CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47103 – inet: fully convert sk->sk_rx_dst to RCU rules
https://notcve.org/view.php?id=CVE-2021-47103
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux, one being included in this changelog [1] sk->sk_rx_dst is using RCU protection without clearly documenting it. And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv() are not following standard RCU rules. [a] dst_release(dst); [b] sk->sk_rx_dst = NULL; They look wrong because a delete operation of RCU protected pointer is supposed to clear t... • https://git.kernel.org/stable/c/41063e9dd11956f2d285e12e4342e1d232ba0ea2 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47101 – asix: fix uninit-value in asix_mdio_read()
https://notcve.org/view.php?id=CVE-2021-47101
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/a... • https://git.kernel.org/stable/c/d9fe64e511144c1ee7d7555b4111f09dde9692ef • CWE-457: Use of Uninitialized Variable •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47100 – ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
https://notcve.org/view.php?id=CVE-2021-47100
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a [ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0 [ 141.087464] Oops: 0010 [#1] SMP NOPTI [ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded N... • https://git.kernel.org/stable/c/b2cfd8ab4add53c2070367bfee2f5b738f51698d •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47097 – Input: elantech - fix stack out of bound access in elantech_change_report_id()
https://notcve.org/view.php?id=CVE-2021-47097
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_command() with PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but it's defined in the stack as an array of 2 bytes, therefore we have a potential stack out-of-bounds access here, also confirmed by KASAN: [ 6.512374] BUG:... • https://git.kernel.org/stable/c/9e4815cf178561104881e5d687ef69396aca1c8d • CWE-125: Out-of-bounds Read •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47095 – ipmi: ssif: initialize ssif_info->client early
https://notcve.org/view.php?id=CVE-2021-47095
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssif_info->client early During probe ssif_info->client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error path is taken: [ 30.645593][ T674] ipmi_ssif 0-000e: ipmi_ssif: Not probing, Interface already present [ 30.657616][ T674] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088 ... [ ... • https://git.kernel.org/stable/c/c4436c9149c5d2bc0c49ab57ec85c75ea1c4d61c •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47094 – KVM: x86/mmu: Don't advance iterator after restart due to yielding
https://notcve.org/view.php?id=CVE-2021-47094
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator during tdp_iter_next() and do not advance the iterator. Advancing the iterator results in skipping the top-level SPTE and all its children, which is fatal if any of the skipped SPTEs were not visited before yielding. When zapping all SPTEs, i.e. when min_level == root_level, restarting the iter and then invoking td... • https://git.kernel.org/stable/c/faaf05b00aecdb347ffd1d763d024394ec0329f8 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47093 – platform/x86: intel_pmc_core: fix memleak on registration failure
https://notcve.org/view.php?id=CVE-2021-47093
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel_pmc_core: fix memleak on registration failure In case device registration fails during module initialisation, the platform device structure needs to be freed using platform_device_put() to properly free all resources (e.g. the device name). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: intel_pmc_core: corrige memleak en falla de registro En caso de que el registro del dispositivo falle d... • https://git.kernel.org/stable/c/938835aa903ae19ad62805134f79bbcf20fc3bea •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47091 – mac80211: fix locking in ieee80211_start_ap error path
https://notcve.org/view.php?id=CVE-2021-47091
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context, as even encoded by the lockdep_assert_held() there. Fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: corrige el bloqueo en la ruta de error ieee80211_start_ap Necesitamos mantener local->mtx para liberar el contexto del canal, incluso codificado por lockdep_assert_held() allí. Arreglalo. I... • https://git.kernel.org/stable/c/295b02c4be74bebf988593b8322369513fcecf68 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47090 – mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
https://notcve.org/view.php?id=CVE-2021-47090
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Hulk Robot reported a panic in put_page_testzero() when testing madvise() with MADV_SOFT_OFFLINE. The BUG() is triggered when retrying get_any_page(). This is because we keep MF_COUNT_INCREASED flag in second try but the refcnt is not increased. page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) ------------[ cut here ]------------ kernel BUG at include/linux/m... • https://git.kernel.org/stable/c/b94e02822debdf0cc473556aad7dcc859f216653 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47087 – tee: optee: Fix incorrect page free bug
https://notcve.org/view.php?id=CVE-2021-47087
04 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tee: optee: corrige el error de liberación de página incorrecta. El puntero a la... • https://git.kernel.org/stable/c/3c712f14d8a9354a8807c15c64c8dd334499cc42 •