CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47076 – RDMA/rxe: Return CQE error if invalid lkey was supplied
https://notcve.org/view.php?id=CVE-2021-47076
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_gene... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47075 – nvmet: fix memory leak in nvmet_alloc_ctrl()
https://notcve.org/view.php?id=CVE-2021-47075
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_max of the subsystem, and jumps to the "out_free_changed_ns_list" label, but the ctrl->sqs lack of be freed. Fix this by jumping to the "out_free_sqs" label. In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if t... • https://git.kernel.org/stable/c/94a39d61f80fcd679debda11e1ca02b88d90e67e •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47074 – nvme-loop: fix memory leak in nvme_loop_create_ctrl()
https://notcve.org/view.php?id=CVE-2021-47074
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label. In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping ... • https://git.kernel.org/stable/c/3a85a5de29ea779634ddfd768059e06196687aba •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47073 – platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
https://notcve.org/view.php?id=CVE-2021-47073
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems where the Dell WMI interface is supported. While exit_dell_smbios_wmi() unregisters it unconditionally, this leads to the following oops: [ 175.722921] ------------[ cut here ]------------ [ 175.722925] Unexpected driver unregister! [ 175.722939] WARNING: CPU: 1 PID: 3630 at drivers/base/driver.c:194 drive... • https://git.kernel.org/stable/c/1a258e670434f404a4500b65ba1afea2c2b29bba • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47072 – btrfs: fix removed dentries still existing after log is synced
https://notcve.org/view.php?id=CVE-2021-47072
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the inode and its previous parent directory were logged before, we are not supposed to have the dentry for the old parent if we have a power failure after the log is synced. Only the new dentry is supposed to exist. Generally this works correctly, however there is a scenario where this is not currently working, becaus... • https://git.kernel.org/stable/c/64d6b281ba4db044c946158387c74e1149b9487e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47071 – uio_hv_generic: Fix a memory leak in error handling paths
https://notcve.org/view.php?id=CVE-2021-47071
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer. In such a case, we need to free the buffer explicitly. In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl(... • https://git.kernel.org/stable/c/cdfa835c6e5e87d145f9f632b58843de97509f2b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47070 – uio_hv_generic: Fix another memory leak in error handling paths
https://notcve.org/view.php?id=CVE-2021-47070
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function. In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_a... • https://git.kernel.org/stable/c/cdfa835c6e5e87d145f9f632b58843de97509f2b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47069 – ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
https://notcve.org/view.php?id=CVE-2021-47069
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_send. This leads to a very hard to trigger race where a do_mq_timedreceive call might return and leave do_mq_timedsend to rely on an invalid address, causing the following crash: RIP: 0010:wake_q_add_safe+0x13/0x60 Call Trace: __x64_sys_m... • https://git.kernel.org/stable/c/0d97a82ba830d89a1e541cc9cd11f1e38c28e416 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47068 – net/nfc: fix use-after-free llcp_sock_bind/connect
https://notcve.org/view.php?id=CVE-2021-47068
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket(... • https://git.kernel.org/stable/c/a1cdd18c49d23ec38097ac2c5b0d761146fc0109 •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47067 – soc/tegra: regulators: Fix locking up when voltage-spread is out of range
https://notcve.org/view.php?id=CVE-2021-47067
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is out of range due to a bug in the code. The max-spread requirement shall be accounted when CPU regulator doesn't have consumers. This problem is observed on Tegra30 Ouya game console once system-wide DVFS is enabled in a device-tree. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: soc/tegra... • https://git.kernel.org/stable/c/783807436f363e5b1ad4d43ba7debbedfcadbb99 •