CVE-2021-47360 – binder: make sure fd closes complete
https://notcve.org/view.php?id=CVE-2021-47360
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: carpeta: asegúrese de que fd se cierre por completo Durante el procesamiento BC_FREE_BUFFER, la limpieza del objeto BINDER_TYPE_FDA puede cerrar 1 o más fds. Las operaciones de cierre se completan utilizando el mecanismo de trabajo de tareas, lo que significa que el hilo debe regresar al espacio de usuario o es posible que nunca se elimine la referencia al objeto de archivo, lo que puede llevar a procesos bloqueados. Fuerce el hilo de la carpeta a regresar al espacio de usuario si se cierra un fd durante el manejo de BC_FREE_BUFFER. • https://git.kernel.org/stable/c/80cd795630d6526ba729a089a435bf74a57af927 https://git.kernel.org/stable/c/27564d8d5d12d2ff197055346069c6bdbe08a8c2 https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d •
CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos! • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 https://git.kernel.org/stable/c/71826b068884050d5fdd37fda857ba1539c513d3 •
CVE-2020-36788 – drm/nouveau: avoid a use-after-free when BO init fails
https://notcve.org/view.php?id=CVE-2020-36788
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: evita un use after free cuando falla BO init nouveau_bo_init() está respaldado por ttm_bo_init() y envía su código de retorno de regreso a la persona que llama. En caso de falla, ttm_bo_init() invoca el destructor proporcionado que debería desinicializar y liberar la memoria. Por lo tanto, cuando nouveau_bo_init() devuelve un error, el objeto gema ya ha sido liberado y la memoria ha sido liberada por nouveau_bo_del_ttm(). • https://git.kernel.org/stable/c/019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96 https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54 •
CVE-2021-47358 – staging: greybus: uart: fix tty use after free
https://notcve.org/view.php?id=CVE-2021-47358
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: greybus: uart: corrige el use after free de tty. El espacio de usuario puede mantener un tty abierto indefinidamente y los controladores de tty no deben liberar las estructuras subyacentes hasta que el último usuario se haya ido. Cambie al uso del contador de referencia del puerto tty para administrar la vida útil del estado tty de greybus para evitar su uso después de una desconexión. • https://git.kernel.org/stable/c/a18e15175708d39abbe9746ddc3479466b7800c3 https://git.kernel.org/stable/c/92b67aaafb7c449db9f0c3dcabc0ff967cb3a42d https://git.kernel.org/stable/c/64062fcaca8872f063ec9da011e7bf30470be33f https://git.kernel.org/stable/c/a5cfd51f6348e8fd7531461366946039c29c7e69 https://git.kernel.org/stable/c/4dc56951a8d9d61d364d346c61a5f1d70b4f5e14 https://git.kernel.org/stable/c/b9e697e60ce9890e9258a73eb061288e7d68e5e6 https://git.kernel.org/stable/c/9872ff6fdce8b229f01993b611b5d1719cb70ff1 https://git.kernel.org/stable/c/92dc0b1f46e12cfabd28d709bb34f7a39 •
CVE-2021-47357 – atm: iphase: fix possible use-after-free in ia_module_exit()
https://notcve.org/view.php?id=CVE-2021-47357
In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: iphase: corrige posible use after free en ia_module_exit(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 https://git.kernel.org/stable/c/a832ee2f2145f57443b2d565f8cb5490e8339f42 https://git.kernel.org/stable/c/bcdd2be48edd8c6867fb44112cb8d18086beae29 https://git.kernel.org/stable/c/89ce0b0747f319eb70f85bc820dcc43cebbd5417 https://git.kernel.org/stable/c/c9172498d4d62c9b64e5fb37c1ee0343e65fe51b https://git.kernel.org/stable/c/e759ff76ebbbfcdcf83b6634c54dc47828573d8b https://git.kernel.org/stable/c/b58d246a058ae88484758cd4ab27b3180fd5ecf8 https://git.kernel.org/stable/c/d1fb12412874c94ad037e11d0ecdd1140 •