CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47248 – udp: fix race between close() and udp_abort()
https://notcve.org/view.php?id=CVE-2021-47248
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup(). The root cause is udp_abort() racing with close(). ... Diagnosed-and-tested-by: Kaustubh Pandey
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47247 – net/mlx5e: Fix use-after-free of encap entry in neigh update handler
https://notcve.org/view.php?id=CVE-2021-47247
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free: [23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x14... • https://git.kernel.org/stable/c/2a1f1768fa17805ca2e937e2e034a7c3433d3bdc •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47246 – net/mlx5e: Fix page reclaim for dead peer hairpin
https://notcve.org/view.php?id=CVE-2021-47246
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. ... syscall_enter_from_user_mode+0x1d/0x50 [ 748.001223] do_syscall_64+0x3f/0x80 [ 748.000892] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 748.00 ---truncated--- En el kernel de Linux, se resolvió la siguiente vulnerabilidad... • https://git.kernel.org/stable/c/4d8fcf216c90bc25e34ae2200aa8985ee3158898 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47245 – netfilter: synproxy: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47245
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. ... En el kernel de Linux, se resolvió ... • https://git.kernel.org/stable/c/48b1de4c110a7afa4b85862f6c75af817db26fad •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47244 – mptcp: Fix out of bounds when parsing TCP options
https://notcve.org/view.php?id=CVE-2021-47244
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mptcp: correcci... • https://git.kernel.org/stable/c/cec37a6e41aae7bf3df9a3da783380a4d9325fd8 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47243 – sch_cake: Fix out of bounds when parsing TCP options and header
https://notcve.org/view.php?id=CVE-2021-47243
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt and cake_tcph_may_drop) could read one byte out of bounds. ... En el ... • https://git.kernel.org/stable/c/8b7138814f29933898ecd31dfc83e35a30ee69f5 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47242 – mptcp: fix soft lookup in subflow_error_report()
https://notcve.org/view.php?id=CVE-2021-47242
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lookup in subflow_error_report() Maxim reported a soft lookup in subflow_error_report(): watchdog: BUG: soft lockup - CPU#0 stuck for 22s! In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lookup in subflow_error_report() Maxim reported a soft lookup in subflow_error_report(): watchdog: BUG: soft lockup - CPU#0 stuck for 22s! ... En el kernel de Linux, se resolvió la sig... • https://git.kernel.org/stable/c/15cc10453398c22f78f6c2b897119ecce5e5dd89 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47241 – ethtool: strset: fix message length calculation
https://notcve.org/view.php?id=CVE-2021-47241
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message payload length (684) not sufficient WARNING: CPU: 0 PID: 30967 at net/ethtool/netlink.c:369 ethnl_default_doit+0x87a/0xa20 and a splat. ... Or with syzbot :) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ethto... • https://git.kernel.org/stable/c/71921690f9745fef60a2bad425f30adf8cdc9da0 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47240 – net: qrtr: fix OOB Read in qrtr_endpoint_post
https://notcve.org/view.php?id=CVE-2021-47240
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qrtr: arreglar OOB Lectura en qrtr_endpoint_post. ... In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. • https://git.kernel.org/stable/c/194ccc88297ae78d0803adad83c6dcc369787c9e •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47239 – net: usb: fix possible use-after-free in smsc75xx_bind
https://notcve.org/view.php?id=CVE-2021-47239
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xx_bind The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind") fails to clean up the work scheduled in smsc75xx_reset-> smsc75xx_set_multicast, which leads to use-after-free if the work is scheduled to start after the deallocation. In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xx_bind The commit 4... • https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa •