CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47114 – ocfs2: fix data corruption by fallocate
https://notcve.org/view.php?id=CVE-2021-47114
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at that time isize is not yet updated to match the new size, if writeback is kicked in, it will invoke ocfs2_writepage()->block_write_full_page() where the pages out of inode size will be dropped. That will cause file c... • https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47113 – btrfs: abort in rename_exchange if we fail to insert the second ref
https://notcve.org/view.php?id=CVE-2021-47113
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because we insert the inode ref for one side of the rename, and then for the other side. If this second inode ref insert fails we'll leave the first one dangling and leave a corrupt file system behind. Fix this by aborting if we did the insert... • https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47112 – x86/kvm: Teardown PV features on boot CPU as well
https://notcve.org/view.php?id=CVE-2021-47112
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to make sure hypervisor doesn't write to stale locations after we jump to the previously hibernated kernel (which can try to place anything there). For secondary CPUs the job is already done by kvm_cpu_down_prepare(), ... • https://git.kernel.org/stable/c/7620a669111b52f224d006dea9e1e688e2d62c54 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47111 – xen-netback: take a reference to the RX task thread
https://notcve.org/view.php?id=CVE-2021-47111
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend tear down. Not taking the reference will lead to a use-after-free in that scenario. Such reference was taken before but dropped as part of the rework done in 2ac061ce97f4. Reintroduce the reference taking and add a ... • https://git.kernel.org/stable/c/2ac061ce97f413bfbbdd768f7d2e0fda2e8170df •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47110 – x86/kvm: Disable kvmclock on all CPUs on shutdown
https://notcve.org/view.php?id=CVE-2021-47110
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate. Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock re... • https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47109 – neighbour: allow NUD_NOARP entries to be forced GCed
https://notcve.org/view.php?id=CVE-2021-47109
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that. This behaviour is more prevalent after commit 58956317c8de ("neighbor: Improve garbage collection") is applied, as it prevents removal from entries that are not NUD_FAILED, unless they are more than 5s old. En e... • https://git.kernel.org/stable/c/58956317c8de52009d1a38a721474c24aef74fe7 •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-26629 – nfsd: fix RELEASE_LOCKOWNER
https://notcve.org/view.php?id=CVE-2024-26629
13 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux N... • https://git.kernel.org/stable/c/3097f38e91266c7132c3fdb7e778fac858c00670 • CWE-393: Return of Wrong Status Code •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52608 – firmware: arm_scmi: Check mailbox/SMT channel for consistency
https://notcve.org/view.php?id=CVE-2023-52608
13 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a transaction which is still pending, the related payload is fetched too. When an SCMI command times out the channel ownership remains with the platform until eventually a late reply is received and, as a consequence... • https://git.kernel.org/stable/c/5c8a47a5a91d4d6e185f758d61997613d9c5d6ac •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26627 – scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
https://notcve.org/view.php?id=CVE-2024-26627
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requ... • https://git.kernel.org/stable/c/6eb045e092efefafc6687409a6fa6d1dabf0fb69 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26625 – llc: call sock_orphan() at release time
https://notcve.org/view.php?id=CVE-2024-26625
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()") Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: ... • https://git.kernel.org/stable/c/43815482370c510c569fd18edb57afcb0fa8cab6 •