CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47590 – mptcp: fix deadlock in __mptcp_push_pending()
https://notcve.org/view.php?id=CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mptcp: corrige el punto muerto en __mptcp_push_pending() __mptcp_push_pending() puede llamar a mptcp_flush_join_list() con el bloqueo del socket de subflujo retenido. • https://git.kernel.org/stable/c/1b3e7ede1365a24db1b4fd837e58a595f52fa4ad https://git.kernel.org/stable/c/23311b92755ffa9087332d1bb8c71c0f6a10cc08 https://git.kernel.org/stable/c/3d79e3756ca90f7a6087b77b62c1d9c0801e0820 https://access.redhat.com/security/cve/CVE-2021-47590 https://bugzilla.redhat.com/show_bug.cgi?id=2293237 • CWE-833: Deadlock •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47589 – igbvf: fix double free in `igbvf_probe`
https://notcve.org/view.php?id=CVE-2021-47589
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. ... igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] Allocated by task 366: [ 35.166414] ____kasan_kmalloc+0xc4/0xf0 [ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713] [ 35.179993] Freed by task 366: [ 35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_free_info+0x1f/0x40 [ 35.181942] ____kasan_slab_free+0x103/0x140 [ 35.182703] kfree+0xe3/0x250 [ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] [ 35.184040] local_pci_probe+0x13c/0x1f0 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igbvf: corrige double free en `igbvf_probe` En `igbvf_probe`, si Register_netdev() falla, el programa irá a la etiqueta err_hw_init y luego a la etiqueta err_ioremap. • https://git.kernel.org/stable/c/d4e0fe01a38a073568aee541a0247fe734095979 https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47588 – sit: do not call ipip6_dev_free() from sit_init_net()
https://notcve.org/view.php?id=CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust against multiple invocations, but other drivers do not implement this strategy. syzbot reported: dst_release underflow WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 Modules linked in: CPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173 Code: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48 RSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246 RAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000 RDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c R10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358 R13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000 FS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160 ipip6_dev_free net/ipv6/sit.c:1414 [inline] sit_init_net+0x229/0x550 net/ipv6/sit.c:1936 ops_init+0x313/0x430 net/core/net_namespace.c:140 setup_net+0x35b/0x9d0 net/core/net_namespace.c:326 copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470 create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226 ksys_unshare+0x57d/0xb50 kernel/fork.c:3075 __do_sys_unshare kernel/fork.c:3146 [inline] __se_sys_unshare kernel/fork.c:3144 [inline] __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f66c882ce99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200 RBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000 </TASK> En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sit: no llame a ipip6_dev_free() desde sit_init_net() ipip6_dev_free es sit dev->priv_destructor, ya llamado por Register_netdevice() si algo sale mal. • https://git.kernel.org/stable/c/cf124db566e6b036b8bcbe8decbed740bdfac8c6 https://git.kernel.org/stable/c/95876855a55072572895a236b156ffb357fd5538 https://git.kernel.org/stable/c/4e1797914d8f223726ff6ae5ece4f97d73f21bab https://git.kernel.org/stable/c/e56b65c1e74d7f706d74b51baba15187be2fb4b5 https://git.kernel.org/stable/c/ad0ed314d6167b212939e3839428ba0c8bb16adb https://git.kernel.org/stable/c/6f46c59e60b64620d5d386c8ee2eaa11ebe3b595 https://git.kernel.org/stable/c/44a6c846bc3a7efe7d394bab8b2ae3b7f580e190 https://git.kernel.org/stable/c/e28587cc491ef0f3c51258fdc87fbc386 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47587 – net: systemport: Add global locking for descriptor lifecycle
https://notcve.org/view.php?id=CVE-2021-47587
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: systemport: agregue bloqueo global para el ciclo de vida del descriptor. • https://git.kernel.org/stable/c/80105befdb4b8cea924711b40b2462b87df65b62 https://git.kernel.org/stable/c/8ed2f5d08d6e59f8c78b2869bfb95d0be32c094c https://git.kernel.org/stable/c/de57f62f76450b934de8203711bdc4f7953c3421 https://git.kernel.org/stable/c/f3fde37d3f0d429f0fcce214cb52588a9e21260e https://git.kernel.org/stable/c/595a684fa6f23b21958379a18cfa83862c73c2e1 https://git.kernel.org/stable/c/c675256a7f131f5ba3f331efb715e8f31ea0e392 https://git.kernel.org/stable/c/6e1011cd183faae8daff275c72444edcdfe0d473 https://git.kernel.org/stable/c/eb4687c7442942e115420a30185f8d83f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47586 – net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
https://notcve.org/view.php?id=CVE-2021-47586
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN informa una lectura fuera de los límites en rk_gmac_setup en la línea: while (ops->regs[i]) { Esto sucede en la mayoría de las plataformas, ya que el miembro de la matriz flexible regs está vacío, por lo que aquí se lee la memoria después de la estructura de operaciones. • https://git.kernel.org/stable/c/3bb3d6b1c1957e88bfc5e77a4557f7e6ba761fe3 https://git.kernel.org/stable/c/0b4a5d1e15ce72f69be48f38dc0401dab890ae0f https://git.kernel.org/stable/c/0546b224cc7717cc8a2db076b0bb069a9c430794 • CWE-125: Out-of-bounds Read •