CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46956 – virtiofs: fix memory leak in virtio_fs_probe()
https://notcve.org/view.php?id=CVE-2021-46956
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (that's when I realised the duplicated tag): virtiofs: probe of virtio5 failed with error -17 Here's the kmemleak log for reference: unreferenced object 0xffff888103d47800 (size 1024): comm "systemd-udevd", pid 118, jiffies 4294893780 (a... • https://git.kernel.org/stable/c/a62a8ef9d97da23762a588592c8b8eb50a8deb6a •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46955 – openvswitch: fix stack OOB read while fragmenting IPv4 packets
https://notcve.org/view.php?id=CVE-2021-46955
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60 Read of size 1 at addr ffff888112fc713c by task handler2/1367 CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+40... • https://git.kernel.org/stable/c/119bbaa6795a4f4aed46994cc7d9ab01989c87e3 •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46953 – ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
https://notcve.org/view.php?id=CVE-2021-46953
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks whether the mapping of the interrupt actially succeeded. Even more, should the firmware report an illegal interrupt number that overlaps with the GIC SGI range, this can result in an IPI being unmapped, and subsequent... • https://git.kernel.org/stable/c/ca9ae5ec4ef0ed13833b03297ab319676965492c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46952 – NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
https://notcve.org/view.php?id=CVE-2021-46952
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused by a garbage timeout (retrans) mount option being passed to nfs mount, in this case from syzkaller. If the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift value for a 64-bit long integer, so 'retrans' cannot be >= 64. If it is >= 64, fail the mount and return an error. En el kernel de Linux, se ha ... • https://git.kernel.org/stable/c/9954bf92c0cddd50a2a470be302e1c1ffdf21d42 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46951 – tpm: efi: Use local variable for calculating final log size
https://notcve.org/view.php?id=CVE-2021-46951
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tpm_final_log_size will at some point become a negative number due to the subtraction of final_events_preboot_size occurring each time. Use a local variable to avoid this integer underflow. The following issue is now resolved: Mar 8 15:... • https://git.kernel.org/stable/c/166a2809d65b282272c474835ec22c882a39ca1b • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-46950 – md/raid1: properly indicate failure when ending a failed write request
https://notcve.org/view.php?id=CVE-2021-46950
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared. Since we are in the failure leg of raid1_end_write_request, the request either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: md/raid1: indi... • https://git.kernel.org/stable/c/900c531899f5ee2321bef79e20055787bc73251d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46949 – sfc: farch: fix TX queue lookup in TX flush done handling
https://notcve.org/view.php?id=CVE-2021-46949
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX flush done handling We're starting from a TXQ instance number ('qid'), not a TXQ type, so efx_get_tx_queue() is inappropriate (and could return NULL, leading to panics). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: farch: corrige la búsqueda de la cola TX en el manejo finalizado del vaciado TX. Estamos comenzando desde un número de instancia TXQ ('qid'), no un tipo TXQ, por lo qu... • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46948 – sfc: farch: fix TX queue lookup in TX event handling
https://notcve.org/view.php?id=CVE-2021-46948
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queue() is inappropriate (and could return NULL, leading to panics). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: farch: corrige la búsqueda de cola TX en el manejo de eventos TX Estamos comenzando desde una etiqueta TXQ, no un tipo TXQ, por lo que efx_channel_get_tx_queue() es inapropiado (y po... • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46944 – media: staging/intel-ipu3: Fix memory leak in imu_fmt
https://notcve.org/view.php?id=CVE-2021-46944
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: staging/intel-ipu3: Reparar pérdida de memoria en imu_fmt Estamos perdiendo la referencia a una memoria asignada si lo intentamos. Cambie el orden del cheque para evitarlo. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/6d5f26f2e045f2377b524516194657c00efbbce8 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46943 – media: staging/intel-ipu3: Fix set_fmt error handling
https://notcve.org/view.php?id=CVE-2021-46943
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causing the following OOPs [ 38.662975] ipu3-imgu 0000:00:05.0: swiotlb buffer is full (sz: 4096 bytes) [ 38.662980] DMA: Out of SW-IOMMU space for 4096 bytes at device 0000:00:05.0 [ 38.663010] general protection fault... • https://git.kernel.org/stable/c/6d5f26f2e045f2377b524516194657c00efbbce8 • CWE-131: Incorrect Calculation of Buffer Size •