CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47316 – nfsd: fix NULL dereference in nfs3svc_encode_getaclres
https://notcve.org/view.php?id=CVE-2021-47316
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige la desreferencia NULL en nfs3svc_encode_getaclres. En casos de error, la dentry puede ser NULL. Antes de 20798dfe249a, el codificador también verificaba dentry y d_really_is_positive(dentry), pero eso me parece excesivo: el estado cero debería ser suficiente para garantizar un dentry positivo. • https://git.kernel.org/stable/c/20798dfe249a01ad1b12eec7dbc572db5003244a https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870 https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8 https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2021-47315 – memory: fsl_ifc: fix leak of IO mapping on probe failure
https://notcve.org/view.php?id=CVE-2021-47315
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la fuga de asignación de IO en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe desasignar la memoria de IO. Informes de coincidencias: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() advertencia: 'fsl_ifc_ctrl_dev->gregs' no publicado en las líneas: 298. • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 https://git.kernel.org/stable/c/b7a2bcb4a3731d68f938207f75ed3e1d41774510 https://git.kernel.org/stable/c/bd051b3e184fa56eeb6276ee913ba4d48069024b https://git.kernel.org/stable/c/d0d04b95e8ed0223844a1d58497c686fe2e4a955 https://git.kernel.org/stable/c/6b3b002de90738e3c85853a682ce7e0fa078d42b https://git.kernel.org/stable/c/94bc2fe46102d1e060fc749c0c19511e76c9995f https://git.kernel.org/stable/c/d9213d4f372d30b5bc4d921795d6bed0c0e3eebf https://git.kernel.org/stable/c/8d071d270afba468708faca5f7b6d9e65 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47314 – memory: fsl_ifc: fix leak of private memory on probe failure
https://notcve.org/view.php?id=CVE-2021-47314
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la pérdida de memoria privada en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe liberar la memoria asignada para la estructura privada. Solucione este problema utilizando la asignación administrada de recursos. • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 https://git.kernel.org/stable/c/8018476756066e97ecb886c3dc024aeb7d5792ad https://git.kernel.org/stable/c/3b45b8a7d549bd92ec94b5357c2c2c1a7ed107e4 https://git.kernel.org/stable/c/7626ffbea708e5aba6912295c012d2b409a1769f https://git.kernel.org/stable/c/ee1aa737ba0b75ab8af3444c4ae5bdba36aed6e6 https://git.kernel.org/stable/c/443f6ca6fd186b4fa4e6f377b6e19a91feb1a0d5 https://git.kernel.org/stable/c/b5789e23773f4a852fbfe244b63f675e265d3a7f https://git.kernel.org/stable/c/48ee69825f7480622ed447b0249123236 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47313 – cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init
https://notcve.org/view.php?id=CVE-2021-47313
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail and never free the resources. Make sure we free all resources on policy ->init() failures. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: arregla potencial memleak en cppc_cpufreq_cpu_init Es un ejemplo clásico de memleak, asignamos algo, fallamos y nunca liberamos los recursos. Asegúrese de liberar todos los recursos en fallos de política ->init(). • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 https://git.kernel.org/stable/c/b775383355755885b19d2acef977f1ca132e80a3 https://git.kernel.org/stable/c/e1b2b2b61d30d7ce057ec17237c217d152ed97f2 https://git.kernel.org/stable/c/fe2535a44904a77615a3af8e8fd7dafb98fb0e1b • CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2021-47312 – netfilter: nf_tables: Fix dereference of null pointer flow
https://notcve.org/view.php?id=CVE-2021-47312
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix dereference of null pointer flow In the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false then nft_flow_rule_create is not called and flow is NULL. The subsequent error handling execution via label err_destroy_flow_rule will lead to a null pointer dereference on flow when calling nft_flow_rule_destroy. Since the error path to err_destroy_flow_rule has to cater for null and non-null flows, only call nft_flow_rule_destroy if flow is non-null to fix this issue. Addresses-Coverity: ("Explicity null dereference") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige la desreferencia del flujo de puntero null. En el caso de que chain->flags & NFT_CHAIN_HW_OFFLOAD sea falso, no se llama a nft_flow_rule_create y el flujo es NULL. La ejecución posterior del manejo de errores a través de la etiqueta err_destroy_flow_rule dará lugar a una desreferencia del puntero null en el flujo al llamar a nft_flow_rule_destroy. Dado que la ruta de error a err_destroy_flow_rule tiene que atender flujos nulos y no nulos, solo llame a nft_flow_rule_destroy si el flujo no es nulo para solucionar este problema. • https://git.kernel.org/stable/c/09b1f676e2e0bbff67c568672c565c6f31470157 https://git.kernel.org/stable/c/70a5a1950cca02c5cd161bb3846b4d983eed97d3 https://git.kernel.org/stable/c/4ca041f919f13783b0b03894783deee00dbca19a •