CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47068 – net/nfc: fix use-after-free llcp_sock_bind/connect
https://notcve.org/view.php?id=CVE-2021-47068
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket(... • https://git.kernel.org/stable/c/a1cdd18c49d23ec38097ac2c5b0d761146fc0109 •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47067 – soc/tegra: regulators: Fix locking up when voltage-spread is out of range
https://notcve.org/view.php?id=CVE-2021-47067
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is out of range due to a bug in the code. The max-spread requirement shall be accounted when CPU regulator doesn't have consumers. This problem is observed on Tegra30 Ouya game console once system-wide DVFS is enabled in a device-tree. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: soc/tegra... • https://git.kernel.org/stable/c/783807436f363e5b1ad4d43ba7debbedfcadbb99 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47066 – async_xor: increase src_offs when dropping destination page
https://notcve.org/view.php?id=CVE-2021-47066
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. To support this, it needs to support calculating xor value with different offsets for each r5dev. One offset array is used to record those offsets. In RMW mode, parity page is used as a source page. It sets ASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5. So it needs to add src_list and src... • https://git.kernel.org/stable/c/29bcff787a2593b2126cfaff612c0b4e560022e9 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47065 – rtw88: Fix array overrun in rtw_get_tx_power_params()
https://notcve.org/view.php?id=CVE-2021-47065
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ================================================================================ UBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34 index 5 is out of range for type 'u8 [5]' CPU: 2 PID: 84 Comm: kworker/u16... • https://git.kernel.org/stable/c/fa6dfe6bff246ddd5be3cfe81637f137acd6c294 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47064 – mt76: fix potential DMA mapping leak
https://notcve.org/view.php?id=CVE-2021-47064
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially inherit a non-zero value from stack garbage. If this happens, it will cause DMA mappings for MCU command frames to not be unmapped after completion En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: corrige una posible fuga de mapeo DMA Con buf no inicializado en mt76_dma_tx_queue_skb_raw, su ca... • https://git.kernel.org/stable/c/27d5c528a7ca08dcd44877fdd9fc08b76630bf77 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47063 – drm: bridge/panel: Cleanup connector on bridge detach
https://notcve.org/view.php?id=CVE-2021-47063
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_mode_config_cleanup(). However, since our drm_connector is devm-allocated, by the time drm_mode_config_cleanup() will be called, our connector will be long gone. Therefore, the connector must be cleaned up when the bridge is detached t... • https://git.kernel.org/stable/c/13dfc0540a575b47b2d640b093ac16e9e09474f6 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47061 – KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU
https://notcve.org/view.php?id=CVE-2021-47061
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new null bus. Destroying devices before the bus is nullified could lead to use-after-free since readers expect the devices on their reference of the bus to remain valid. En el kernel de Linux, se ha resuelto la sigui... • https://git.kernel.org/stable/c/f65886606c2d3b562716de030706dfe1bea4ed5e •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47060 – KVM: Stop looking for coalesced MMIO zones if the bus is destroyed
https://notcve.org/view.php?id=CVE-2021-47060
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't instantiate a new bus, unregister_dev() destroys all devices _except_ the target device. But, it doesn't tell the caller that it obliterated the bus and invoked the destructor for all devices that were on the bus. In the coalesced MMIO c... • https://git.kernel.org/stable/c/41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47059 – crypto: sun8i-ss - fix result memory leak on error path
https://notcve.org/view.php?id=CVE-2021-47059
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - fix result memory leak on error path This patch fixes a memory leak on an error path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: sun8i-ss - resultado de corrección de pérdida de memoria en una ruta de error Este parche corrige una pérdida de memoria en una ruta de error. • https://git.kernel.org/stable/c/d9b45418a91773b7672e4c60037a28074b495c6d •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47058 – regmap: set debugfs_name to NULL after it is freed
https://notcve.org/view.php?id=CVE-2021-47058
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debugfs_name. With below function invoking logical, debugfs_name is freed in regmap_debugfs_exit(), but it is not created again because of the if condition introduced by above commit. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_... • https://git.kernel.org/stable/c/5b654b03007917f3f1015b2a5c288c1ea6ae8f65 •