CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de no... • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47306 – net: fddi: fix UAF in fza_probe
https://notcve.org/view.php?id=CVE-2021-47306
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot be used after free_netdev() call. Using fp after free_netdev() can cause UAF bug. Fix it by moving free_netdev() after error message. TURBOchannel adapter") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fddi: corrige UAF en fza_probe fp son datos privados de netdev y no se pueden usar después de la llamada a free_netdev(). Usar fp después de fr... • https://git.kernel.org/stable/c/61414f5ec9834df8aa4f55c90de16b71a3d6ca8d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47305 – dma-buf/sync_file: Don't leak fences on merge failure
https://notcve.org/view.php?id=CVE-2021-47305
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the error path, we weren't calling dma_fence_put() so all those fences got leaked. Also, in the krealloc_array failure case, we weren't freeing the fences array. Instead, ensure that i and fences are always zero-initialized and dma_fence_put() all the fences and kfree(fences) on every error path. En el kernel de Linux... • https://git.kernel.org/stable/c/a02b9dc90d844cc7df7b63264e7920cc425052d9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47304 – tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized
https://notcve.org/view.php?id=CVE-2021-47304
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems for congestion control modules (like CDG) that allocate memory in their init functions. The buggy scenario constructed by syzkaller was something like: (1) create a TCP socket (2) initiate a TFO connect via ... • https://git.kernel.org/stable/c/8919a9b31eb4fb4c0a93e5fb350a626924302aa6 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47303 – bpf: Track subprog poke descriptors correctly and fix use-after-free
https://notcve.org/view.php?id=CVE-2021-47303
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program release there is no hook to call map_poke_untrack(). However, on program release, the aux memory (and poke descriptor table) is freed even though we still have a reference to it in the element list of the map aux data. When we run map_poke_run(), we then end up accessing free'd memory, triggering KASAN in prog_array_... • https://git.kernel.org/stable/c/a748c6975dea325da540610c2ba9b5f332c603e6 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47302 – igc: Fix use-after-free error during reset
https://notcve.org/view.php?id=CVE-2021-47302
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igc_poll() runs while the controller is being reset this can lead to the driver try to free a skb that was already freed. Log message: [ 101.525242] refcount_t: underflow; use-after-free. [ 101.525251] WARNING: CPU: 1 PID: 646 at lib/refcount.c:28 refcount_warn_satur... • https://git.kernel.org/stable/c/13b5b7fd6a4a96dffe604f25e7b64cfbd9520924 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47301 – igb: Fix use-after-free error during reset
https://notcve.org/view.php?id=CVE-2021-47301
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runs while the controller is reset this can lead to the driver try to free a skb that was already freed. (The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc) En el kernel de Linux, se... • https://git.kernel.org/stable/c/7cc6fd4c60f267e17b0baef1580d7a6258c0a6f0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47300 – bpf: Fix tail_call_reachable rejection for interpreter when jit failed
https://notcve.org/view.php?id=CVE-2021-47300
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctly and fix use-after-free") under various failure conditions, for example, when jit_subprogs() fails and tries to clean up the program to be run under the interpreter, we ran into the following freeze: [...] #127/8 tailcall_bpf2bpf_3:FAIL [...] [ 92.041251] BUG: KASAN: slab-out-of-bounds in ___bp... • https://git.kernel.org/stable/c/e411901c0b775a3ae7f3e2505f8d2d90ac696178 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47299 – xdp, net: Fix use-after-free in bpf_xdp_link_release
https://notcve.org/view.php?id=CVE-2021-47299
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fix use-after-free in bpf_xdp_link_release The problem occurs between dev_get_by_index() and dev_xdp_attach_link(). At this point, dev_xdp_uninstall() is called. Then xdp link will not be detached automatically when dev is released. But link->dev already points to dev, when xdp link is released, dev will still be accessed, but dev has been released. dev_get_by_index() | link->dev = dev | | rtnl_lock() | unregister_netdevice_many()... • https://git.kernel.org/stable/c/aa8d3a716b59db6c1ad6c68fb8aa05e31980da60 •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47298 – bpf, sockmap: Fix potential memory leak on unlikely error case
https://notcve.org/view.php?id=CVE-2021-47298
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix potential memory leak on unlikely error case If skb_linearize is needed and fails we could leak a msg on the error handling. To fix ensure we kfree the msg block before returning error. Found during code review. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf, sockmap: corrige una posible pérdida de memoria en un caso de error poco probable. Si se necesita skb_linearize y falla, podríamos filtrar un men... • https://git.kernel.org/stable/c/4363023d2668e621b0743db351a9555d6e6ea57e •