CVE-2021-46928 – parisc: Clear stale IIR value on instruction access rights trap
https://notcve.org/view.php?id=CVE-2021-46928
In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 (Instruction access rights) occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this case it seems the CPU didn't even fetched the instruction from memory and thus did not store it in the cr19 (IIR) register before calling the trap handler. So, the trap handler will find some random old stale value in cr19. This patch simply overwrites the stale IIR value with a constant magic "bad food" value (0xbaadf00d), in the hope people don't start to try to understand the various random IIR values in trap 7 dumps. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: parisc: borra el valor IIR obsoleto en la trampa de derechos de acceso a instrucciones Cuando ocurre una trampa 7 (derechos de acceso a instrucciones), esto significa que la CPU no pudo ejecutar una instrucción debido a que faltan permisos de ejecución en la región de la memoria. En este caso, parece que la CPU ni siquiera obtuvo la instrucción de la memoria y, por lo tanto, no la almacenó en el registro cr19 (IIR) antes de llamar al controlador de trampas. • https://git.kernel.org/stable/c/d01e9ce1af6116f812491d3d3873d204f10ae0b8 https://git.kernel.org/stable/c/e96373f0a5f484bc1e193f9951dcb3adf24bf3f7 https://git.kernel.org/stable/c/484730e5862f6b872dca13840bed40fd7c60fa26 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-46926 – ALSA: hda: intel-sdw-acpi: harden detection of controller
https://notcve.org/view.php?id=CVE-2021-46926
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: reforzar la detección del controlador El código existente actualmente establece un puntero a un identificador ACPI antes de verificar que en realidad es un controlador SoundWire. Esto puede provocar problemas en los que el recorrido del gráfico continúa y finalmente falla, pero el puntero ya estaba configurado. Este parche cambia la lógica para que la información proporcionada a la persona que llama se establezca cuando se encuentra un controlador. • https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad •
CVE-2021-46906 – HID: usbhid: fix info leak in hid_submit_ctrl
https://notcve.org/view.php?id=CVE-2021-46906
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: corrige fuga de información en hid_submit_ctrl En hid_submit_ctrl(), la forma de calcular la longitud del informe no tiene en cuenta que el tamaño del informe->puede ser cero. • https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366 https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0 https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82 https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1 https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9 https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8 https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5d • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2020-36775 – f2fs: fix to avoid potential deadlock
https://notcve.org/view.php?id=CVE-2020-36775
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like we did in f2fs_write_single_data_page(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para evitar un posible interbloqueo Usando f2fs_trylock_op() en f2fs_write_compressed_pages() para evitar un posible interbloqueo como lo hicimos en f2fs_write_single_data_page(). • https://git.kernel.org/stable/c/0478ccdc8ea016de1ebaf6fe6da0275c2b258c5b https://git.kernel.org/stable/c/8e8542437bb4070423c9754d5ba270ffdbae8c8d https://git.kernel.org/stable/c/df77fbd8c5b222c680444801ffd20e8bbc90a56e • CWE-667: Improper Locking •
CVE-2019-25160 – netlabel: fix out-of-bounds memory accesses
https://notcve.org/view.php?id=CVE-2019-25160
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlabel: corrige accesos a memoria fuera de los límites Hay dos accesos a memoria fuera de los límites de matriz, uno en cipso_v4_map_lvl_valid() y el otro en netlbl_bitmap_walk(). Ambos errores son vergonzosamente simples y las soluciones son sencillas. Para su información, cualquiera que esté implementando este parche en kernels anteriores a v4.8, querrá aplicar el parche netlbl_bitmap_walk() a cipso_v4_bitmap_walk() ya que netlbl_bitmap_walk() no existe antes de Linux v4.8. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba6413 • CWE-125: Out-of-bounds Read •