aún no se han inicializado. El parche mueve la inicialización de los datos antes de devm_add_action_or_reset(). Encontrado por el proyecto de verificación de controladores de Linux (linuxtesting.org). [jkosina@suse.cz: rebase] • https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38 https://git.kernel.org/stable/c/d46ef750ed58cbeeba2d9a55c99231c30a172764 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47379 – blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
https://notcve.org/view.php?id=CVE-2021-47379
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094] BUG: KASAN: use-after-free in bfq_io_set_weight_legacy+0xd3/0x160 [693354.105336] Read of size 4 at addr ffff888be0a35664 by task sh/1453338 [693354.105607] CPU: 41 PID: 1453338 Comm: sh Kdump: loaded Not tainted 4.18.0-147 [693354.105610] Hardware name: Huawei 2288H V5/BC11SPSCB0, BIOS 0.81 07/02/2018 [693354.105612] Call Trace: [693354.105621] dump_stack+0xf1/0x19b [693354.105626] ? show_regs_print_info+0x5/0x5 [693354.105634] ? printk+0x9c/0xc3 [693354.105638] ? cpumask_weight+0x1f/0x1f [693354.105648] print_address_description+0x70/0x360 [693354.105654] kasan_report+0x1b2/0x330 [693354.105659] ? bfq_io_set_weight_legacy+0xd3/0x160 [693354.105665] ? • https://git.kernel.org/stable/c/d12ddd843f1877de1f7dd2aeea4907cf9ff3ac08 https://git.kernel.org/stable/c/f58d305887ad7b24986d58e881f6806bb81b2bdf https://git.kernel.org/stable/c/7c2c69e010431b0157c9454adcdd2305809bf9fb https://git.kernel.org/stable/c/858560b27645e7e97aca37ee8f232cccd658fbd2 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47378 – nvme-rdma: destroy cm id before destroy qp to avoid use after free
https://notcve.org/view.php?id=CVE-2021-47378
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishment error flow, don't destroy qp in cm event handler.Just report cm_error to upper level, qp will be destroy in nvme_rdma_alloc_queue() after destroy cm id. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-rdma: destruye cm id antes de destruir qp para evitar su use after free. Siempre debemos destruir cm_id antes de destruir qp para evitar que se produzca un evento cma después de que se destruya qp, lo que puede llevar a use after free. En el flujo de error de establecimiento de conexión RDMA, no destruya qp en el controlador de eventos cm. Simplemente informe cm_error al nivel superior, qp se destruirá en nvme_rdma_alloc_queue() después de destruir cm id. • https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f https://git.kernel.org/stable/c/d268a182c56e8361e19fb781137411643312b994 https://git.kernel.org/stable/c/9817d763dbe15327b9b3ff4404fa6f27f927e744 https://access.redhat.com/security/cve/CVE-2021-47378 https://bugzilla.redhat.com/show_bug.cgi?id=2282362 • CWE-416: Use After Free •