CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47044 – sched/fair: Fix shift-out-of-bounds in load_balance()
https://notcve.org/view.php?id=CVE-2021-47044
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in load_balance() Syzbot reported a handful of occurrences where an sd->nr_balance_failed can grow to much higher values than one would expect. A successful load_balance() resets it to 0; a failed one increments it. Once it gets to sd->cache_nice_tries + 3, this *should* trigger an active balance, which will either set it to sd->cache_nice_tries+1 or reset it to 0. However, in case the to-be-active-balanc... • https://git.kernel.org/stable/c/5a7f555904671c0737819fe4d19bd6143de3f6c0 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47043 – media: venus: core: Fix some resource leaks in the error path of 'venus_probe()'
https://notcve.org/view.php?id=CVE-2021-47043
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venus_probe()' If an error occurs after a successful 'of_icc_get()' call, it must be undone. Use 'devm_of_icc_get()' instead of 'of_icc_get()' to avoid the leak. Update the remove function accordingly and axe the now unneeded 'icc_put()' calls. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: venus: core: corrige algunas fugas de recursos en la ruta d... • https://git.kernel.org/stable/c/32f0a6ddc8c98a1aade2bf3d07c79d5d2c6ceb9a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47042 – drm/amd/display: Free local data after use
https://notcve.org/view.php?id=CVE-2021-47042
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dc_link_construct(): unreferenced object 0xffffa03e81471400 (size 1024): comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000000bdf5c4a>] kmem_cache_alloc_trace+0x30a/0x4a0 [<... • https://git.kernel.org/stable/c/3a00c04212d1cfe1426338b78f4ead623508c874 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47041 – nvmet-tcp: fix incorrect locking in state_change sk callback
https://notcve.org/view.php?id=CVE-2021-47041
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state so we should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and nvme-tcp on the same system, where state_change callbacks on the host and on the controller side have causal relationship and made lockdep report on this with blktests: ================================ WARNING: incons... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47040 – io_uring: fix overflows checks in provide buffers
https://notcve.org/view.php?id=CVE-2021-47040
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension"). Do that with help of check_
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47039 – ataflop: potential out of bounds in do_format()
https://notcve.org/view.php?id=CVE-2021-47039
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds check to the start. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ataflop: potencial fuera de los límites en do_format() La función utiliza "tipo" como índice de matriz: q = unidad[unida... • https://git.kernel.org/stable/c/bf9c0538e485b591a2ee02d9adb8a99db4be5a2a •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47038 – Bluetooth: avoid deadlock between hci_dev->lock and socket lock
https://notcve.org/view.php?id=CVE-2021-47038
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock that could lead to deadlock. It turns out that hci_conn_get_phy() is not in any way relying on hdev being immutable during the runtime of this function, neither does it even look at any of the members of hdev, and as such there is no need to hold that lock. This ... • https://git.kernel.org/stable/c/eab2404ba798a8efda2a970f44071c3406d94e57 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47037 – ASoC: q6afe-clocks: fix reprobing of the driver
https://notcve.org/view.php?id=CVE-2021-47037
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will get cleared during first _probe call. Rewrite the driver to fill the clock data at runtime rather than using big static array of clocks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: q6afe-c... • https://git.kernel.org/stable/c/520a1c396d1966b64884d8e0176a580150d5a09e •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47036 – udp: skip L4 aggregation for UDP tunnel packets
https://notcve.org/view.php?id=CVE-2021-47036
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and there are UDP tunnels available in the system, udp_gro_receive() could end-up doing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at the outer UDP tunnel level for packets effectively carrying and UDP tunnel header. That could cause inner protocol corruption. If e.g. the relevant packets carry a vxlan header, differen... • https://git.kernel.org/stable/c/9fd1ff5d2ac7181844735806b0a703c942365291 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47035 – iommu/vt-d: Remove WO permissions on second-level paging entries
https://notcve.org/view.php?id=CVE-2021-47035
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as the PRESENT bit (implying Read permission) should always set. When using second level, we still give separate permissions that allows WriteOnly which seems inconsistent and awkward. We want to have consistent behavio... • https://git.kernel.org/stable/c/b802d070a52a1565b47daaa808872cfbd4a17b01 •