CVE-2021-47362 – drm/amd/pm: Update intermediate power state for SI
https://notcve.org/view.php?id=CVE-2021-47362
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference. For ex: on platforms where PCI speed change is supported through ACPI ATCS method, the link speed of current state needs to be queried before deciding on changing to final power state's link speed. The logic to query ATCS-support was broken on certain platforms. The issue became visible when broken ATCS-support logic got fixed with commit f9b7f3703ff9 ("drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)"). Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Actualizar el estado de energía intermedio para SI. Actualiza el estado actual como estado de arranque durante la inicialización de dpm. Durante la inicialización posterior, se llama a set_power_state para realizar la transición al estado de energía final. set_power_state se refiere a valores del estado actual y sin el estado actual poblado, podría resultar en una desreferencia del puntero NULL. • https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68 https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105 https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa •
CVE-2021-47361 – mcb: fix error handling in mcb_alloc_bus()
https://notcve.org/view.php?id=CVE-2021-47361
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mcb: corrige el manejo de errores en mcb_alloc_bus() Hay dos errores: 1) Si ida_simple_get() falla, entonces este código llama a put_device(carrier) pero aún no hemos llamado a get_device( transportista) y probablemente eso conduzca a un uso posterior gratuito. 2) Después de device_initialize() entonces necesitamos usar put_device() para liberar el bus. Esto liberará los recursos internos vinculados al dispositivo y llamará a mcb_free_bus() que liberará el resto. • https://git.kernel.org/stable/c/5d9e2ab9fea4cdf0a2522f5cbed2e7fbb220d757 https://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea https://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f https://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b https://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0 https://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0 https://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499 https://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952 •
CVE-2021-47360 – binder: make sure fd closes complete
https://notcve.org/view.php?id=CVE-2021-47360
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: carpeta: asegúrese de que fd se cierre por completo Durante el procesamiento BC_FREE_BUFFER, la limpieza del objeto BINDER_TYPE_FDA puede cerrar 1 o más fds. Las operaciones de cierre se completan utilizando el mecanismo de trabajo de tareas, lo que significa que el hilo debe regresar al espacio de usuario o es posible que nunca se elimine la referencia al objeto de archivo, lo que puede llevar a procesos bloqueados. Fuerce el hilo de la carpeta a regresar al espacio de usuario si se cierra un fd durante el manejo de BC_FREE_BUFFER. • https://git.kernel.org/stable/c/80cd795630d6526ba729a089a435bf74a57af927 https://git.kernel.org/stable/c/27564d8d5d12d2ff197055346069c6bdbe08a8c2 https://git.kernel.org/stable/c/aa2c274c279ff365a06a4cba263f04965895166e https://git.kernel.org/stable/c/d5b0473707fa53b03a5db0256ce62b2874bddbc7 https://git.kernel.org/stable/c/b95483d8d94b41fa31a84c1d86710b7907a37621 https://git.kernel.org/stable/c/5fdb55c1ac9585eb23bb2541d5819224429e103d •
CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos! • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 https://git.kernel.org/stable/c/71826b068884050d5fdd37fda857ba1539c513d3 •
CVE-2020-36788 – drm/nouveau: avoid a use-after-free when BO init fails
https://notcve.org/view.php?id=CVE-2020-36788
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: evita un use after free cuando falla BO init nouveau_bo_init() está respaldado por ttm_bo_init() y envía su código de retorno de regreso a la persona que llama. En caso de falla, ttm_bo_init() invoca el destructor proporcionado que debería desinicializar y liberar la memoria. Por lo tanto, cuando nouveau_bo_init() devuelve un error, el objeto gema ya ha sido liberado y la memoria ha sido liberada por nouveau_bo_del_ttm(). • https://git.kernel.org/stable/c/019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 https://git.kernel.org/stable/c/f86e19d918a85492ad1a01fcdc0ad5ecbdac6f96 https://git.kernel.org/stable/c/548f2ff8ea5e0ce767ae3418d1ec5308990be87d https://git.kernel.org/stable/c/bcf34aa5082ee2343574bc3f4d1c126030913e54 •