CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47408 – netfilter: conntrack: serialize hash resizes and cleanups
https://notcve.org/view.php?id=CVE-2021-47408
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing conntrack hash sizes, and: for j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done It would take more than 5 minutes for net_namespace structures to be cleaned up. This is because nf_ct_iterate_cleanup() ... • https://git.kernel.org/stable/c/e2d192301a0df8160d1555b66ae8611e8050e424 • CWE-667: Improper Locking •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47407 – KVM: x86: Handle SRCU initialization failure during page track init
https://notcve.org/view.php?id=CVE-2021-47407
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Manejar el error de inicialización de SRCU ... • https://git.kernel.org/stable/c/deb2949417677649e2413266d7ce8c2ff73952b4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47406 – ext4: add error checking to ext4_ext_replay_set_iblocks()
https://notcve.org/view.php?id=CVE-2021-47406
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4_ext_replay_set_iblocks() If the call to ext4_map_blocks() fails due to an corrupted file system, ext4_ext_replay_set_iblocks() can get stuck in an infinite loop. This could be reproduced by running generic/526 with a file system that has inline_data and fast_commit enabled. The system will repeatedly log to the console: EXT4-fs warning (device dm-3): ext4_block_to_path:105: block 1074800922 > max in inode 13... • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47405 – HID: usbhid: free raw_report buffers in usbhid_stop
https://notcve.org/view.php?id=CVE-2021-47405
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: buffers raw_report libres en usbhid_stop. Libera los buffers raw_report no enviados cuando se elimina el dispositivo. Corrige un... • https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030 •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47404 – HID: betop: fix slab-out-of-bounds Write in betop_probe
https://notcve.org/view.php?id=CVE-2021-47404
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: betop: corrige escritura slab-out-of-bounds en betop... • https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47403 – ipack: ipoctal: fix module reference leak
https://notcve.org/view.php?id=CVE-2021-47403
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was only released once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initialising the tty driver data when installing the tty. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipack: ipoctal: reparar fuga de referencia del módulo. Se tomó una referencia al módulo portado... • https://git.kernel.org/stable/c/82a82340bab6c251e0705339f60763718eaa2a22 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47402 – net: sched: flower: protect fl_walk() with rcu
https://notcve.org/view.php?id=CVE-2021-47402
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect fl_walk() with rcu Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul() also removed rcu protection of individual filters which causes following use-after-free when filter is deleted concurrently. Fix fl_walk() to obtain rcu read lock while iterating and taking the filter reference and temporary release the lock while calling arg->fn() callback that can sleep. KASAN trace: [ 352.773640] =======... • https://git.kernel.org/stable/c/d39d714969cda5cbda291402c8c6b1fb1047f42e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47401 – ipack: ipoctal: fix stack information leak
https://notcve.org/view.php?id=CVE-2021-47401
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separa... • https://git.kernel.org/stable/c/ba4dc61fe8c545a5d6a68b63616776556b771f51 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47400 – net: hns3: do not allow call hns3_nic_net_open repeatedly
https://notcve.org/view.php?id=CVE-2021-47400
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3_nic_net_open repeatedly hns3_nic_net_open() is not allowed to called repeatly, but there is no checking for this. When doing device reset and setup tc concurrently, there is a small oppotunity to call hns3_nic_net_open repeatedly, and cause kernel bug by calling napi_enable twice. The calltrace information is like below: [ 3078.222780] ------------[ cut here ]------------ [ 3078.230255] kernel BUG at net/co... • https://git.kernel.org/stable/c/e888402789b9db5de4fcda361331d66dbf0cd9fd • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47399 – ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
https://notcve.org/view.php?id=CVE-2021-47399
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup The ixgbe driver currently generates a NULL pointer dereference with some machine (online cpus < 63). This is due to the fact that the maximum value of num_xdp_queues is nr_cpu_ids. Code is in "ixgbe_set_rss_queues"". Here's how the problem repeats itself: Some machine (online cpus < 63), And user set num_queues to 63 through ethtool. Code is in the "ixgbe_set_channels", adapter->ring_f... • https://git.kernel.org/stable/c/4a9b32f30f805ca596d76605903a48eab58e0b88 •