CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47384 – hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
https://notcve.org/view.php?id=CVE-2021-47384
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients... • https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47383 – tty: Fix out-of-bound vmalloc access in imageblit
https://notcve.org/view.php?id=CVE-2021-47383
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calcula... • https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47382 – s390/qeth: fix deadlock during failing recovery
https://notcve.org/view.php?id=CVE-2021-47382
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_r... • https://git.kernel.org/stable/c/b41b554c1ee75070a14c02a88496b1f231c7eacc •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47381 – ASoC: SOF: Fix DSP oops stack dump output contents
https://notcve.org/view.php?id=CVE-2021-47381
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: corrige el contenido de salida del volcado de pila de DSP. Corrija el argumento @buf dado a hex_dump_to_buffer() y la dirección de pila utilizada en la salida de error de volcado. • https://git.kernel.org/stable/c/e657c18a01c85d2c4ec0e96d52be8ba42b956593 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47380 – HID: amd_sfh: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47380
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@suse.cz: rebase] En el kernel de Linux, se resolvió la siguiente vu... • https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47379 – blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
https://notcve.org/view.php?id=CVE-2021-47379
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094] BUG: KASAN: use-after-free in bfq_io_set_weight_legacy+0xd3/0x160 [693354.105336] Read of size 4 at addr ffff888be0a35664 by task sh/1453338 [693354.105607] CPU: 41 PID: 1453338 Comm: sh Kdump: loaded Not tainted... • https://git.kernel.org/stable/c/d12ddd843f1877de1f7dd2aeea4907cf9ff3ac08 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47378 – nvme-rdma: destroy cm id before destroy qp to avoid use after free
https://notcve.org/view.php?id=CVE-2021-47378
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishment error flow, don't destroy qp in cm event handler.Just report cm_error to upper level, qp will be destroy in nvme_rdma_alloc_queue() after destroy cm id. En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47376 – bpf: Add oversize check before call kvcalloc()
https://notcve.org/view.php?id=CVE-2021-47376
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add oversize check before call kvcalloc() Commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") add the oversize check. When the allocation is larger than what kmalloc() supports, the following warning triggered: WARNING: CPU: 0 PID: 8408 at mm/util.c:597 kvmalloc_node+0x108/0x110 mm/util.c:597 Modules linked in: CPU: 0 PID: 8408 Comm: syz-executor221 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute ... • https://git.kernel.org/stable/c/93937596e0652d50973f9dc944fea1694ac8cdfd •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47375 – blktrace: Fix uaf in blk_trace access after removing by sysfs
https://notcve.org/view.php?id=CVE-2021-47375
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable blk_trace_remove_queue synchronize_rcu blk_trace_free relay_close rcu_read_lock __blk_add_trace trace_note_tsk (Iterate running_trace_list) relay_close_buf relay_destroy_buf kfree(buf) t... • https://git.kernel.org/stable/c/c71a896154119f4ca9e89d6078f5f63ad60ef199 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47374 – dma-debug: prevent an error message from causing runtime problems
https://notcve.org/view.php?id=CVE-2021-47374
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and bringing the CPU usage up to 100% (so, it should be rate limited). However, since there is at least one driver that is in the mainline and suffers from the error condition, it is more useful to err_printk() here inste... • https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a •