CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47364 – comedi: Fix memory leak in compat_insnlist()
https://notcve.org/view.php?id=CVE-2021-47364
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to temporarily hold an array of `struct comedi_insn` converted from the 32-bit version in user space. This memory is only being freed if there is a fault while filling the array, otherwise it is leaked. Add a call to `kfree()` to fix the leak. En el kernel de Li... • https://git.kernel.org/stable/c/b8d47d8813055ce38c0d2ad913d5462017e52692 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47363 – nexthop: Fix division by zero while replacing a resilient group
https://notcve.org/view.php?id=CVE-2021-47363
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed a possible division by zero while replacing a resilient group [1]. The division by zero occurs when the data path sees a resilient nexthop group with zero buckets. The tests replace a resilient nexthop group in a loop while traffic is forwarded through it. The tests do not specify the number of buckets while pe... • https://git.kernel.org/stable/c/283a72a5599e80750699d2021830a294ed9ab3f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47362 – drm/amd/pm: Update intermediate power state for SI
https://notcve.org/view.php?id=CVE-2021-47362
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference. For ex: on platforms where PCI speed change is supported through ACPI ATCS method, ... • https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47361 – mcb: fix error handling in mcb_alloc_bus()
https://notcve.org/view.php?id=CVE-2021-47361
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: 1) If ida_simple_get() fails then this code calls put_device(carrier) but we haven't yet called get_device(carrier) and probably that leads to a use after free. 2) After device_initialize() then we need to use put_device() to release the bus. This will free the internal resources tied to the device and call mcb_free_bus() which will free the rest. En el kernel de Linux, se ha re... • https://git.kernel.org/stable/c/5d9e2ab9fea4cdf0a2522f5cbed2e7fbb220d757 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47360 – binder: make sure fd closes complete
https://notcve.org/view.php?id=CVE-2021-47360
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to return to userspace or the file object may never be dereferenced -- which can lead to hung processes. Force the binder thread back to userspace if an fd is closed during BC_FREE_BUFFER handling. En el kernel de Li... • https://git.kernel.org/stable/c/80cd795630d6526ba729a089a435bf74a57af927 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47359 – cifs: Fix soft lockup during fsstress
https://notcve.org/view.php?id=CVE-2021-47359
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s! En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cifs: corrige el bloqueo suave durante fsstress. Los siguientes rastros se observan durante fsstress y el sistema se bloquea. [130.698396] perro guardián: BUG: bloqueo suave - ¡CPU#6 bloqueada durante 26 segundos! I... • https://git.kernel.org/stable/c/9f6c7aff21f81ae8856da1f63847d1362d523409 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36788 – drm/nouveau: avoid a use-after-free when BO init fails
https://notcve.org/view.php?id=CVE-2020-36788
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm_bo_init() invokes the provided destructor which should de-initialize and free the memory. Thus, when nouveau_bo_init() returns an error the gem object has already been released and the memory freed by nouveau_bo_del_ttm(). En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47358 – staging: greybus: uart: fix tty use after free
https://notcve.org/view.php?id=CVE-2021-47358
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must not release the underlying structures until the last user is gone. Switch to using the tty-port reference counter to manage the life time of the greybus tty state to avoid use after free after a disconnect. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: greybus: uart: corrige el use after free de tty. ... • https://git.kernel.org/stable/c/a18e15175708d39abbe9746ddc3479466b7800c3 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36009 – ax25: Fix netdev refcount issue
https://notcve.org/view.php?id=CVE-2024-36009
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ax25_device_... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36008 – ipv4: check for NULL idev in ip_route_use_hint()
https://notcve.org/view.php?id=CVE-2024-36008
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: s... • https://git.kernel.org/stable/c/02b24941619fcce3d280311ac73b1e461552e9c8 • CWE-476: NULL Pointer Dereference •