CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47024 – vsock/virtio: free queued packets when closing socket
https://notcve.org/view.php?id=CVE-2021-47024
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before re... • https://git.kernel.org/stable/c/ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47023 – net: marvell: prestera: fix port event handling on init
https://notcve.org/view.php?id=CVE-2021-47023
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port events are handling at the same time because fw may send initial port event with down state. The crash points to cancel_delayed_work() which is called when port went is down. Currently I did not find out the real cause of the issue, so fixed it by cancel port stats work only if previous port's state was up & runnig. T... • https://git.kernel.org/stable/c/501ef3066c89d7f9045315e1be58749cf9e6814d • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47022 – mt76: mt7615: fix memleak when mt7615_unregister_device()
https://notcve.org/view.php?id=CVE-2021-47022
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615_unregister_device() mt7615_tx_token_put() should get call before mt76_free_pending_txwi(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7615: corrige memleak cuando mt7615_unregister_device() mt7615_tx_token_put() debería recibir una llamada antes que mt76_free_pending_txwi(). • https://git.kernel.org/stable/c/aec5719681405af21102c2407b01f83ed19e9833 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47021 – mt76: mt7915: fix memleak when mt7915_unregister_device()
https://notcve.org/view.php?id=CVE-2021-47021
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix memleak when mt7915_unregister_device() mt7915_tx_token_put() should get call before mt76_free_pending_txwi(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7915: corrige memleak cuando mt7915_unregister_device() mt7915_tx_token_put() debería recibir una llamada antes que mt76_free_pending_txwi(). • https://git.kernel.org/stable/c/4e9e896f81932e337a93ad61cd3d9647571c4637 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47019 – mt76: mt7921: fix possible invalid register access
https://notcve.org/view.php?id=CVE-2021-47019
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensure the irq tasklet is not being scheduled after the suspend to avoid the possible invalid register access acts when the host pcie controller is suspended. [17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs [17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 1... • https://git.kernel.org/stable/c/ffa1bf97425bd511b105ce769976e20a845a71e9 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47018 – powerpc/64: Fix the definition of the fixmap area
https://notcve.org/view.php?id=CVE-2021-47018
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space. Because of circular dependencies, it is not possible to include asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size AREA at the top of the I/O space for fixmap and ensure during build that the size is ... • https://git.kernel.org/stable/c/265c3491c4bc8d40587996d6ee2f447a7ccfb4f3 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47017 – ath10k: Fix a use after free in ath10k_htc_send_bundle
https://notcve.org/view.php?id=CVE-2021-47017
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len. As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to skb_len after the bundle_skb was freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath10k: corrige un use after free en ath10k_htc_send_bundle En ath10k_h... • https://git.kernel.org/stable/c/c8334512f3dd1b94844baca629f9bedca4271593 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47015 – bnxt_en: Fix RX consumer index logic in the error path.
https://notcve.org/view.php?id=CVE-2021-47015
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order. If the RX consumer index indicates an out of order buffer completion, it means we are hitting a hardware bug and the driver will abort all remaining RX packets and reset the RX ring. The RX consumer index that we pass to bnxt_discard_rx() is not correct. We should be passing the current index (tmp_raw_cons) instead of ... • https://git.kernel.org/stable/c/a1b0e4e684e9c300b9e759b46cb7a0147e61ddff •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47014 – net/sched: act_ct: fix wild memory access when clearing fragments
https://notcve.org/view.php?id=CVE-2021-47014
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f] CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424 Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017 RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0 Code: 00... • https://git.kernel.org/stable/c/ae372cb1750f6c95370f92fe5f5620e0954663ba •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47013 – net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
https://notcve.org/view.php?id=CVE-2021-47013
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len t... • https://git.kernel.org/stable/c/b9b17debc69d27cd55e21ee51a5ba7fc50a426cf • CWE-416: Use After Free •