CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47363 – nexthop: Fix division by zero while replacing a resilient group
https://notcve.org/view.php?id=CVE-2021-47363
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed a possible division by zero while replacing a resilient group [1]. The division by zero occurs when the data path sees a resilient nexthop group with zero buckets. The tests replace a resilient nexthop group in a loop while traffic is forwarded through it. The tests do not specify the number of buckets while... • https://git.kernel.org/stable/c/283a72a5599e80750699d2021830a294ed9ab3f3 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47362 – drm/amd/pm: Update intermediate power state for SI
https://notcve.org/view.php?id=CVE-2021-47362
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference. For ex: on platforms where PCI speed change is supported through ACPI ATCS metho... • https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47361 – mcb: fix error handling in mcb_alloc_bus()
https://notcve.org/view.php?id=CVE-2021-47361
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest. En el kernel de ... • https://git.kernel.org/stable/c/5d9e2ab9fea4cdf0a2522f5cbed2e7fbb220d757 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47360 – binder: make sure fd closes complete
https://notcve.org/view.php?id=CVE-2021-47360
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling. En el kernel de... • https://git.kernel.org/stable/c/80cd795630d6526ba729a089a435bf74a57af927 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos... • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36788 – drm/nouveau: avoid a use-after-free when BO init fails
https://notcve.org/view.php?id=CVE-2020-36788
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm(). En el kernel de Linux, se ha resuelto la siguiente vu... • https://git.kernel.org/stable/c/019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47358 – staging: greybus: uart: fix tty use after free
https://notcve.org/view.php?id=CVE-2021-47358
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: greybus: uart: corrige el use after free de tt... • https://git.kernel.org/stable/c/a18e15175708d39abbe9746ddc3479466b7800c3 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47357 – atm: iphase: fix possible use-after-free in ia_module_exit()
https://notcve.org/view.php?id=CVE-2021-47357
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En e... • https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47356 – mISDN: fix possible use-after-free in HFC_cleanup()
https://notcve.org/view.php?id=CVE-2021-47356
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel ... • https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En... • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 •