CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46984 – kyber: fix out of bounds access when preempted
https://notcve.org/view.php?id=CVE-2021-46984
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted __blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and passes the hctx to ->bio_merge(). kyber_bio_merge() then gets the ctx for the current CPU again and uses that to get the corresponding Kyber context in the passed hctx. However, the thread may be preempted between the two calls to blk_mq_get_ctx(), and the ctx returned the second time may no longer correspond to the passed... • https://git.kernel.org/stable/c/a6088845c2bf754d6cb2572b484180680b037804 • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46982 – f2fs: compress: fix race condition of overwrite vs truncate
https://notcve.org/view.php?id=CVE-2021-46982
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate pos_fsstress testcase complains a panic as belew: ------------[ cut here ]------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 [#1] SMP PTI CPU: 4 PID: 2753477 Comm: kworker/u16:2 Tainted: G OE 5.12.0-rc1-custom #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: writeback wb_workfn (flush-252:16) RIP: 0010:prepare_compr... • https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46981 – nbd: Fix NULL pointer in flush_workqueue
https://notcve.org/view.php?id=CVE-2021-46981
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still null. Disconnect /dev/nbdX, then reference a null recv_workq. The protection by config_refs in nbd_genl_disconnect is useless. [ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 656.368943] #PF: supervisor write access in kernel mode [ 656.369844] #PF: error_code(0x0002) - not-present... • https://git.kernel.org/stable/c/e9e006f5fcf2bab59149cb38a48a4817c1b538b4 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46980 – usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
https://notcve.org/view.php?id=CVE-2021-46980
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d ("usb: typec: ucsi: save power data objects in PD mode") introduced retrieval of the PDOs when connected to a PD-capable source. But only the first 4 PDOs are received since that is the maximum number that can be fetched at a time given the MESSAGE_IN length limitation (16 bytes). However, as per the PD spec a connected source may advertise up to a maxim... • https://git.kernel.org/stable/c/4dbc6a4ef06d6a79ff91be6fc2e90f8660031ce0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46977 – KVM: VMX: Disable preemption when probing user return MSRs
https://notcve.org/view.php?id=CVE-2021-46977
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. If the MSR holds a different value per logical CPU, the WRMSR could corrupt the host's value if KVM is preempted between the RDMSR and WRMSR, and then rescheduled on a different CPU. Opportunistically land the helper in common x86, SVM will use the helper in a future commit. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/4be5341026246870818e28b53202b001426a5aec •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46976 – drm/i915: Fix crash in auto_retire
https://notcve.org/view.php?id=CVE-2021-46976
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. However, the auto_retire function is not guaranteed to be aligned to a multiple of 4, which causes crashes as we jump to the wrong address, for example like this: 2021-04-24T18:03:53.804300Z WARNING kernel: [ 516.876901] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI 2021-04-24T18:03:53.804310Z WARNING kernel: [ 516.8... • https://git.kernel.org/stable/c/229007e02d697b0662f85378aae53531b0dfea05 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36787 – media: aspeed: fix clock handling logic
https://notcve.org/view.php?id=CVE-2020-36787
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine reset 10ms delay Enable vclk It introduces improper reset on the Video Engine hardware and eventually the hardware generates unexpected DMA memory transfers that can corrupt memory region in random and sporadic patt... • https://git.kernel.org/stable/c/d2b4387f3bdf016e266d23cf657465f557721488 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36785 – media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
https://notcve.org/view.php?id=CVE-2020-36785
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the "asd->s3a_stats" list. It leads to a double free and a use after free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: atomisp: Corrige el use after free en atomisp_alloc_css_stat_bufs() El "s3a_buf" se libera junto con todos los demás elementos de la lista "asd->s3a_stats". Conduce a... • https://git.kernel.org/stable/c/ad85094b293e40e7a2f831b0311a389d952ebd5e •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36784 – i2c: cadence: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36784
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la sig... • https://git.kernel.org/stable/c/7fa32329ca03148fb2c07b4ef3247b8fc0488d6a •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36783 – i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36783
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions img_i2c_xfer and img_i2c_init. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la siguien... • https://git.kernel.org/stable/c/93222bd9b966105f43418fd336654ad10045783a •