CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47589 – igbvf: fix double free in `igbvf_probe`
https://notcve.org/view.php?id=CVE-2021-47589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which is added by `netif_napi_add` in igbvf_alloc_queues(). Ho... • https://git.kernel.org/stable/c/d4e0fe01a38a073568aee541a0247fe734095979 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47588 – sit: do not call ipip6_dev_free() from sit_init_net()
https://notcve.org/view.php?id=CVE-2021-47588
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against multiple invocations, but other drivers do not implement this strategy. syzbot reported: dst_release underflow WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 Modules linked in: CP... • https://git.kernel.org/stable/c/cf124db566e6b036b8bcbe8decbed740bdfac8c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47587 – net: systemport: Add global locking for descriptor lifecycle
https://notcve.org/view.php?id=CVE-2021-47587
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. This creates an opportunity for the SYSTEMPORT hardware to work on corrupted descriptors if we have multiple producers at once which is the case when using multiple transmit que... • https://git.kernel.org/stable/c/80105befdb4b8cea924711b40b2462b87df65b62 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47586 – net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
https://notcve.org/view.php?id=CVE-2021-47586
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. It seems that mostly this happens to contain zero anyway, so we get lucky and everything still works. To avoid adding redundant data to nearly all the ops structures... • https://git.kernel.org/stable/c/3bb3d6b1c1957e88bfc5e77a4557f7e6ba761fe3 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47585 – btrfs: fix memory leak in __add_inode_ref()
https://notcve.org/view.php?id=CVE-2021-47585
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not freed, which will lead to a memory leak. There is a similar snippet of code in this function as allocating a memory chunk for victim_name in line 1104 (#1) as well as releasing the memory in line 1116 (#2). We should kfree() victim_nam... • https://git.kernel.org/stable/c/d3316c8233bb05e0dd855d30aac347bb8ad76ee4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47584 – iocost: Fix divide-by-zero on donation from low hweight cgroup
https://notcve.org/view.php?id=CVE-2021-47584
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have is 2 so that it can donate 1 while keeping the other 1 for itself. Earlier, we only donated from cgroups with sizable surpluses so this condition was always true. However, with the precise donation algorithm implemented, f1de2439ec43 ... • https://git.kernel.org/stable/c/f1de2439ec43b74764f2a26e3a310b24407e3bde •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47583 – media: mxl111sf: change mutex_init() location
https://notcve.org/view.php?id=CVE-2021-47583
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was in ->init() function, but dvb_usbv2_init() has this order of calls: dvb_usbv2_init() dvb_usbv2_adapter_init() dvb_usbv2_adapter_frontend_init() props->frontend_attach() props->init() Since mxl111sf_* devices call mxl111sf_ctrl_msg() in... • https://git.kernel.org/stable/c/8572211842afc53c8450fb470f2b8d02ba7592e0 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47582 – USB: core: Make do_proc_control() and do_proc_bulk() killable
https://notcve.org/view.php?id=CVE-2021-47582
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds", as found in testing by syzbot: INFO: task syz-ex... • https://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6 • CWE-667: Improper Locking •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47580 – scsi: scsi_debug: Fix type in min_t to avoid stack OOB
https://notcve.org/view.php?id=CVE-2021-47580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used causing stack out of bounds. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976 Read of size 127 at a... • https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47579 – ovl: fix warning in ovl_create_real()
https://notcve.org/view.php?id=CVE-2021-47579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such a warning, call ovl_mkdir_real() directly from ovl_workdir_create(... • https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8 • CWE-457: Use of Uninitialized Variable •