CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47475 – comedi: vmk80xx: fix transfer-buffer overflows
https://notcve.org/view.php?id=CVE-2021-47475
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle al... • https://git.kernel.org/stable/c/985cafccbf9b7f862aa1c5ee566801e18b5161fb •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47474 – comedi: vmk80xx: fix bulk-buffer overflow
https://notcve.org/view.php?id=CVE-2021-47474
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doing bulk transfers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: comedi: vmk80xx: corrige el desbordamiento masivo del búfer El controlador utiliza búferes del tamaño de un endpoint, pero no debe a... • https://git.kernel.org/stable/c/985cafccbf9b7f862aa1c5ee566801e18b5161fb •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47473 – scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()
https://notcve.org/view.php?id=CVE-2021-47473
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change: bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN bsg_job->request->msgcode != FC_BSG_RPT_ELS but changed it to: bsg_job->request->msgcode == FC_BSG_RPT_ELS instead. Change the == to a != to avoid leaking the fcport structure or freeing unallocat... • https://git.kernel.org/stable/c/8c0eb596baa51f2b43949c698c644727ef17805c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47471 – drm: mxsfb: Fix NULL pointer dereference crash on unload
https://notcve.org/view.php?id=CVE-2021-47471
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference crash on unload The mxsfb->crtc.funcs may already be NULL when unloading the driver, in which case calling mxsfb_irq_disable() via drm_irq_uninstall() from mxsfb_unload() leads to NULL pointer dereference. Since all we care about is masking the IRQ and mxsfb->base is still valid, just use that to clear and mask the IRQ. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm: mxsfb: corri... • https://git.kernel.org/stable/c/ae1ed0093281939b80664a687689f12436c0e874 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47470 – mm, slub: fix potential use-after-free in slab_debugfs_fops
https://notcve.org/view.php?id=CVE-2021-47470
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a use-after-free. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm, slub: corrige el posible use-after-free en slab_debugfs_fops Cuando sysfs_slab_add falla, no debemos llamar a debugfs_slab_add() para s porque s se... • https://git.kernel.org/stable/c/64dd68497be76ab4e237cca06f5324e220d0f050 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47469 – spi: Fix deadlock when adding SPI controllers on SPI buses
https://notcve.org/view.php?id=CVE-2021-47469
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of d... • https://git.kernel.org/stable/c/aa3f3d7bef59583f2d3234173105a27ff61ef8fe •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47468 – isdn: mISDN: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2021-47468
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turn... • https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47467 – kunit: fix reference count leak in kfree_at_end
https://notcve.org/view.php?id=CVE-2021-47467
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the returned resource object, whose refcount increased inside, causing a refcount leak. Fix this issue by calling kunit_alloc_resource() instead of kunit_alloc_and_get_resource(). Fixed the following when applying: Shuah Khan
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47466 – mm, slub: fix potential memoryleak in kmem_cache_open()
https://notcve.org/view.php?id=CVE-2021-47466
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm, slub: corrige una posible pérdida de memoria en kmem_cache_open() En la ruta del error, es posible que se haya filtrado el random_seq del caché slub. Solucione este problema us... • https://git.kernel.org/stable/c/210e7a43fa905bccafa9bb5966fba1d71f33eb8b • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47465 – KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
https://notcve.org/view.php?id=CVE-2021-47465
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocated a stack frame on the emergency stack, but didn't use the frame to store anything, and also didn't store anything in its caller's frame. idle_kvm_start_guest() on the other hand is written more like a normal C function, it creates a ... • https://git.kernel.org/stable/c/10d91611f426d4bafd2a83d966c36da811b2f7ad •