CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26621 – mm: huge_memory: don't force huge page alignment on 32 bit
https://notcve.org/view.php?id=CVE-2024-26621
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/ [2] https://lore.kernel.o... • https://git.kernel.org/stable/c/1854bc6e2420472676c5c90d3d6b15f6cd640e40 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48627 – vt: fix memory overlapping when deleting chars in the buffer
https://notcve.org/view.php?id=CVE-2022-48627
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to memcpy because memcpy does not ensure its behavior if the destination buffer overlaps with the source buffer. The line buffer is not always broken, because the memcpy utilizes the hardware acceleration, whose result is not deterministi... • https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47081 – habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory
https://notcve.org/view.php?id=CVE-2021-47081
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory Our code analyzer reported a uaf. In gaudi_memset_device_memory, cb is get via hl_cb_kernel_create() with 2 refcount. If hl_cs_allocate_job() failed, the execution runs into release_cb branch. One ref of cb is dropped by hl_cb_put(cb) and could be freed if other thread also drops one ref. Then cb is used by cb->id later, which is a potential uaf. My patch add a v... • https://git.kernel.org/stable/c/423815bf02e257091d5337be5c63b57fc29e4254 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47080 – RDMA/core: Prevent divide-by-zero error triggered by the user
https://notcve.org/view.php?id=CVE-2021-47080
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following divide-by-zero error: divide error: 0000 [#1] SMP KASAN PTI CPU: 4 PID: 497 Comm: c_repro Not tainted 5.13.0-rc1+ #281 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qe... • https://git.kernel.org/stable/c/9f85cbe50aa044a46f0a22fda323fa27b80c82da • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47079 – platform/x86: ideapad-laptop: fix a NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47079
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytc_cql_command should not be NULL since it will be dereferenced immediately. In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytc_cql_command should not be NULL since it will be dereferenced immediately. • https://git.kernel.org/stable/c/ff36b0d953dc4cbc40a72945920ff8e805f1b0da •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47078 – RDMA/rxe: Clear all QP fields if creation failed
https://notcve.org/view.php?id=CVE-2021-47078
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caused tot the following error. refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 12560 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28 Modules linked in: CPU: 1 PID: 12560 Comm: syz-executor.4 Not tain... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47077 – scsi: qedf: Add pointer checks in qedf_update_link_speed()
https://notcve.org/view.php?id=CVE-2021-47077
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061]
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47076 – RDMA/rxe: Return CQE error if invalid lkey was supplied
https://notcve.org/view.php?id=CVE-2021-47076
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_gene... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47075 – nvmet: fix memory leak in nvmet_alloc_ctrl()
https://notcve.org/view.php?id=CVE-2021-47075
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_max of the subsystem, and jumps to the "out_free_changed_ns_list" label, but the ctrl->sqs lack of be freed. Fix this by jumping to the "out_free_sqs" label. In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if t... • https://git.kernel.org/stable/c/94a39d61f80fcd679debda11e1ca02b88d90e67e •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47074 – nvme-loop: fix memory leak in nvme_loop_create_ctrl()
https://notcve.org/view.php?id=CVE-2021-47074
01 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label. In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping ... • https://git.kernel.org/stable/c/3a85a5de29ea779634ddfd768059e06196687aba •