CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47615 – RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow
https://notcve.org/view.php?id=CVE-2021-47615
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though it is a user MR. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/mlx5: Se corrigió la liberación de memoria no asignada en el flujo de MR dereg. • https://git.kernel.org/stable/c/f18ec422311767738ef4033b61e91cae07163b22 https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47614 – RDMA/irdma: Fix a user-after-free in add_pble_prm
https://notcve.org/view.php?id=CVE-2021-47614
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdma_hmc_sd_one. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/irdma: corrige un user-after-free en add_pble_prm Cuando falla irdma_hmc_sd_one, el 'fragmento' se libera mientras todavía está en la lista de información de PBLE. • https://git.kernel.org/stable/c/e8c4dbc2fcacf5a7468d312168bb120c27c38b32 https://git.kernel.org/stable/c/11eebcf63e98fcf047a876a51d76afdabc3b8b9b https://git.kernel.org/stable/c/1e11a39a82e95ce86f849f40dda0d9c0498cebd9 https://access.redhat.com/security/cve/CVE-2021-47614 https://bugzilla.redhat.com/show_bug.cgi?id=2293265 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47613 – i2c: virtio: fix completion handling
https://notcve.org/view.php?id=CVE-2021-47613
In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called without any of the queued buffers being completed (for example, with virtio-pci and shared interrupts) or with only some of the buffers being completed (since the driver makes them available to the device in multiple separate virtqueue_add_sgs() calls). This can lead to incorrect data on the I2C bus or memory corruption in the guest if the device operates on buffers which are have been freed by the driver. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: virtio: manejo de finalización de reparación El controlador actualmente supone que la devolución de llamada de notificación solo se recibe cuando el dispositivo termina con todos los búferes en cola. • https://git.kernel.org/stable/c/3cfc88380413d20f777dc6648a38f683962e52bf https://git.kernel.org/stable/c/9cbb957441ed8873577d7d313a3d79d69f1dad5c https://git.kernel.org/stable/c/b503de239f62eca898cfb7e820d9a35499137d22 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Call Trace: <TASK> class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 netlink_sock_destruct+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 process_one_work+0x411/0x710 worker_thread+0x6fd/0xa80 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: corrige el error de segmentación en nfc_genl_dump_devices_done Cuando falla kmalloc en nfc_genl_dump_devices(), entonces el error de segmentación de nfc_genl_dump_devices_done() se muestra a continuación KASAN: null-ptr-deref en el rango [0x0000000000000008-0x00 0000000000000f] CPU: 0 PID : 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/ 2014 Cola de trabajo: eventos netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Seguimiento de llamadas: class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 estructura+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 Process_one_work+0x411/0x710 trabajador_thread+0x6fd/0xa80 • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3 https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112 https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181 https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e203 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47611 – mac80211: validate extended element ID is present
https://notcve.org/view.php?id=CVE-2021-47611
In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mac80211: validar que el ID del elemento extendido esté presente Antes de intentar analizar un elemento extendido, verifique que el ID del elemento extendido esté presente. • https://git.kernel.org/stable/c/41cbb0f5a29592874355e4159489eb08337cd50e https://git.kernel.org/stable/c/03029bb044ccee60adbc93e70713f3ae58abc3a1 https://git.kernel.org/stable/c/a19cf6844b509d44ecbd536f33d314d91ecdd2b5 https://git.kernel.org/stable/c/7fd214fc7f2ee3a89f91e717e3cfad55f5a27045 https://git.kernel.org/stable/c/c62b16f98688ae7bc0ab23a6490481f4ce9b3a49 https://git.kernel.org/stable/c/768c0b19b50665e337c96858aa2b7928d6dcf756 •