CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47490 – drm/ttm: fix memleak in ttm_transfered_destroy
https://notcve.org/view.php?id=CVE-2021-47490
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix memleak in ttm_transfered_destroy We need to cleanup the fences for ghost objects as well. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=214029 Bug: https://bugzilla.kernel.org/show_bug.cgi?id=214447 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/ttm: corrige memleak en ttm_transfered_destroy También necesitamos limpiar las barreras para detectar objetos fantasma. Error: https://bugzilla.kernel.org/sh... • https://git.kernel.org/stable/c/bd99782f3ca491879e8524c89b1c0f40071903bd •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47489 – drm/amdgpu: Fix even more out of bound writes from debugfs
https://notcve.org/view.php?id=CVE-2021-47489
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67 Author: Thelford Williams
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47486 – riscv, bpf: Fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2021-47486
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL, which triggers a NULL dereference. Avoid this by checking the argument, prior calling the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: riscv, bpf: corrige una posible desreferencia NULL La función bpf_jit_b... • https://git.kernel.org/stable/c/ca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47485 – IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
https://notcve.org/view.php?id=CVE-2021-47485
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on user controlled buffers. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/qib: Protege contra el desbordamiento del búfer en los campos de struct qib_user_sdma_pkt. El desbordamiento de add... • https://git.kernel.org/stable/c/f931551bafe1f10ded7f5282e2aa162c267a2e5d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47484 – octeontx2-af: Fix possible null pointer dereference.
https://notcve.org/view.php?id=CVE-2021-47484
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvu_debugfs.c" and "rvu_nix.c" En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: octeontx2-af: Se corrige posible desreferencia del puntero nulo. Este parche corrige la posible desreferencia del puntero nulo en los archivos "rvu_debugfs.c" y "rvu_nix.c" In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/8756828a81485f7b28b588adbf0bac9bf6fc6651 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47483 – regmap: Fix possible double-free in regcache_rbtree_exit()
https://notcve.org/view.php?id=CVE-2021-47483
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode->block' points a freed memory, in the error handling path of regcache_rbtree_init(), 'rbnode->block' will be freed again in regcache_rbtree_exit(), KASAN will report double-free as follows: BUG: KASAN: double-free or invalid-free in ... • https://git.kernel.org/stable/c/3f4ff561bc88b074d5e868dde4012d89cbb06c87 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47482 – net: batman-adv: fix error handling
https://notcve.org/view.php?id=CVE-2021-47482
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleani... • https://git.kernel.org/stable/c/c6c8fea29769d998d94fcec9b9f14d4b52b349d3 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47481 – RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
https://notcve.org/view.php?id=CVE-2021-47481
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an errant set to desc_size in reg_create() causes a crash: BUG: unable to handle page fault for address: 0000000800000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 5 PID: 890 Comm: ib_write_bw Not tainted 5.15.0-rc4+ #47 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu... • https://git.kernel.org/stable/c/a639e66703ee45745dc4057c7c2013ed9e1963a7 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47480 – scsi: core: Put LLD module refcnt after SCSI device is released
https://notcve.org/view.php?id=CVE-2021-47480
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is released because shost->hostt is required in the release handler. Make sure to put LLD module refcnt after SCSI device is released. Fixes a kernel panic of 'BUG: unable to handle page fault for address' reported by... • https://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47479 – staging: rtl8712: fix use-after-free in rtl8712_dl_fw
https://notcve.org/view.php?id=CVE-2021-47479
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see from crash log, that driver accesses released firmware in ->ndo_open() callback. It may happen, since driver was releasing firmware _before_ unregistering netdev. Fix it by moving unregister_netdev() before cleaning up resources. • https://git.kernel.org/stable/c/8c213fa59199f9673d66970d6940fa093186642f •