CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47592 – net: stmmac: fix tc flower deletion for VLAN priority Rx steering
https://notcve.org/view.php?id=CVE-2021-47592
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev $IFDEVNAME root mqprio num_tc 8 \ map 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 hw 0 $ tc filter add dev $IFDEVNAME parent ffff: protocol 802.1Q \ flower vlan_prio 0 hw_tc 0 2) ... • https://git.kernel.org/stable/c/0e039f5cf86ce2fcb62077a163e7ff3d7b7b7cf3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47591 – mptcp: remove tcp ulp setsockopt support
https://notcve.org/view.php?id=CVE-2021-47591
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. • https://git.kernel.org/stable/c/d9e4c129181004ec94b315b0c9db5eeb09da75e6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47590 – mptcp: fix deadlock in __mptcp_push_pending()
https://notcve.org/view.php?id=CVE-2021-47590
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mptcp: corrige el pun... • https://git.kernel.org/stable/c/1b3e7ede1365a24db1b4fd837e58a595f52fa4ad • CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47589 – igbvf: fix double free in `igbvf_probe`
https://notcve.org/view.php?id=CVE-2021-47589
19 Jun 2024 — igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] Allocated by task 366: [ 35.166414] ____kasan_kmalloc+0xc4/0xf0 [ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713] [ 35.179993] Freed by task 366: [ 35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_fre... • https://git.kernel.org/stable/c/d4e0fe01a38a073568aee541a0247fe734095979 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47588 – sit: do not call ipip6_dev_free() from sit_init_net()
https://notcve.org/view.php?id=CVE-2021-47588
19 Jun 2024 — syzbot reported: dst_release underflow WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 Modules linked in: CPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173 Code: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1... • https://git.kernel.org/stable/c/cf124db566e6b036b8bcbe8decbed740bdfac8c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47587 – net: systemport: Add global locking for descriptor lifecycle
https://notcve.org/view.php?id=CVE-2021-47587
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared re... • https://git.kernel.org/stable/c/80105befdb4b8cea924711b40b2462b87df65b62 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47586 – net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
https://notcve.org/view.php?id=CVE-2021-47586
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds... • https://git.kernel.org/stable/c/3bb3d6b1c1957e88bfc5e77a4557f7e6ba761fe3 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47585 – btrfs: fix memory leak in __add_inode_ref()
https://notcve.org/view.php?id=CVE-2021-47585
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not freed, which will lead to a memory leak. There is a similar snippet of code in this function as allocating a memory chunk for victim_name in line 1104 (#1) as well as releasing the memory in line 1116 (#2). ... ret) { 1241 retur... • https://git.kernel.org/stable/c/d3316c8233bb05e0dd855d30aac347bb8ad76ee4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47584 – iocost: Fix divide-by-zero on donation from low hweight cgroup
https://notcve.org/view.php?id=CVE-2021-47584
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have is 2 so that it can donate 1 while keeping the other 1 for itself. In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculati... • https://git.kernel.org/stable/c/f1de2439ec43b74764f2a26e3a310b24407e3bde •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47583 – media: mxl111sf: change mutex_init() location
https://notcve.org/view.php?id=CVE-2021-47583
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medio: mxl111sf: cambiar la ubicación de mutex_init() Syzbo... • https://git.kernel.org/stable/c/8572211842afc53c8450fb470f2b8d02ba7592e0 •