CVSS: 3.3EPSS: 0%CPEs: 11EXPL: 0CVE-2021-47055 – mtd: require write permissions for locking and badblock ioctls
https://notcve.org/view.php?id=CVE-2021-47055
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table. En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: mtd: requiere permisos de escritura para bloqueo y badblock ioctls MEMLOCK, MEMUNLOCK y OTPLOCK modifican los bits de protección. • https://git.kernel.org/stable/c/1c9f9125892a43901438bf704ada6b7019e2a884 https://git.kernel.org/stable/c/583d42400532fbd6228b0254d7c732b771e4750d https://git.kernel.org/stable/c/389c74c218d3b182e9cd767e98cee0e0fd0dabaa https://git.kernel.org/stable/c/ab1a602a9cea98aa37b2e6851b168d2a2633a58d https://git.kernel.org/stable/c/9a53e8bd59d9f070505e51d3fd19606a270e6b93 https://git.kernel.org/stable/c/f7e6b19bc76471ba03725fe58e0c218a3d6266c3 https://git.kernel.org/stable/c/36a8b2f49235e63ab3f901fe12e1b6732f075c2e https://git.kernel.org/stable/c/eb3d82abc335624a5e8ecfb75aba0b684 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47054 – bus: qcom: Put child node before return
https://notcve.org/view.php?id=CVE-2021-47054
In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_each_available_child_of_node() and should be decremented manually if the loop is broken in loop body. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bus: qcom: Colocar el nodo secundario antes del retorno. Colocar el nodo secundario antes del retorno para corregir una posible pérdida del recuento de referencias. Generalmente, el recuento de referencia del niño se incrementa y disminuye automáticamente en la macro for_each_available_child_of_node() y debe disminuirse manualmente si el bucle se rompe en el cuerpo del bucle. • https://git.kernel.org/stable/c/335a127548081322bd2b294d715418648912f20c https://git.kernel.org/stable/c/a6191e91c10e50bd51db65a00e03d02b6b0cf8c4 https://git.kernel.org/stable/c/94810fc52925eb122a922df7f9966cf3f4ba7391 https://git.kernel.org/stable/c/a399dd80e697a02cfb23e2fc09b87849994043d9 https://git.kernel.org/stable/c/3a76ec28824c01b57aa1f0927841d75e4f167cb8 https://git.kernel.org/stable/c/00f6abd3509b1d70d0ab0fbe65ce5685cebed8be https://git.kernel.org/stable/c/6b68c03dfc79cd95a58dfd03f91f6e82829a1b0c https://git.kernel.org/stable/c/c6f8e0dc8da1cd78d640dee392071cc23 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47020 – soundwire: stream: fix memory leak in stream config error path
https://notcve.org/view.php?id=CVE-2021-47020
In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at this time. This patch frees slave runtime in the config error path to fix the memory leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la pérdida de memoria en la ruta de error de configuración de stream Cuando falla la configuración de stream, el tiempo de ejecución maestro liberará todo el tiempo de ejecución esclavo en Slave_rt_list, pero el tiempo de ejecución esclavo no se agrega a la lista. en este momento. Este parche libera el tiempo de ejecución esclavo en la ruta del error de configuración para corregir la pérdida de memoria. • https://git.kernel.org/stable/c/89e590535f32d4bc548bcf266f3b046e50942f6d https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80 https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002 https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88 https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46959 – spi: Fix use-after-free with devm_spi_alloc_*
https://notcve.org/view.php?id=CVE-2021-46959
In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_spi_release_controller. This causes devices registered with devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy, non-devm managed devices and have their reference counters decremented below 0. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98) [<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24) r4:b6700140 [<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40) [<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8) Instead, determine the devm allocation state as a flag on the controller which is guaranteed to be stable during cleanup. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: corrige el Use-After-Free con devm_spi_alloc_* No podemos confiar en el contenido de la lista devres durante spi_unregister_controller(), ya que la lista ya está eliminada en ese momento. Realizamos devres_find() para devm_spi_release_controller. Esto hace que los dispositivos registrados con devm_spi_alloc_{master,slave}() se identifiquen erróneamente como dispositivos heredados, no administrados por devm y sus contadores de referencia disminuyan por debajo de 0. ------------[ cortar aquí ] ------------ ADVERTENCIA: CPU: 1 PID: 660 en lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [] (refcount_warn_saturate) de [] (kobject_put+ 0x90/0x98) [] (kobject_put) de [] (put_device+0x20/0x24) r4:b6700140 [] (put_device) de [] (devm_spi_release_controller+0x3c/0x40 ) [ ] (devm_spi_release_controller) de [] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [] (release_nodes) de [] (devres_release_all+0x5c/0x6 0) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [] (devres_release_all) de [] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [] (__device_release_driver) de [< b044f70c>] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [] (device_driver_detach) de [ ] (unbind_store+0xe4/0xf8) en su lugar , determine el estado de asignación devm como un indicador en el controlador que se garantiza que será estable durante la limpieza. • https://git.kernel.org/stable/c/a4add022c1552b0d51a0b89a4781919d6ebac4f9 https://git.kernel.org/stable/c/0870525cf94bc27907e94ce99afb6d7239ffd2f5 https://git.kernel.org/stable/c/8c45a1c6c951bbe7f95db78fcab46f7337364468 https://git.kernel.org/stable/c/234b432c7b6184b2d6c5ba2c55f0dd5023c0edf0 https://git.kernel.org/stable/c/3e04a4976addbedcad326f47b0dd4efc570a1fac https://git.kernel.org/stable/c/5e844cc37a5cbaa460e68f9a989d321d63088a89 https://git.kernel.org/stable/c/bd1a5b2307279029faaddbecf2f2ac25eaef8dc6 https://git.kernel.org/stable/c/62bb2c7f2411a0045c24831f11ecacfc3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26615 – net/smc: fix illegal rmb_desc access in SMC-D connection dump
https://notcve.org/view.php?id=CVE-2024-26615
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL> - continuously dump SMC-D connections in parallel: watch -n 1 'smcss -D' BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x66/0x150 ? exc_page_fault+0x69/0x140 ? • https://git.kernel.org/stable/c/4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22 https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9 https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3e • CWE-476: NULL Pointer Dereference •