CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47540 – mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
https://notcve.org/view.php?id=CVE-2021-47540
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_mode routine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find an IBSS to join [ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69 [ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 103.073670] Mem abort ... • https://git.kernel.org/stable/c/37f4ca907c462d7c8a1ac9e7e3473681b5f893dd • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47539 – rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
https://notcve.org/view.php?id=CVE-2021-47539
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as it holds a ref to rxrpc_peer. [DH: v2: Changed to abstract out the bundle freeing code into a function] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rxrpc: corrige la fuga de rxrpc_peer en rxrpc_look_up_bundle() Es necesario llamar a rxrpc_put_peer() para el paquete candidato antes de kfree(), ya que c... • https://git.kernel.org/stable/c/245500d853e9f20036cec7df4f6984ece4c6bf26 •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47538 – rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
https://notcve.org/view.php?id=CVE-2021-47538
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a function] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rxrpc: corrigió la fuga de rxrpc_local en rxrpc_lookup_peer() Es necesario llamar a rxrpc_put_local() para el candidato par antes de kfree(), ya que contiene ... • https://git.kernel.org/stable/c/e8e51ce79c157188e209e5ea0afaf6b42dd76104 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47537 – octeontx2-af: Fix a memleak bug in rvu_mbox_init()
https://notcve.org/view.php?id=CVE-2021-47537
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_regions'. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inco... • https://git.kernel.org/stable/c/98c5611163603d3d8012b1bf64ab48fd932cf734 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47536 – net/smc: fix wrong list_del in smc_lgr_cleanup_early
https://notcve.org/view.php?id=CVE-2021-47536
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix wrong list_del in smc_lgr_cleanup_early smc_lgr_cleanup_early() meant to delete the link group from the link group list, but it deleted the list head by mistake. This may cause memory corruption since we didn't remove the real link group from the list and later memseted the link group structure. We got a list corruption panic when testing: [ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000... • https://git.kernel.org/stable/c/a0a62ee15a829ebf8aeec55a4f1688230439b3e0 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47535 – drm/msm/a6xx: Allocate enough space for GMU registers
https://notcve.org/view.php?id=CVE-2021-47535
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we didn't change the memory allocation for the array. That leads to a KASAN warning (this was on the chromeos-5.4 kernel, which has the problematic commit backported to it): BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144... • https://git.kernel.org/stable/c/142639a52a01e90c512a9a8d2156997e02a65b53 • CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47534 – drm/vc4: kms: Add missing drm_crtc_commit_put
https://notcve.org/view.php?id=CVE-2021-47534
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC commit so that we can properly synchronize commits. However, the refcounting was off and we thus ended up leaking the drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to prevent the leakage. En el kernel de Linux, se res... • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47533 – drm/vc4: kms: Clear the HVS FIFO commit pointer once done
https://notcve.org/view.php?id=CVE-2021-47533
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a wait on the previous commit done on a given HVS FIFO. However, we never cleared that pointer once done. Since drm_crtc_commit_put can free the drm_crtc_commit structure directly if we were the last user, this means that it can lead to a use-after free if we were to duplicate the state, and ... • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47532 – drm/msm/devfreq: Fix OPP refcnt leak
https://notcve.org/view.php?id=CVE-2021-47532
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/devfreq: corrige la fuga de referencia de OPP • https://git.kernel.org/stable/c/9bc95570175a7fbca29d86d22c54bbf399f4ad5a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47531 – drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
https://notcve.org/view.php?id=CVE-2021-47531
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot =... • https://git.kernel.org/stable/c/510410bfc034c57cc3caf1572aa47c1017bab2f9 •