CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En... • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux... • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerabili... • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47351 – ubifs: Fix races between xattr_{set|get} and listxattr operations
https://notcve.org/view.php?id=CVE-2021-47351
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} and listxattr operations, such as assertion failure, memory corruption, stale xattr value[1]. Fix it by importing a new rw-lock in @ubifs_inode to serilize write operations on xattr, concurrent read operations are still effective, just like ext4. [1] https://lore.kernel.org/linux-mtd/20200630130438.141649-1-hou... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47350 – powerpc/mm: Fix lockup on kernel exec fault
https://notcve.org/view.php?id=CVE-2021-47350
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from kernel. Especially, the function is_exec_fault() will return 'false' when an exec fault is taken by kernel, because the check is based on reading current->thread.regs->trap which contains the trap from user. For instance, when provoking a LKDTM EXEC_USERSPACE test, current->thread.regs->trap is set to SYSCALL trap (0xc00), and the fa... • https://git.kernel.org/stable/c/d3ca587404b36943b02df87406054ce73cc49500 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47349 – mwifiex: bring down link before deleting interface
https://notcve.org/view.php?id=CVE-2021-47349
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmware reset, because the cfg80211_unregister_wdev() has to bring down the link for us, ... which then grab the same wiphy lock. nl80211_del_interface() already handles a very similar case, with a nice description: /* * We hold RTNL, so this is safe, without RTNL opencount cannot * reach 0, and thus t... • https://git.kernel.org/stable/c/a05829a7222e9d10c416dd2dbbf3929fe6646b89 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47348 – drm/amd/display: Avoid HDCP over-read and corruption
https://notcve.org/view.php?id=CVE-2021-47348
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: evita la sobrelectur... • https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47347 – wl1251: Fix possible buffer overflow in wl1251_cmd_scan
https://notcve.org/view.php?id=CVE-2021-47347
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wl1251: corrige posible desbordamiento del buffer en wl1251_cmd_scan. La función wl1251_cmd_scan llama a memcpy sin comprobar la longitud. Endurecer comprobando que el largo esté dentro d... • https://git.kernel.org/stable/c/57ad99ae3c6738ba87bad259bb57c641ca68ebf6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47346 – coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
https://notcve.org/view.php?id=CVE-2021-47346
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() commit 6f755e85c332 ("coresight: Add helper for inserting synchronization packets") removed trailing '\0' from barrier_pkt array and updated the call sites like etb_update_buffer() to have proper checks for barrier_pkt size before read but missed updating tmc_update_etf_buffer() which still reads barrier_pkt past the array size resulting in KASAN out-of-bounds bug. Fi... • https://git.kernel.org/stable/c/0c3fc4d5fa26092853278145aca9b21fa52a3e93 •