CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47130 – nvmet: fix freeing unallocated p2pmem
https://notcve.org/view.php?id=CVE-2021-47130
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a crash (BUG() is called). Instead, assign the p2p_dev for the request only if it was allocated from p2p pool. This is the crash that was caused: [Sun May 30 19:13:53 2021] ------------[ cut here ]------------ [Sun May 30 19:13:53 2021] ker... • https://git.kernel.org/stable/c/c6e3f13398123a008cd2ee28f93510b113a32791 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47129 – netfilter: nft_ct: skip expectations for confirmed conntrack
https://notcve.org/view.php?id=CVE-2021-47129
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed conntrack entry. However, nf_ct_ext_add() can only be called for !nf_ct_is_confirmed(). [ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack] [ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack] [ 1825.351493] Code: 41 5c 41 5d 41 5e 41 5... • https://git.kernel.org/stable/c/857b46027d6f91150797295752581b7155b9d0e1 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47128 – bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
https://notcve.org/view.php?id=CVE-2021-47128
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks Commit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown") added an implementation of the locked_down LSM hook to SELinux, with the aim to restrict which domains are allowed to perform operations that would breach lockdown. This is indirectly also getting audit subsystem involved to report events. The latter is problematic, as reported by Ondrej and Serhei... • https://git.kernel.org/stable/c/59438b46471ae6cdfb761afc8c9beaf1e428a331 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47127 – ice: track AF_XDP ZC enabled queues in bitmap
https://notcve.org/view.php?id=CVE-2021-47127
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: track AF_XDP ZC enabled queues in bitmap Commit c7a219048e45 ("ice: Remove xsk_buff_pool from VSI structure") silently introduced a regression and broke the Tx side of AF_XDP in copy mode. xsk_pool on ice_ring is set only based on the existence of the XDP prog on the VSI which in turn picks ice_clean_tx_irq_zc to be executed. That is not something that should happen for copy mode as it should use the regular data path ice_clean_tx_irq.... • https://git.kernel.org/stable/c/c7a219048e459cf99c6fec0f7c1e42414e9e6202 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47126 – ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
https://notcve.org/view.php?id=CVE-2021-47126
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master dashboard link: https://syzkaller.appspot.com/bug?extid=123aa35098fd3c000eb7 compiler: Debian clang version 11.0.1-2 ================================================================== BUG: KASAN: sla... • https://git.kernel.org/stable/c/f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47125 – sch_htb: fix refcount leak in htb_parent_to_leaf_offload
https://notcve.org/view.php?id=CVE-2021-47125
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_htb: fix refcount leak in htb_parent_to_leaf_offload The commit ae81feb7338c ("sch_htb: fix null pointer dereference on a null new_q") fixes a NULL pointer dereference bug, but it is not correct. Because htb_graft_helper properly handles the case when new_q is NULL, and after the previous patch by skipping this call which creates an inconsistency : dev_queue->qdisc will still point to the old qdisc, but cl->parent->leaf.q will point to ... • https://git.kernel.org/stable/c/ae81feb7338c89cee4e6aa0424bdab2ce2b52da2 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47124 – io_uring: fix link timeout refs
https://notcve.org/view.php?id=CVE-2021-47124
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] io_put_req fs/io_uring.c:2140 [inline] io_queue_link... • https://git.kernel.org/stable/c/1c20e9040f49687ba2ccc2ffd4411351a6c2ebff •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47123 – io_uring: fix ltout double free on completion race
https://notcve.org/view.php?id=CVE-2021-47123
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix ltout double free on completion race Always remove linked timeout on io_link_timeout_fn() from the master request link list, otherwise we may get use-after-free when first io_link_timeout_fn() puts linked timeout in the fail path, and then will be found and put on master's free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring: corrige la doble liberación de ltout al finalizar la ejecución. Elimina s... • https://git.kernel.org/stable/c/90cd7e424969d29aff653333b4dcb4e2e199d791 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47122 – net: caif: fix memory leak in caif_device_notify
https://notcve.org/view.php?id=CVE-2021-47122
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: caif: corrige la pérdida de memoria en caif_device_notify En caso de que falle caif_enroll_dev(), el link_support asignado no se asignará a la estructura correspondi... • https://git.kernel.org/stable/c/7c18d2205ea76eef9674e59e1ecae4f332a53e9e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47121 – net: caif: fix memory leak in cfusbl_device_notify
https://notcve.org/view.php?id=CVE-2021-47121
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: caif: corrige la pérdida de memoria en cfusbl_device_notify En caso de que falle caif_enroll_dev(), el link_support asignado no se asignará a la estructura corres... • https://git.kernel.org/stable/c/7ad65bf68d705b445ef10b77ab50dab22be185ee •