CVE-2021-47197 – net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
https://notcve.org/view.php?id=CVE-2021-47197
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. mlx5_core_destroy_cq() could be called again by user and cause additional call of mlx5_debug_cq_remove(). cq->dbg was not nullify in previous call and cause the crash. Fix it by nullify cq->dbg pointer after removal. Also proceed to destroy operations only if FW return 0 for MLX5_C... • https://git.kernel.org/stable/c/4f7bddf8c5c01cac74373443b13a68e1c6723a94 •
CVE-2021-47196 – RDMA/core: Set send and receive CQ before forwarding to the driver
https://notcve.org/view.php?id=CVE-2021-47196
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5... • https://git.kernel.org/stable/c/514aee660df493cd673154a6ba6bab745ec47b8c •
CVE-2021-47195 – spi: fix use-after-free of the add_lock mutex
https://notcve.org/view.php?id=CVE-2021-47195
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock(). En el kernel de Linux, se res... • https://git.kernel.org/stable/c/6098475d4cb48d821bdf453c61118c56e26294f0 • CWE-416: Use After Free •
CVE-2021-47194 – cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
https://notcve.org/view.php?id=CVE-2021-47194
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. En el kerne... • https://git.kernel.org/stable/c/ac800140c20e7ae51117e71289065bedd4930fc2 • CWE-665: Improper Initialization •
CVE-2021-47193 – scsi: pm80xx: Fix memory leak during rmmod
https://notcve.org/view.php?id=CVE-2021-47193
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: pm80xx: se corrigió la pérdida de memoria durante rmmod, el controlador no pudo liberar toda la memoria asignada. Esto puede provocar una pérdida de memoria durante la eliminación d... • https://git.kernel.org/stable/c/269a4311b15f68d24e816f43f123888f241ed13d • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-47192 – scsi: core: sysfs: Fix hang when device state is set via sysfs
https://notcve.org/view.php?id=CVE-2021-47192
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that after iSCSI recovery, iscsid will call into the kernel to set the dev's state to running, and with that patch we now call scsi_rescan_device() with the state_mutex held. If the SCSI error handler thread is just starting to test the device ... • https://git.kernel.org/stable/c/69aa1a1a569f5c6d554b59352130ef363342ed4c •
CVE-2021-47191 – scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
https://notcve.org/view.php?id=CVE-2021-47191
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x... • https://git.kernel.org/stable/c/3e20cb072679bdb47747ccc8bee3233a4cf0765a •
CVE-2021-47190 – perf bpf: Avoid memory leak from perf_env__insert_btf()
https://notcve.org/view.php?id=CVE-2021-47190
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/3792cb2ff43b1b193136a03ce1336462a827d792 •
CVE-2021-47189 – btrfs: fix memory ordering between normal and ordered work functions
https://notcve.org/view.php?id=CVE-2021-47189
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don't guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is se... • https://git.kernel.org/stable/c/08a9ff3264181986d1d692a4e6fce3669700c9f8 •
CVE-2021-47188 – scsi: ufs: core: Improve SCSI abort handling
https://notcve.org/view.php?id=CVE-2021-47188
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following sta... • https://git.kernel.org/stable/c/7a3e97b0dc4bbac2ba7803564ab0057722689921 •