CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47453 – ice: Avoid crash from unnecessary IDA free
https://notcve.org/view.php?id=CVE-2021-47453
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Avoid crash from unnecessary IDA free In the remove path, there is an attempt to free the aux_idx IDA whether it was allocated or not. This can potentially cause a crash when unloading the driver on systems that do not initialize support for RDMA. But, this free cannot be gated by the status bit for RDMA, since it is allocated if the driver detects support for RDMA at probe time, but the driver can enter into a state where RDMA is not ... • https://git.kernel.org/stable/c/d25a0fc41c1f927bb914e72a03c1898052557406 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47452 – netfilter: nf_tables: skip netdev events generated on netns removal
https://notcve.org/view.php?id=CVE-2021-47452
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline] nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline] __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524 nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline] ... • https://git.kernel.org/stable/c/767d1216bff82507c945e92fe719dff2083bb2f4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47451 – netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value
https://notcve.org/view.php?id=CVE-2021-47451
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value Currently, when the rule related to IDLETIMER is added, idletimer_tg timer structure is initialized by kmalloc on executing idletimer_tg_create function. However, in this process timer->timer_type is not defined to a specific value. Thus, timer->timer_type has garbage value and it occurs kernel panic. So, this commit fixes the panic by initializing timer->timer... • https://git.kernel.org/stable/c/68983a354a655c35d3fb204489d383a2a051fda7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47450 – KVM: arm64: Fix host stage-2 PGD refcount
https://notcve.org/view.php?id=CVE-2021-47450
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2 PGDs individually. However, when running KVM in protected mode, the host's stage-2 PGD is currently managed by EL2 as a single high-order compound page, which can cause the refcount of the tail pages to reach 0 when they shouldn't, hence corrupting the page-table. Fix this by introducing a new hyp_split_page() helper in the EL2 p... • https://git.kernel.org/stable/c/1025c8c0c6accfcbdc8f52ca1940160f65cd87d6 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-47449 – ice: fix locking for Tx timestamp tracking flush
https://notcve.org/view.php?id=CVE-2021-47449
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for device removal. This lock is problematic because it is being held around a call to ice_clear_phy_tstamp. The clear function takes a mutex to send a PHY write command to firmware. This could lead to a deadlock if t... • https://git.kernel.org/stable/c/46720ac66c21bf85e08823664b7b314b85e43f26 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47448 – mptcp: fix possible stall on recvmsg()
https://notcve.org/view.php?id=CVE-2021-47448
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the peer. When the above happens, mptcp_wait_data() will always return with no wait, as the MPTCP_DATA_READY flag checked by such function is set and never cleared in such code path. Leveraging the above syzbot was a... • https://git.kernel.org/stable/c/7a6a6cbc3e592e339ad23e4e8ede9a3f6160bda8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47447 – drm/msm/a3xx: fix error handling in a3xx_gpu_init()
https://notcve.org/view.php?id=CVE-2021-47447
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a3xx: fix error handling in a3xx_gpu_init() These error paths returned 1 on failure, instead of a negative error code. This would lead to an Oops in the caller. A second problem is that the check for "if (ret != -ENODATA)" did not work because "ret" was set to 1. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/msm/a3xx: corrige el manejo de errores en a3xx_gpu_init() Estas rutas de error devolvieron 1 en caso de ... • https://git.kernel.org/stable/c/5785dd7a8ef0de8049f40a1a109de6a1bf17b479 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47446 – drm/msm/a4xx: fix error handling in a4xx_gpu_init()
https://notcve.org/view.php?id=CVE-2021-47446
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a4xx: fix error handling in a4xx_gpu_init() This code returns 1 on error instead of a negative error. It leads to an Oops in the caller. A second problem is that the check for "if (ret != -ENODATA)" cannot be true because "ret" is set to 1. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/a4xx: corrige el manejo de errores en a4xx_gpu_init() Este código devuelve 1 en caso de error en lugar de un error negat... • https://git.kernel.org/stable/c/5785dd7a8ef0de8049f40a1a109de6a1bf17b479 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47445 – drm/msm: Fix null pointer dereference on pointer edp
https://notcve.org/view.php?id=CVE-2021-47445
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereference on pointer edp The initialization of pointer dev dereferences pointer edp before edp is null checked, so there is a potential null pointer deference issue. Fix this by only dereferencing edp after edp has been null checked. Addresses-Coverity: ("Dereference before null check") En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/msm: corrige la desreferencia del puntero nulo en el puntero... • https://git.kernel.org/stable/c/ab5b0107ccf3821a6837b0f2819270d6fa0b278f •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47444 – drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
https://notcve.org/view.php?id=CVE-2021-47444
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read In commit e11f5bd8228f ("drm: Add support for DP 1.4 Compliance edid corruption test") the function connector_bad_edid() started assuming that the memory for the EDID passed to it was big enough to hold `edid[0x7e] + 1` blocks of data (1 extra for the base block). It completely ignored the fact that the function was passed `num_blocks` which indicated how much memory had be... • https://git.kernel.org/stable/c/e11f5bd8228fc3760c221f940b9f6365dbf3e7ed •