CVE-2021-47260 – NFS: Fix a potential NULL dereference in nfs_get_client()
https://notcve.org/view.php?id=CVE-2021-47260
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so this code will lead to an Oops. It's better to return an error pointer. I expect that this is dead code so hopefully no one is affected. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFS: corrija una posible desreferencia NULL en nfs_get_client() Ninguna de las personas que llaman espera retornos NULL de nfs_get_client(), por lo que este código generará un error ¡Oops! Es mejor devolver un puntero de error. • https://git.kernel.org/stable/c/31434f496abb9f3410b10f541462fe58613dd3ad https://git.kernel.org/stable/c/fab8bfdfb4aac9e4e8363666333adfdf21e89106 https://git.kernel.org/stable/c/a979e601000982a3ca693171a6d4dffc47f8ad00 https://git.kernel.org/stable/c/634f17ff1d59905eb3b4bbbc00805961d08beaee https://git.kernel.org/stable/c/4b380a7d84ef2ce3f4f5bec5d8706ed937ac6502 https://git.kernel.org/stable/c/0057ecef9f324007c0ba5fcca4ddd131178ce78b https://git.kernel.org/stable/c/279ad78a00f8b9c5ff24171a59297187a3bd44b7 https://git.kernel.org/stable/c/58ddf61f10b8f9b7b1341644bfee2f1c6 •
CVE-2021-47259 – NFS: Fix use-after-free in nfs4_init_client()
https://notcve.org/view.php?id=CVE-2021-47259
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting somewhere between 5.7 and 5.10, but I traced the patch that introduced the clear_bit() call to 4.13. So something must have changed in the refcounting of the clp pointer to make this call to nfs_put_client() the very last one. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: corrige el manejo de errores de scsi_host_alloc(). Después de que el dispositivo se inicializa mediante device_initialize(), o su nombre se establece mediante dev_set_name(), el dispositivo debe liberarse mediante put_device (). De lo contrario, se filtrará el nombre del dispositivo porque se asigna dinámicamente en dev_set_name(). • https://git.kernel.org/stable/c/8dcbec6d20eb881ba368d0aebc3a8a678aebb1da https://git.kernel.org/stable/c/c7eab9e2d7b4e983ce280276fb920af649955897 https://git.kernel.org/stable/c/42c10b0db064e45f5c5ae7019bbf2168ffab766c https://git.kernel.org/stable/c/3e3c7ebbfac152d08be75c92802a64a1f6471a15 https://git.kernel.org/stable/c/c3b6cf64dfe4ef96e7341508d50d6998da7062c7 https://git.kernel.org/stable/c/72651c6579a25317a90536181d311c663d0329ab https://git.kernel.org/stable/c/476bdb04c501fc64bf3b8464ffddefc8dbe01577 • CWE-416: Use After Free •
CVE-2021-47258 – scsi: core: Fix error handling of scsi_host_alloc()
https://notcve.org/view.php?id=CVE-2021-47258
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via dev_set_name(), the device has to be freed via put_device(). Otherwise device name will be leaked because it is allocated dynamically in dev_set_name(). Fix the leak by replacing kfree() with put_device(). Since scsi_host_dev_release() properly handles IDA and kthread removal, remove special-casing these from the error handling as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: corrige el manejo de errores de scsi_host_alloc(). Después de que el dispositivo se inicializa mediante device_initialize(), o su nombre se establece mediante dev_set_name(), el dispositivo debe liberarse mediante put_device (). • https://git.kernel.org/stable/c/8958181c1663e24a13434448e7d6b96b5d04900a https://git.kernel.org/stable/c/db08ce595dd64ea9859f7d088b51cbfc8e685c66 https://git.kernel.org/stable/c/2dc85045ae65b9302a1d2e2ddd7ce4c030153a6a https://git.kernel.org/stable/c/79296e292d67fa7b5fb8d8c27343683e823872c8 https://git.kernel.org/stable/c/7a696ce1d5d16a33a6cd6400bbcc0339b2460e11 https://git.kernel.org/stable/c/45d83db4728127944b237c0c8248987df9d478e7 https://git.kernel.org/stable/c/66a834d092930cf41d809c0e989b13cd6f9ca006 •
CVE-2021-47257 – net: ieee802154: fix null deref in parse dev addr
https://notcve.org/view.php?id=CVE-2021-47257
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ieee802154: corrige el deref null en analizar dev addr. Se corrige un error lógico que podría resultar en un deref null si el usuario configura el modo incorrectamente para el tipo de dirección dado. • https://git.kernel.org/stable/c/1f95741981c899c4724647291fec5faa3c777185 https://git.kernel.org/stable/c/c6998ccfefa652bac3f9b236821e392af43efa1e https://git.kernel.org/stable/c/5f728ec65485625e30f46e5b4917ff023ad29ea0 https://git.kernel.org/stable/c/d0f47648b87b6d5f204cb7f3cbce6d36dab85a67 https://git.kernel.org/stable/c/c7836de2cadd88bc2f20f2c5a3d4ef4c73aef627 https://git.kernel.org/stable/c/fdd51e34f45311ab6e48d2147cbc2904731b9993 https://git.kernel.org/stable/c/9fdd04918a452980631ecc499317881c1d120b70 https://access.redhat.com/security/cve/CVE-2021-47257 • CWE-476: NULL Pointer Dereference •
CVE-2021-47256 – mm/memory-failure: make sure wait for page writeback in memory_failure
https://notcve.org/view.php?id=CVE-2021-47256
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in clear_inode: kernel BUG at fs/inode.c:519! Internal error: Oops - BUG: 0 [#1] SMP Modules linked in: Process syz-executor.0 (pid: 249, stack limit = 0x00000000a12409d7) CPU: 1 PID: 249 Comm: syz-executor.0 Not tainted 4.19.95 Hardware name: linux,dummy-virt (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : clear_inode+0x280/0x2a8 lr : clear_inode+0x280/0x2a8 Call trace: clear_inode+0x280/0x2a8 ext4_clear_inode+0x38/0xe8 ext4_free_inode+0x130/0xc68 ext4_evict_inode+0xb20/0xcb8 evict+0x1a8/0x3c0 iput+0x344/0x460 do_unlinkat+0x260/0x410 __arm64_sys_unlinkat+0x6c/0xc0 el0_svc_common+0xdc/0x3b0 el0_svc_handler+0xf8/0x160 el0_svc+0x10/0x218 Kernel panic - not syncing: Fatal exception A crash dump of this problem show that someone called __munlock_pagevec to clear page LRU without lock_page: do_mmap -> mmap_region -> do_munmap -> munlock_vma_pages_range -> __munlock_pagevec. As a result memory_failure will call identify_page_state without wait_on_page_writeback. And after truncate_error_page clear the mapping of this page. end_page_writeback won't call sb_clear_inode_writeback to clear inode->i_wb_list. • https://git.kernel.org/stable/c/0bc1f8b0682caa39f45ce1e0228ebf43acb46111 https://git.kernel.org/stable/c/d05267fd27a5c4f54e06daefa3035995d765ca0c https://git.kernel.org/stable/c/6d210d547adc2218ef8b5bcf23518c5f2f1fd872 https://git.kernel.org/stable/c/566345aaabac853aa866f53a219c4b02a6beb527 https://git.kernel.org/stable/c/9e379da727a7a031be9b877cde7b9c34a0fb8306 https://git.kernel.org/stable/c/28788dc5c70597395b6b451dae4549bbaa8e2c56 https://git.kernel.org/stable/c/e8675d291ac007e1c636870db880f837a9ea112a •