CVE-2021-47380 – HID: amd_sfh: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47380
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. ... Found by Linux Driver Verification project (linuxtesting.org). Found by Linux Driver Verification project (linuxtesting.org). ... Encontrado por el proyecto de verificación de controladores de... • https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38 •
CVE-2021-47379 – blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
https://notcve.org/view.php?id=CVE-2021-47379
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094] BUG: KASAN: use-after-free in bfq_io_set_weight_legacy+0xd3/0x160 [693354.105336] Read of size 4 at addr ffff888be0a35664 by task sh/1453338 [693354.105607] CPU: 41 PID: 1453338 Comm: sh Kdump: loaded Not tain... • https://git.kernel.org/stable/c/d12ddd843f1877de1f7dd2aeea4907cf9ff3ac08 •
CVE-2021-47378 – nvme-rdma: destroy cm id before destroy qp to avoid use after free
https://notcve.org/view.php?id=CVE-2021-47378
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroy... • https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f • CWE-416: Use After Free •
CVE-2021-47376 – bpf: Add oversize check before call kvcalloc()
https://notcve.org/view.php?id=CVE-2021-47376
21 May 2024 — When the allocation is larger than what kmalloc() supports, the following warning triggered: WARNING: CPU: 0 PID: 8408 at mm/util.c:597 kvmalloc_node+0x108/0x110 mm/util.c:597 Modules linked in: CPU: 0 PID: 8408 Comm: syz-executor221 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kvmalloc_node+0x108/0x110 mm/util.c:597 Call Trace: kvmalloc include/linux/mm.h:806 [inline] kvmalloc_array include/linux/mm.h:824 [... • https://git.kernel.org/stable/c/93937596e0652d50973f9dc944fea1694ac8cdfd •
CVE-2021-47375 – blktrace: Fix uaf in blk_trace access after removing by sysfs
https://notcve.org/view.php?id=CVE-2021-47375
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable blk_trace_remove_queue synchronize_rcu blk_trace_free relay_close rcu_read_lock __blk_add_trace trace_note_tsk (Iterate running_trace_list) relay_close_buf relay_destroy_buf kfree(buf) trace_note(sdb's bt) relay_reserve buf->offset <- nullptr deference (u... • https://git.kernel.org/stable/c/c71a896154119f4ca9e89d6078f5f63ad60ef199 • CWE-416: Use After Free •
CVE-2021-47374 – dma-debug: prevent an error message from causing runtime problems
https://notcve.org/view.php?id=CVE-2021-47374
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. ... En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dma-debug: evita que un mensaje de error cause problemas de tiempo de eje... • https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a •
CVE-2021-47373 – irqchip/gic-v3-its: Fix potential VPE leak on error
https://notcve.org/view.php?id=CVE-2021-47373
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error, there is an off-by-one in the number of VPEs to be freed. ... [maz: fixed commit message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v3-its: soluciona una posible fuga de VPE en caso de error. ... [maz: mensaje de confirmación fijo] In the Linux kernel, the following ... • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVE-2021-47372 – net: macb: fix use after free on rmmod
https://notcve.org/view.php?id=CVE-2021-47372
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is released by platform_device_unregister(), use of pclk and hclk is a use-after-free. Since device unregister won't need a clk device we adjust the function call sequence to fix this issue. [ 31.261225] BUG: KASAN: use-after-free in macb_remove+0x77/0xc6 [macb_pci] [ 31.275563] Freed by task 306: [ 30.276782] platform_device_release+0x25/0x80 En el kernel de Linu... • https://git.kernel.org/stable/c/a7d521cc726f30b8e679a6f36d04b18a8ab3c536 •
CVE-2021-47371 – nexthop: Fix memory leaks in nexthop notification chain listeners
https://notcve.org/view.php?id=CVE-2021-47371
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to the following commands: # ip nexthop add id 1 blackhole # devlink dev reload pci/0000:06:00.0 As part of the reload flow, mlxsw will unregister its netdevs and then unregister from the nexthop notification chain. ... • https://git.kernel.org/stable/c/2a014b200bbd973cc96e082a5bc445fe20b50f32 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-47370 – mptcp: ensure tx skbs always have the MPTCP ext
https://notcve.org/view.php?id=CVE-2021-47370
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than the skb size. In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goa... • https://git.kernel.org/stable/c/e35820fb56415be6924bf552ec223ed5f347b4be •