CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47135 – mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
https://notcve.org/view.php?id=CVE-2021-47135
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report Fix possible array out of bound access in mt7921_mcu_tx_rate_report. Remove unnecessary varibable in mt7921_mcu_tx_rate_report En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7921: solucione un posible problema de AOOB en mt7921_mcu_tx_rate_report. Corrija un posible acceso fuera de los límites a la matriz en mt7921_mcu_tx_rate_report. Eliminar vari... • https://git.kernel.org/stable/c/1c099ab44727c8e42fe4de4d91b53cec3ef02860 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47134 – efi/fdt: fix panic when no valid fdt found
https://notcve.org/view.php?id=CVE-2021-47134
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then initial_boot_params will be null. So we should stop further fdt processing here. I encountered this issue on risc-v. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: efi/fdt: corrige el pánico cuando no se encuentra un fdt válido. setup_arch() invocaría efi_init()->efi_get_fdt_params(). • https://git.kernel.org/stable/c/b91540d52a08b65eb6a2b09132e1bd54fa82754c •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47133 – HID: amd_sfh: Fix memory leak in amd_sfh_work
https://notcve.org/view.php?id=CVE-2021-47133
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver. ==================== unreferenced object 0xffff88810228ada0 (size 32): comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s) hex dump (first 32 bytes): 00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s............. 22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "............... backtrace: [<000000007b4c879... • https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47132 – mptcp: fix sk_forward_memory corruption on retransmission
https://notcve.org/view.php?id=CVE-2021-47132
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, instead of the plain socket lock. Currently we have a code path updating such field without handling the relevant lock: __mptcp_retrans() -> __mptcp_clean_una_wakeup() Several helpers in __mptcp_clean_una_wakeup() will update sk_forward_alloc, possibly causing such field co... • https://git.kernel.org/stable/c/64b9cea7a0afe579dd2682f1f1c04f2e4e72fd25 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47131 – net/tls: Fix use-after-free after the TLS device goes down and up
https://notcve.org/view.php?id=CVE-2021-47131
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and it still points to the TLS context, which is now deallocated. If a netdev goes up, while the connection is still active, and the data flow resumes after a number of TCP retransmissions, it will lead to a use-after... • https://git.kernel.org/stable/c/e8f69799810c32dd40c6724d829eccc70baad07f •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47130 – nvmet: fix freeing unallocated p2pmem
https://notcve.org/view.php?id=CVE-2021-47130
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a crash (BUG() is called). Instead, assign the p2p_dev for the request only if it was allocated from p2p pool. This is the crash that was caused: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021]... • https://git.kernel.org/stable/c/c6e3f13398123a008cd2ee28f93510b113a32791 •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47129 – netfilter: nft_ct: skip expectations for confirmed conntrack
https://notcve.org/view.php?id=CVE-2021-47129
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed conntrack entry. However, nf_ct_ext_add() can only be called for !nf_ct_is_confirmed(). [ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack] [ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack] [ 1825.351493] Code: 41 5c 41 5d 41 5e 4... • https://git.kernel.org/stable/c/857b46027d6f91150797295752581b7155b9d0e1 • CWE-273: Improper Check for Dropped Privileges •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47128 – bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
https://notcve.org/view.php?id=CVE-2021-47128
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serh... • https://git.kernel.org/stable/c/59438b46471ae6cdfb761afc8c9beaf1e428a331 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47127 – ice: track AF_XDP ZC enabled queues in bitmap
https://notcve.org/view.php?id=CVE-2021-47127
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: track AF_XDP ZC enabled queues in bitmap Commit c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure") silently introduced a regression and broke the Tx side of AF_XDP in copy mode. xsk_pool on ice_ring is set only based on the existence of the XDP prog on the VSI which in turn picks ice_clean_tx_irq_zc to be executed. That is not something that should happen for copy mode as it should use the regular data path ice_clean_tx_ir... • https://git.kernel.org/stable/c/c7a219048e459cf99c6fec0f7c1e42414e9e6202 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47126 – ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
https://notcve.org/view.php?id=CVE-2021-47126
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master dashboard link: https://syzkaller.appspot.com/bug?extid=123aa35098fd3c000eb7 compiler: Debian clang version 11.0.1-2 ================================================================... • https://git.kernel.org/stable/c/f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 • CWE-125: Out-of-bounds Read •