CVSS: 0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47252 – batman-adv: Avoid WARN_ON timing related checks
https://notcve.org/view.php?id=CVE-2021-47252
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARN_ON must be used to denote kernel bugs and not to print simple warnings. A warning can simply be printed using pr_warn. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: batman-adv: Evite comprobaciones... • https://git.kernel.org/stable/c/ef0a937f7a1450d3a133ccd83c9c7d07587e7a00 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47251 – mac80211: fix skb length check in ieee80211_scan_rx()
https://notcve.org/view.php?id=CVE-2021-47251
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we hit a validation WARN_ON in cfg80211 later. [style fixes, reword commit message] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: corrige la verificación de longitud de skb en ieee80211_scan_rx() Reemplace las constantes de tiempo... • https://git.kernel.org/stable/c/cd418ba63f0c2f6157f35a41c9accc6ecb52590a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47250 – net: ipv4: fix memory leak in netlbl_cipsov4_add_std
https://notcve.org/view.php?id=CVE-2021-47250
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<... • https://git.kernel.org/stable/c/96cb8e3313c7a12e026c1ed510522ae6f6023875 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47249 – net: rds: fix memory leak in rds_recvmsg
https://notcve.org/view.php?id=CVE-2021-47249
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fa... • https://git.kernel.org/stable/c/bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47248 – udp: fix race between close() and udp_abort()
https://notcve.org/view.php?id=CVE-2021-47248
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). Both racing functions acquire the socket lock, but udp{v6}_destroy_sock() release it before performing destructive actions. We can't easily extend the socket lock scope to avoid the race, instead use the SOCK_DEAD flag to prevent udp_abort from doing any action when the critical rac... • https://git.kernel.org/stable/c/5d77dca82839ef016a93ad7acd7058b14d967752 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47247 – net/mlx5e: Fix use-after-free of encap entry in neigh update handler
https://notcve.org/view.php?id=CVE-2021-47247
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free: [23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 ... • https://git.kernel.org/stable/c/2a1f1768fa17805ca2e937e2e034a7c3433d3bdc •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47246 – net/mlx5e: Fix page reclaim for dead peer hairpin
https://notcve.org/view.php?id=CVE-2021-47246
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device is removed/unbound before the hairpin flow is deleted, then the send queue is not destroyed which leads to a stack trace on pci device remove: [ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): MA... • https://git.kernel.org/stable/c/4d8fcf216c90bc25e34ae2200aa8985ee3158898 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47245 – netfilter: synproxy: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47245
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of b... • https://git.kernel.org/stable/c/48b1de4c110a7afa4b85862f6c75af817db26fad •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47244 – mptcp: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47244
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP... • https://git.kernel.org/stable/c/cec37a6e41aae7bf3df9a3da783380a4d9325fd8 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47243 – sch_cake: Fix out of bounds when parsing TCP options and header
https://notcve.org/view.php?id=CVE-2021-47243
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: ... • https://git.kernel.org/stable/c/8b7138814f29933898ecd31dfc83e35a30ee69f5 •