CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47340 – jfs: fix GPF in diFree
https://notcve.org/view.php?id=CVE-2021-47340
21 May 2024 — GFP will appear: struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap; struct inomap *imap = JFS_IP(ipimap)->i_imap; JFS_IP() will return invalid pointer when ipimap == NULL Call Trace: diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1] jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154 evict+0x2ed/0x750 fs/inode.c:578 iput_final fs/inode.c:1654 [inline] iput.part.0+0x3fe/0x820 fs/inode.c:1680 iput+0x58/0x70 fs/inode.c:1670 En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: jfs: corrige GPF en diFr... • https://git.kernel.org/stable/c/7bde24bde490f3139eee147efc6d60d6040fe975 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47339 – media: v4l2-core: explicitly clear ioctl input data
https://notcve.org/view.php?id=CVE-2021-47339
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers. In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementa... • https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8 •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47338 – fbmem: Do not delete the mode that is still in use
https://notcve.org/view.php?id=CVE-2021-47338
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). ... • https://git.kernel.org/stable/c/13ff178ccd6d3b8074c542a911300b79c4eec255 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47337 – scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
https://notcve.org/view.php?id=CVE-2021-47337
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()") changed the allocation logic to call put_device() to perform host cleanup with the assumption that IDA removal and stopping the kthread would properly be performed in scsi_host_dev_release(). In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad p... • https://git.kernel.org/stable/c/8958181c1663e24a13434448e7d6b96b5d04900a •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47336 – smackfs: restrict bytes count in smk_set_cipso()
https://notcve.org/view.php?id=CVE-2021-47336
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: smackfs: restringir el recuento de bytes en smk_set_cipso() Oops, no pude actualizar la línea de asunto. ... In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. • https://git.kernel.org/stable/c/5f9880403e6b71d56924748ba331daf836243fca •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47335 – f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances
https://notcve.org/view.php?id=CVE-2021-47335
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 (in kfence-#10): kmem_cache_destroy+0x1f/0x120 mm/slab_common.c:486 f2fs_recover_fsync_data+0x75b0/0x8380 fs/f2fs/recovery.c:869 f2fs_fill_super+0x9393/0xa420 fs/f2fs/super.c:3945 mount_bdev+0x26c/0x3a0 fs/super.c:1367 legacy_get_tree+0xea/0x1... • https://git.kernel.org/stable/c/86786603014e0a22d0d6af8e80ae4b8687927048 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47334 – misc/libmasm/module: Fix two use after free in ibmasm_init_one
https://notcve.org/view.php?id=CVE-2021-47334
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). • https://git.kernel.org/stable/c/1512e7dc5eb08b7d92a12e2bfcd9cb8c4a1ec069 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47333 – misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
https://notcve.org/view.php?id=CVE-2021-47333
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL. • https://git.kernel.org/stable/c/d2639ffdcad463b358b6bef8645ff81715daffcb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47332 – ALSA: usx2y: Don't call free_pages_exact() with NULL address
https://notcve.org/view.php?id=CVE-2021-47332
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA... • https://git.kernel.org/stable/c/88262229b778f4f7a896da828d966f94dcb35d19 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47331 – usb: common: usb-conn-gpio: fix NULL pointer dereference of charger
https://notcve.org/view.php?id=CVE-2021-47331
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises before the charger registration, it will cause a NULL pointer dereference, fix the issue by registering the power supply before requesting IDDIG/VBUS irq. In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When powe... • https://git.kernel.org/stable/c/8e8d910e9a3a7fba86140aff4924c30955ab228b •