CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47373 – irqchip/gic-v3-its: Fix potential VPE leak on error
https://notcve.org/view.php?id=CVE-2021-47373
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error, there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, which is the index of the loop iterating over the VPEs. [maz: fixed commit message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v3-its: soluciona una posible fuga de VPE en ... • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47372 – net: macb: fix use after free on rmmod
https://notcve.org/view.php?id=CVE-2021-47372
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is released by platform_device_unregister(), use of pclk and hclk is a use-after-free. Since device unregister won't need a clk device we adjust the function call sequence to fix this issue. [ 31.261225] BUG: KASAN: use-after-free in macb_remove+0x77/0xc6 [macb_pci] [ 31.275563] Freed by task 306: [ 30.276782] platform_device_release+0x25/0x80 En el kernel de Linu... • https://git.kernel.org/stable/c/a7d521cc726f30b8e679a6f36d04b18a8ab3c536 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47371 – nexthop: Fix memory leaks in nexthop notification chain listeners
https://notcve.org/view.php?id=CVE-2021-47371
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to the following commands: # ip nexthop add id 1 blackhole # devlink dev reload pci/0000:06:00.0 As part of the reload flow, mlxsw will unregister its netdevs and then unregister from the nexthop notification chain. Before unregistering from the notification chain, mlxsw will receive delete notifications for next... • https://git.kernel.org/stable/c/2a014b200bbd973cc96e082a5bc445fe20b50f32 • CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2021-47370 – mptcp: ensure tx skbs always have the MPTCP ext
https://notcve.org/view.php?id=CVE-2021-47370
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache refill, so that the skb allocated by the core TCP code lacks the required MPTCP skb extensions. Due to the above, syzbot is able to trigger the following WARN_ON(): WARNING: CPU: 1 PID: 810 at net/mptcp/prot... • https://git.kernel.org/stable/c/e35820fb56415be6924bf552ec223ed5f347b4be •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47369 – s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
https://notcve.org/view.php?id=CVE-2021-47369
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix NULL deref in qeth_clear_working_pool_list() When qeth_set_online() calls qeth_clear_working_pool_list() to roll back after an error exit from qeth_hardsetup_card(), we are at risk of accessing card->qdio.in_q before it was allocated by qeth_alloc_qdio_queues() via qeth_mpc_initialize(). qeth_clear_working_pool_list() then dereferences NULL, and by writing to queue->bufs[i].pool_entry scribbles all over the CPU's lowcore. ... • https://git.kernel.org/stable/c/eff73e16ee116f6eafa2be48fab42659a27cb453 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47368 – enetc: Fix illegal access when reading affinity_hint
https://notcve.org/view.php?id=CVE-2021-47368
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since the cpu_mask parameter passed to irq_set_affinity_hit() has only temporary storage (it's on the stack memory), later accesses to it are illegal. Thus reads from the corresponding procfs affinity_hint file can resul... • https://git.kernel.org/stable/c/d4fd0404c1c95b17880f254ebfee3485693fa8ba • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47367 – virtio-net: fix pages leaking when building skb in big mode
https://notcve.org/view.php?id=CVE-2021-47367
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forget to release the unused pages chained via private in big mode which will leak pages. Fixing this by release the pages after building the skb in big mode. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-net: corrige páginas con fugas al compilar skb en modo grande. Intentamos usar build_... • https://git.kernel.org/stable/c/fb32856b16ad9d5bcd75b76a274e2c515ac7b9d7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47366 – afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server
https://notcve.org/view.php?id=CVE-2021-47366
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read size, the file position or the sum of the two have the upper 32 bits set of the 64-bit value. This is a problem, however, since the file position and length fields of FS.FetchData are *signed* 32-bit values. Fix ... • https://git.kernel.org/stable/c/b9b1f8d5930a813879278d0cbfc8c658d6a038dc •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47365 – afs: Fix page leak
https://notcve.org/view.php?id=CVE-2021-47365
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a write we want to make to improve the efficiency of the writeback by making it larger. This loop stops, however, if we hit a page we can't write back from immediately, but it doesn't get rid of the page ref we speculatively acquired. This was caused by the removal of the cleanup loop when the code switched from using find_get_pages_contig() to xarray s... • https://git.kernel.org/stable/c/e87b03f5830ecd8ca21836d3ee48c74f8d58fa31 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47364 – comedi: Fix memory leak in compat_insnlist()
https://notcve.org/view.php?id=CVE-2021-47364
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to temporarily hold an array of `struct comedi_insn` converted from the 32-bit version in user space. This memory is only being freed if there is a fault while filling the array, otherwise it is leaked. Add a call to `kfree()` to fix the leak. En el kernel ... • https://git.kernel.org/stable/c/b8d47d8813055ce38c0d2ad913d5462017e52692 •