CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47253 – drm/amd/display: Fix potential memory leak in DMUB hw_init
https://notcve.org/view.php?id=CVE-2021-47253
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resume scenarios. [How] Allocate memory for the DC wrapper to DMUB only if it was not allocated before. No need to reallocate it on suspend/resume. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige una posible pérdida de memoria en DMUB hw_init [Por qué] Al reanudar ejecutamos DMUB hw_init que asigna memoria: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc Eso resulta en pérdida de memoria en escenarios de suspensión/reanudación. [Cómo] Asigne memoria para el contenedor DC a DMUB solo si no se asignó antes. No es necesario reasignarlo al suspender/reanudar. • https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c https://git.kernel.org/stable/c/aa000f828e60ac15d6340f606ec4a673966f5b0b https://git.kernel.org/stable/c/c5699e2d863f58221044efdc3fa712dd32d55cde •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47252 – batman-adv: Avoid WARN_ON timing related checks
https://notcve.org/view.php?id=CVE-2021-47252
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARN_ON must be used to denote kernel bugs and not to print simple warnings. A warning can simply be printed using pr_warn. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: batman-adv: Evite comprobaciones relacionadas con el tiempo WARN_ON. La interfaz soft/batadv para un MDS en cola se puede cambiar durante el tiempo que el MDS estuvo en cola para transmisión y cuando el MDS realmente se transmite por el trabajador. Pero WARN_ON debe usarse para indicar errores del kernel y no para imprimir simples advertencias. • https://git.kernel.org/stable/c/ef0a937f7a1450d3a133ccd83c9c7d07587e7a00 https://git.kernel.org/stable/c/45011f2973f6b52cf50db397bb27bf805f5f0e7f https://git.kernel.org/stable/c/6031daaaf6d5c359c99dfffa102e332df234ff09 https://git.kernel.org/stable/c/77a99aad5bc3ea105806ebae6be3cbadc2fc615e https://git.kernel.org/stable/c/e8e9d2968a9d08bf5c683afca182f1537edebf8d https://git.kernel.org/stable/c/e7fbd8184fa9e85f0d648c499841cb7ff6dec9f4 https://git.kernel.org/stable/c/282baa8104af44e04c4af3e7f933b44267c7f86f https://git.kernel.org/stable/c/2eb4e0b3631832a4291c8bf4c9db873f6 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47251 – mac80211: fix skb length check in ieee80211_scan_rx()
https://notcve.org/view.php?id=CVE-2021-47251
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we hit a validation WARN_ON in cfg80211 later. [style fixes, reword commit message] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: corrige la verificación de longitud de skb en ieee80211_scan_rx() Reemplace las constantes de tiempo de compilación codificadas para la verificación de la longitud del encabezado con determinación dinámica basada en el tipo de trama. De lo contrario, obtendremos un WARN_ON de validación en cfg80211 más adelante. [correcciones de estilo, reformular mensaje de confirmación] • https://git.kernel.org/stable/c/cd418ba63f0c2f6157f35a41c9accc6ecb52590a https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126 https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47250 – net: ipv4: fix memory leak in netlbl_cipsov4_add_std
https://notcve.org/view.php?id=CVE-2021-47250
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350 [<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 [<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47 [<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae The memory of doi_def->map.std pointing is allocated in netlbl_cipsov4_add_std, but no place has freed it. It should be freed in cipso_v4_doi_free which frees the cipso DOI resource. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la pérdida de memoria en netlbl_cipsov4_add_std. Reportado por syzkaller: BUG: pérdida de memoria objeto sin referencia 0xffff888105df7000 (tamaño 64): comm "syz-executor842", pid 360, jiffies 4294824824 ( edad 22,546 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [en línea] [<00000000e67ed558> ] kzalloc include/linux/slab.h:720 [en línea] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [en línea] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x234 0 net/netlabel/netlabel_cipso_v4.c: 416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [en línea] 00000204d7a1c>] genl_rcv_msg+0x2bf /0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 11 [ <000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [en línea] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] enviar mensaje+0x789/0xc70 net/netlink/ af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [en línea] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d19 69>] ____sys_sendmsg+0x658/0x7d0 neto/ socket.c:2350 [<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 4ee8b6a5>] do_syscall_64+0x37/0x90 arco /x86/entry/common.c:47 [<00000000171c7cee>] Entry_SYSCALL_64_after_hwframe+0x44/0xae La memoria de apuntamiento doi_def->map.std está asignada en netlbl_cipsov4_add_std, pero no se ha liberado ningún lugar. Debe liberarse en cipso_v4_doi_free, lo que libera el recurso cipso DOI. • https://git.kernel.org/stable/c/96cb8e3313c7a12e026c1ed510522ae6f6023875 https://git.kernel.org/stable/c/212166510582631994be4f4b3fe15e10a03c1dd4 https://git.kernel.org/stable/c/086e92b1d68c6338535f715aad173f8cf4bfbc8c https://git.kernel.org/stable/c/6dcea66d3bb519b426282588f38e884e07893c1f https://git.kernel.org/stable/c/5340858147e3dc60913fb3dd0cbb758ec4a26e66 https://git.kernel.org/stable/c/398a24447eb60f060c8994221cb5ae6caf355fa1 https://git.kernel.org/stable/c/deeeb65c6ee404f2d1fb80b38b2730645c0f4663 https://git.kernel.org/stable/c/0ffb460be3abac86f884a8c548bb02724 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47249 – net: rds: fix memory leak in rds_recvmsg
https://notcve.org/view.php?id=CVE-2021-47249
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:rds: corrige pérdida de memoria en rds_recvmsg. Syzbot informó pérdida de memoria en rds. • https://git.kernel.org/stable/c/bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a •