CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47203 – scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
https://notcve.org/view.php?id=CVE-2021-47203
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list re... • https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47202 – thermal: Fix NULL pointer dereferences in of_thermal_ functions
https://notcve.org/view.php?id=CVE-2021-47202
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn't probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 1200... • https://git.kernel.org/stable/c/828f4c31684da94ecf0b44a2cbd35bbede04f0bd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47201 – iavf: free q_vectors before queues in iavf_disable_vf
https://notcve.org/view.php?id=CVE-2021-47201
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_vf(). This resolves a panic encountered when the interface is disabled and then later brought up again after PF communication is restored. In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before ... • https://git.kernel.org/stable/c/65c7006f234c9ede887d468f595f259a5c5cc552 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47200 – drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
https://notcve.org/view.php?id=CVE-2021-47200
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that drop will free the gem object, and the subsequent drm_gem_object_get() will be a UAF. Fix by grabbing a reference before calling the mmap helper. This issue was forseen when the reference dropping was adding in commit 9786b65bc61ac ("drm/ttm: f... • https://git.kernel.org/stable/c/9786b65bc61acec63f923978c75e707afbb74bc7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47199 – net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
https://notcve.org/view.php?id=CVE-2021-47199
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state unti... • https://git.kernel.org/stable/c/1ef3018f5af3da6376fae546e4dfc3f05f063815 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47198 – scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
https://notcve.org/view.php?id=CVE-2021-47198
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free acce... • https://git.kernel.org/stable/c/dbebf865b3239595c1d4dba063b122862583b52a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47197 – net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
https://notcve.org/view.php?id=CVE-2021-47197
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. mlx5_core_destroy_cq() could be called again by user and cause additional call of mlx5_debug_cq_remove(). cq->dbg was not nullify in previous call and cause the crash. Fix it by nullify cq->dbg pointer after removal. Also proceed to destroy operations only if FW return 0 for MLX5_C... • https://git.kernel.org/stable/c/4f7bddf8c5c01cac74373443b13a68e1c6723a94 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47196 – RDMA/core: Set send and receive CQ before forwarding to the driver
https://notcve.org/view.php?id=CVE-2021-47196
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5... • https://git.kernel.org/stable/c/514aee660df493cd673154a6ba6bab745ec47b8c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47195 – spi: fix use-after-free of the add_lock mutex
https://notcve.org/view.php?id=CVE-2021-47195
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock(). En el kernel de Linux, se res... • https://git.kernel.org/stable/c/6098475d4cb48d821bdf453c61118c56e26294f0 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47194 – cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
https://notcve.org/view.php?id=CVE-2021-47194
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. En el kerne... • https://git.kernel.org/stable/c/ac800140c20e7ae51117e71289065bedd4930fc2 • CWE-665: Improper Initialization •