CVE-2021-47327 – iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails
https://notcve.org/view.php?id=CVE-2021-47327
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de refcount de arm_smmu_device cuando falla arm_smmu_rpm_get arm_smmu_rpm_get() invoca pm_runtime_get_sync(), lo que aumenta el refcount de "smmu" aunque el valor de retorno sea menor que 0. El problema del conteo de referencias ocurre en algunas rutas de manejo de errores de arm_smmu_rpm_get() en sus funciones de llamada. Cuando arm_smmu_rpm_get() falla, las funciones de la persona que llama se olvidan de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/3761ae0d0e549f2acdaf11f49df4ed06d256b20f https://git.kernel.org/stable/c/c4007596fbdabc29f858dc2e1990858a146b60b2 https://git.kernel.org/stable/c/fbf4daa6f4105e01fbd3868006f65c163365c1e3 https://git.kernel.org/stable/c/fe92c058199067ae90cf2a901ddf3c271893557a https://git.kernel.org/stable/c/1adf30f198c26539a62d761e45af72cde570413d • CWE-911: Improper Update of Reference Count •
CVE-2021-47325 – iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
https://notcve.org/view.php?id=CVE-2021-47325
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label when those error scenarios occur. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de recuento de referencias de arm_smmu_device en la traducción de direcciones. El problema de recuento de referencias ocurre en varias rutas de manejo de excepciones de arm_smmu_iova_to_phys_hard(). Cuando ocurren esos escenarios de error, la función se olvida de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/b11220803ad14a2a880cc06d8e01fe2548cc85b0 https://git.kernel.org/stable/c/43d1aaa1965f9b58035196dac49b1e1e6c9c25eb https://git.kernel.org/stable/c/0f0c5ea09139777d90729d408b807021f2ea6492 https://git.kernel.org/stable/c/5f9741a9a91f25c89e04b408cd61e3ab050ce24b https://git.kernel.org/stable/c/7c8f176d6a3fa18aa0f8875da6f7c672ed2a8554 •
CVE-2021-47324 – watchdog: Fix possible use-after-free in wdt_startup()
https://notcve.org/view.php?id=CVE-2021-47324
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perro guardián: soluciona el posible use after free en wdt_startup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02 https://git.kernel.org/stable/c/862f2b5a7c38762ac9e369daefbf361a91aca685 https://git.kernel.org/stable/c/0ac50a76cf3cd63db000648b3b19f3f98b8aaa76 https://git.kernel.org/stable/c/dc9403097be52d57a5c9c35efa9be79d166a78af https://git.kernel.org/stable/c/146cc288fb80c662c9c35e7bc58325d1ac0a7875 https://git.kernel.org/stable/c/a397cb4576fc2fc802562418b3a50b8f67d60d31 https://git.kernel.org/stable/c/b4ebf4a4692e84163a69444c70ad515de06e2259 https://git.kernel.org/stable/c/8adbbe6c86bb13e14f8a19e036ae5f4f5 • CWE-416: Use After Free •
CVE-2021-47323 – watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
https://notcve.org/view.php?id=CVE-2021-47323
In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: watchdog: sc520_wdt: corrige posible use after free en wdt_turnoff(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/0015581a79bbf8e521f85dddb7d3e4a66b9f51d4 https://git.kernel.org/stable/c/b4565a8a2d6bffb05bfbec11399d261ec16fe373 https://git.kernel.org/stable/c/2aef07017fae21c3d8acea9656b10e3b9c0f1e04 https://git.kernel.org/stable/c/522e75ed63f67e815d4ec0deace67df22d9ce78e https://git.kernel.org/stable/c/7c56c5508dc20a6b133bc669fc34327a6711c24c https://git.kernel.org/stable/c/a173e3b62cf6dd3c4a0a10c8a82eedfcae81a566 https://git.kernel.org/stable/c/b3c41ea5bc34d8c7b19e230d80e0e555c6f5057d https://git.kernel.org/stable/c/f0feab82f6a0323f54d85e8b512a2be64 • CWE-416: Use After Free •
CVE-2021-47322 – NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT
https://notcve.org/view.php?id=CVE-2021-47322
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when we're putting a set of writes on the commit list to reschedule them after a failed pNFS attempt. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSv4: corrige un Oops en pnfs_mark_request_commit() al hacer O_DIRECT. Corrige una condición de Oopsable en pnfs_mark_request_commit() cuando colocamos un conjunto de escrituras en la lista de confirmación para reprogramarlas después de un Intento fallido de pNFS. • https://git.kernel.org/stable/c/9c455a8c1e146dac3a6d1405fe6a7096177b9546 https://git.kernel.org/stable/c/5c7ef8a3705542136a1e19b070e951f0730b2153 https://git.kernel.org/stable/c/7c96a2ee45be41d5a167e6332d202086752c36bb https://git.kernel.org/stable/c/7aec9f862411906f8c27071ba65a1e110ad7d2fd https://git.kernel.org/stable/c/3731d44bba8e0116b052b1b374476c5f6dd9a456 •