CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47293 – net/sched: act_skbmod: Skip non-Ethernet packets
https://notcve.org/view.php?id=CVE-2021-47293
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not p... • https://git.kernel.org/stable/c/86da71b57383d40993cb90baafb3735cffe5d800 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47292 – io_uring: fix memleak in io_init_wq_offload()
https://notcve.org/view.php?id=CVE-2021-47292
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... backtrace: [<000000001974933b>] kmalloc include/linux/slab.h:... • https://git.kernel.org/stable/c/e941894eae31b52f0fd9bdb3ce20620afa152f45 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47291 – ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
https://notcve.org/view.php?id=CVE-2021-47291
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions"). We additionally need to take care of fib6_metrics initialization failure when the caller provides an nh. The fix is similar, explicitly free the route inst... • https://git.kernel.org/stable/c/f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47290 – scsi: target: Fix NULL dereference on XCOPY completion
https://notcve.org/view.php?id=CVE-2021-47290
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") makes target_complete_cmd() queue work on a CPU based on se_tpg->se_tpg_wwn->cmd_compl_affinity state. LIO's EXTENDED COPY worker is a special case in that read/write cmds are dispatched using the global xcopy_pt_tpg, which carries a NULL se_tpg_wwn pointer following initial... • https://git.kernel.org/stable/c/39ae3edda325e9cf9e978c9788affe88231f3b34 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47289 – ACPI: fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47289
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails miserably, because that helper inline function is not set up to handle that case. Just make acpi_dev_put() silently accept a NULL pointer, rather than calling down to put_device() with an invalid offset off that NULL pointer. En el kernel de... • https://git.kernel.org/stable/c/38f54217b423c0101d03a00feec6fb8ec608b12e • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47288 – media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
https://notcve.org/view.php?id=CVE-2021-47288
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] arch/x86/include/asm/string_3... • https://git.kernel.org/stable/c/dae52d009fc950b5c209260d50fcc000f5becd3c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47287 – driver core: auxiliary bus: Fix memory leak when driver_register() fail
https://notcve.org/view.php?id=CVE-2021-47287
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free the memory allocated for auxdrv->driver.name before returning from __auxiliary_driver_register() En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: núcleo del controlador: bus auxiliar: corrige la pérdida de memoria cuando falla driver_register(). Si driver_register() regresa con error, necesitamos ... • https://git.kernel.org/stable/c/7de3697e9cbd4bd3d62bafa249d57990e1b8f294 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47286 – bus: mhi: core: Validate channel ID when processing command completions
https://notcve.org/view.php?id=CVE-2021-47286
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound accesses, add a check against the maximum number of channels supported by the controller and those channels not configured yet so as to skip processing of that event ring element. En el kernel de Linux, se ha resuelto la ... • https://git.kernel.org/stable/c/1d3173a3bae7039b765a0956e3e4bf846dbaacb8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47284 – isdn: mISDN: netjet: Fix crash in nj_probe:
https://notcve.org/view.php?id=CVE-2021-47284
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'nj_release' will free the irq that has not been requested. Fix this bug by deleting the previous assignment to 'card->irq' and just keep the assignment before 'request_irq'. The KASAN's log reveals it: [ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manage.c:1826... • https://git.kernel.org/stable/c/958cb1078ca60d214826fd90a0961a447fade59a • CWE-400: Uncontrolled Resource Consumption CWE-590: Free of Memory not on the Heap •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47283 – net:sfc: fix non-freed irq in legacy irq mode
https://notcve.org/view.php?id=CVE-2021-47283
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI or legacy IRQ interrupts. In the last one, the interrupt was not properly released on module remove. It was not freed because the flag irqs_hooked was not set during initialization in the case of using legacy IRQ. Example of (trimmed) trace during module remove without this fix: remove_proc_entry: removing non-empty directory 'ir... • https://git.kernel.org/stable/c/8d717c9135a3340ae62d1699484850bfb4112b0c •