CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47058 – regmap: set debugfs_name to NULL after it is freed
https://notcve.org/view.php?id=CVE-2021-47058
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debugfs_name. With below function invoking logical, debugfs_name is freed in regmap_debugfs_exit(), but it is not created again because of the if condition introduced by above commit. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_... • https://git.kernel.org/stable/c/5b654b03007917f3f1015b2a5c288c1ea6ae8f65 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47057 – crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map
https://notcve.org/view.php?id=CVE-2021-47057
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map In the case where the dma_iv mapping fails, the return error path leaks the memory allocated to object d. Fix this by adding a new error return label and jumping to this to ensure d is free'd before the return. Addresses-Coverity: ("Resource leak") En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: sun8i-ss: corrige la pérdida de memoria del objeto ... • https://git.kernel.org/stable/c/ac2614d721dea2ff273af19c6c5d508d58a2bb3e • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47056 – crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
https://notcve.org/view.php?id=CVE-2021-47056
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the vf2pf_lock is initialized in adf_dev_init(), which can fail and when it fail, the vf2pf_lock is either not initialized or destroyed, a subsequent use of vf2pf_lock will cause issue. To fix this issue, only set this flag if adf_dev_in... • https://git.kernel.org/stable/c/25c6ffb249f612c56a48ce48a3887adf57b8f4bd •
CVSS: 4.4EPSS: 0%CPEs: 11EXPL: 0CVE-2021-47055 – mtd: require write permissions for locking and badblock ioctls
https://notcve.org/view.php?id=CVE-2021-47055
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table. • https://git.kernel.org/stable/c/1c9f9125892a43901438bf704ada6b7019e2a884 •
CVSS: 2.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47054 – bus: qcom: Put child node before return
https://notcve.org/view.php?id=CVE-2021-47054
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_each_available_child_of_node() and should be decremented manually if the loop is broken in loop body. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bus: qcom: Colocar el nodo secundario antes del retorno. Colocar el ... • https://git.kernel.org/stable/c/335a127548081322bd2b294d715418648912f20c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47020 – soundwire: stream: fix memory leak in stream config error path
https://notcve.org/view.php?id=CVE-2021-47020
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at this time. This patch frees slave runtime in the config error path to fix the memory leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la pérdida de memoria en la ruta de error de configu... • https://git.kernel.org/stable/c/89e590535f32d4bc548bcf266f3b046e50942f6d •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47016 – m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
https://notcve.org/view.php?id=CVE-2021-47016
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt flag and counter overflow. As Michael reported, "This results in no timer interrupts being delivered after the first. Initialization then hangs in calibrate_delay as the jiffies counter is not updated." On mvme16x, enable the timer after requesting the irq, consistent with mvme147. En el kernel de Linux, se ha resue... • https://git.kernel.org/stable/c/7529b90d051e4629884771ba2b1d3a87d2c6a9d7 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46959 – spi: Fix use-after-free with devm_spi_alloc_*
https://notcve.org/view.php?id=CVE-2021-46959
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_spi_release_controller. This causes devices registered with devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy, non-devm managed devices and have their reference counters decremented below 0. ------------[ cut here ... • https://git.kernel.org/stable/c/a4add022c1552b0d51a0b89a4781919d6ebac4f9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26620 – s390/vfio-ap: always filter entire AP matrix
https://notcve.org/view.php?id=CVE-2024-26620
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filtering the matrix of adapters and domains assigned to the mdev. When an adapter or domain is assigned, only the APQNs associated with the APID of the new adapter or APQI of the new domain are inspected. If an APQN d... • https://git.kernel.org/stable/c/48cae940c31d2407d860d87c41d5f9871c0521db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26615 – net/smc: fix illegal rmb_desc access in SMC-D connection dump
https://notcve.org/view.php?id=CVE-2024-26615
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d