CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46982 – f2fs: compress: fix race condition of overwrite vs truncate
https://notcve.org/view.php?id=CVE-2021-46982
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate pos_fsstress testcase complains a panic as belew: ------------[ cut here ]------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 [#1] SMP PTI CPU: 4 PID: 2753477 Comm: kworker/u16:2 Tainted: G OE 5.12.0-rc1-custom #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: writeback wb_workfn (flush-252:16) RIP: 0010:prepare_compr... • https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46981 – nbd: Fix NULL pointer in flush_workqueue
https://notcve.org/view.php?id=CVE-2021-46981
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still null. Disconnect /dev/nbdX, then reference a null recv_workq. The protection by config_refs in nbd_genl_disconnect is useless. [ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 656.368943] #PF: supervisor write access in kernel mode [ 656.369844] #PF: error_code(0x0002) - not-present... • https://git.kernel.org/stable/c/e9e006f5fcf2bab59149cb38a48a4817c1b538b4 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46980 – usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
https://notcve.org/view.php?id=CVE-2021-46980
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d ("usb: typec: ucsi: save power data objects in PD mode") introduced retrieval of the PDOs when connected to a PD-capable source. But only the first 4 PDOs are received since that is the maximum number that can be fetched at a time given the MESSAGE_IN length limitation (16 bytes). However, as per the PD spec a connected source may advertise up to a maxim... • https://git.kernel.org/stable/c/4dbc6a4ef06d6a79ff91be6fc2e90f8660031ce0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46979 – iio: core: fix ioctl handlers removal
https://notcve.org/view.php?id=CVE-2021-46979
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: core: fix ioctl handlers removal Currently ioctl handlers are removed twice. For the first time during iio_device_unregister() then later on inside iio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask(). Double free leads to kernel panic. Fix this by not touching ioctl handlers list directly but rather letting code responsible for registration call the matching cleanup routine itself. En el kernel de Linux, se ha resuel... • https://git.kernel.org/stable/c/8dedcc3eee3aceb37832176f0a1b03d5687acda3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46978 – KVM: nVMX: Always make an attempt to map eVMCS after migration
https://notcve.org/view.php?id=CVE-2021-46978
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not 'struct kvm_vmx_nested_state_hdr' and we can't read it from VP assist page because userspace may decide to restore HV_X64_MSR_VP_ASSIST_PAGE after restoring nested state (and QEMU, for example, does exactly that). T... • https://git.kernel.org/stable/c/0faceb7d6dda6f370ff1fa0464d7180f7e5cb417 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46977 – KVM: VMX: Disable preemption when probing user return MSRs
https://notcve.org/view.php?id=CVE-2021-46977
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. If the MSR holds a different value per logical CPU, the WRMSR could corrupt the host's value if KVM is preempted between the RDMSR and WRMSR, and then rescheduled on a different CPU. Opportunistically land the helper in common x86, SVM will use the helper in a future commit. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/4be5341026246870818e28b53202b001426a5aec •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46976 – drm/i915: Fix crash in auto_retire
https://notcve.org/view.php?id=CVE-2021-46976
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. However, the auto_retire function is not guaranteed to be aligned to a multiple of 4, which causes crashes as we jump to the wrong address, for example like this: 2021-04-24T18:03:53.804300Z WARNING kernel: [ 516.876901] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI 2021-04-24T18:03:53.804310Z WARNING kernel: [ 516.8... • https://git.kernel.org/stable/c/229007e02d697b0662f85378aae53531b0dfea05 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36787 – media: aspeed: fix clock handling logic
https://notcve.org/view.php?id=CVE-2020-36787
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine reset 10ms delay Enable vclk It introduces improper reset on the Video Engine hardware and eventually the hardware generates unexpected DMA memory transfers that can corrupt memory region in random and sporadic patt... • https://git.kernel.org/stable/c/d2b4387f3bdf016e266d23cf657465f557721488 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36786 – media: [next] staging: media: atomisp: fix memory leak of object flash
https://notcve.org/view.php?id=CVE-2020-36786
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func returns an error there is a memory leak on the error return path of object flash. Fix this by adding an error return path that will free flash and rename labels fail2 to fail3 and fail1 to fail2. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: [siguiente] staging: media: atomisp: corrige la... • https://git.kernel.org/stable/c/9289cdf399922a1bd801a8cd946a79581c00a380 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36785 – media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()
https://notcve.org/view.php?id=CVE-2020-36785
28 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the "asd->s3a_stats" list. It leads to a double free and a use after free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: atomisp: Corrige el use after free en atomisp_alloc_css_stat_bufs() El "s3a_buf" se libera junto con todos los demás elementos de la lista "asd->s3a_stats". Conduce a... • https://git.kernel.org/stable/c/ad85094b293e40e7a2f831b0311a389d952ebd5e •