CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48630 – crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
https://notcve.org/view.php?id=CVE-2022-48630
05 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ The commit referenced in the Fixes tag removed the 'break' from the else branch in qcom_rng_read(), causing an infinite loop whenever 'max' is not a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/null There are many ways to fix this without adding back the 'break', but they all seem more awkward than simply adding it back, so do just... • https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48629 – crypto: qcom-rng - ensure buffer for generate is completely filled
https://notcve.org/view.php?id=CVE-2022-48629
05 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcom_rng_generate() doesn't check the return value. This issue can be reproduced by running the following ... • https://git.kernel.org/stable/c/ceec5f5b59882b871a722ca4d49b767a09a4bde9 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47105 – ice: xsk: return xsk buffers back to pool when cleaning the ring
https://notcve.org/view.php?id=CVE-2021-47105
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdp_buff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of the buff pool and never be used again. Add missing xsk_buff_free() call to the routine that is supposed to clean the entries that are left in the ring so that these buffers in the umem can be used by other sockets. A... • https://git.kernel.org/stable/c/2d4238f5569722197612656163d824098208519c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47104 – IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
https://notcve.org/view.php?id=CVE-2021-47104
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 ("Resource leak") En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/qib: corrige la pérdida de memoria en qib_user_sdma_queue_pkts() Se utilizó la etiqueta goto incorrecta para el caso de error y se omitió la limpieza de la asignación de paquetes. Dir... • https://git.kernel.org/stable/c/bda41654b6e0c125a624ca35d6d20beb8015b5d0 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47103 – inet: fully convert sk->sk_rx_dst to RCU rules
https://notcve.org/view.php?id=CVE-2021-47103
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux, one being included in this changelog [1] sk->sk_rx_dst is using RCU protection without clearly documenting it. And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv() are not following standard RCU rules. [a] dst_release(dst); [b] sk->sk_rx_dst = NULL; They look wrong because a delete operation of RCU protected pointer is supposed to clear t... • https://git.kernel.org/stable/c/41063e9dd11956f2d285e12e4342e1d232ba0ea2 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47101 – asix: fix uninit-value in asix_mdio_read()
https://notcve.org/view.php?id=CVE-2021-47101
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/a... • https://git.kernel.org/stable/c/d9fe64e511144c1ee7d7555b4111f09dde9692ef • CWE-457: Use of Uninitialized Variable •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47100 – ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
https://notcve.org/view.php?id=CVE-2021-47100
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a [ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0 [ 141.087464] Oops: 0010 [#1] SMP NOPTI [ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded N... • https://git.kernel.org/stable/c/b2cfd8ab4add53c2070367bfee2f5b738f51698d •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47097 – Input: elantech - fix stack out of bound access in elantech_change_report_id()
https://notcve.org/view.php?id=CVE-2021-47097
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_command() with PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but it's defined in the stack as an array of 2 bytes, therefore we have a potential stack out-of-bounds access here, also confirmed by KASAN: [ 6.512374] BUG:... • https://git.kernel.org/stable/c/9e4815cf178561104881e5d687ef69396aca1c8d • CWE-125: Out-of-bounds Read •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47095 – ipmi: ssif: initialize ssif_info->client early
https://notcve.org/view.php?id=CVE-2021-47095
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssif_info->client early During probe ssif_info->client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error path is taken: [ 30.645593][ T674] ipmi_ssif 0-000e: ipmi_ssif: Not probing, Interface already present [ 30.657616][ T674] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088 ... [ ... • https://git.kernel.org/stable/c/c4436c9149c5d2bc0c49ab57ec85c75ea1c4d61c •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47094 – KVM: x86/mmu: Don't advance iterator after restart due to yielding
https://notcve.org/view.php?id=CVE-2021-47094
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator during tdp_iter_next() and do not advance the iterator. Advancing the iterator results in skipping the top-level SPTE and all its children, which is fatal if any of the skipped SPTEs were not visited before yielding. When zapping all SPTEs, i.e. when min_level == root_level, restarting the iter and then invoking td... • https://git.kernel.org/stable/c/faaf05b00aecdb347ffd1d763d024394ec0329f8 •