CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46992 – netfilter: nftables: avoid overflows in nft_hash_buckets()
https://notcve.org/view.php?id=CVE-2021-46992
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Goo... • https://git.kernel.org/stable/c/0ed6389c483dc77cdbdd48de0ca7ce41723dd667 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-46991 – i40e: Fix use-after-free in i40e_client_subtask()
https://notcve.org/view.php?id=CVE-2021-46991
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: Se corrige use-after-free en i40e_client_subtask() Actualmente la llamada a i40e_client_del_... • https://git.kernel.org/stable/c/7b0b1a6d0ac983ce1928432285d0222d4fb7c38b •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46990 – powerpc/64s: Fix crashes when toggling entry flush barrier
https://notcve.org/view.php?id=CVE-2021-46990
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip... • https://git.kernel.org/stable/c/4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-46989 – hfsplus: prevent corruption in shrinking truncate
https://notcve.org/view.php?id=CVE-2021-46989
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: avoid deadlock on file truncation") HFS+ has extent records which always contains 8 extents. In case the first extent record in catalog file gets full, new ones are allocated from extents overflow file. In case shrinking truncate happens to middle of an extent record which locates in extents overflow file, the logic... • https://git.kernel.org/stable/c/31651c607151f1034cfb57e5a78678bea54c362b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46988 – userfaultfd: release page in error path to avoid BUG_ON
https://notcve.org/view.php?id=CVE-2021-46988
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmem_mfill_atomic_pte(). We successfully account the blocks, we shmem_alloc_page(), but then the copy_from_user() fails. We return -ENOENT. We don't release the page we allocated. 2. • https://git.kernel.org/stable/c/cb658a453b9327ce96ce5222c24d162b5b65b564 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46987 – btrfs: fix deadlock when cloning inline extents and using qgroups
https://notcve.org/view.php?id=CVE-2021-46987
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we end up starting a transaction while having a dirty page for the destination inode and while having the range locked in the destination's inode iotree too. Because when reserving metadata space for a transaction we ma... • https://git.kernel.org/stable/c/c53e9653605dbf708f5be02902de51831be4b009 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46986 – usb: dwc3: gadget: Free gadget structure only after freeing endpoints
https://notcve.org/view.php?id=CVE-2021-46986
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a ("usb: dwc3: allocate gadget structure dynamically") the dwc3_gadget_release() was added which will free the dwc->gadget structure upon the device's removal when usb_del_gadget_udc() is called in dwc3_gadget_exit(). However, simply freeing the gadget results a dangling pointer situation: the endpoints created in dwc3_gadget_init_endpoints() ... • https://git.kernel.org/stable/c/e81a7018d93a7de31a3f121c9a7eecd0a5ec58b0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46985 – ACPI: scan: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2021-46985
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ACPI: scan: Corregir pérdida de memoria en una ruta de manejo de errores Si falla 'acpi_device_set_name()' debemos liberar 'acpi_device_bus_id->bus_id' o hay una (potencial) memoria filtración. In the Li... • https://git.kernel.org/stable/c/e5cdbe419004e172f642e876a671a9ff1c52f8bb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46984 – kyber: fix out of bounds access when preempted
https://notcve.org/view.php?id=CVE-2021-46984
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted __blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and passes the hctx to ->bio_merge(). kyber_bio_merge() then gets the ctx for the current CPU again and uses that to get the corresponding Kyber context in the passed hctx. However, the thread may be preempted between the two calls to blk_mq_get_ctx(), and the ctx returned the second time may no longer correspond to the passed... • https://git.kernel.org/stable/c/a6088845c2bf754d6cb2572b484180680b037804 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46983 – nvmet-rdma: Fix NULL deref when SEND is completed with error
https://notcve.org/view.php?id=CVE-2021-46983
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmet_rdma_error_comp which tried accessing the cq_context to obtain the queue. The cq_context is no longer valid after the fix to use shared CQ mechanism and should be obtained similar to how it is obtained in other functions from the wc->qp. [ 905.786331] nvmet_r... • https://git.kernel.org/stable/c/ca0f1a8055be2a04073af435dc68419334481638 • CWE-476: NULL Pointer Dereference •