CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46961 – irqchip/gic-v3: Do not enable irqs when handling spurious interrups
https://notcve.org/view.php?id=CVE-2021-46961
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------ [ 14.816231] kernel BUG at irq.c:99! [ 14.816232] Internal error: Oops - BUG: 0 [#1] SMP [ 14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____)) [ 14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G ... • https://git.kernel.org/stable/c/3f1f3234bc2db1c16b9818b9a15a5d58ad45251c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46960 – cifs: Return correct error code from smb2_get_enc_key
https://notcve.org/view.php?id=CVE-2021-46960
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947] ------------[ cut here ]------------ [440700.386948] err = 1 [440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm... • https://git.kernel.org/stable/c/61cfac6f267dabcf2740a7ec8a0295833b28b5f5 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46958 – btrfs: fix race between transaction aborts and fsyncs leading to use-after-free
https://notcve.org/view.php?id=CVE-2021-46958
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following: BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: er... • https://git.kernel.org/stable/c/ef67963dac255b293e19815ea3d440567be4626f •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46957 – riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
https://notcve.org/view.php?id=CVE-2021-46957
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe The execution of sys_read end up hitting a BUG_ON() in __find_get_block after installing kprobe at sys_read, the BUG message like the following: [ 65.708663] ------------[ cut here ]------------ [ 65.709987] kernel BUG at fs/buffer.c:1251! [ 65.711283] Kernel BUG [#1] [ 65.712032] Modules linked in: [ 65.712925] CPU: 0 PID: 51 Comm: sh Not tainted 5.12.0-rc4 #1 [ 65.7144... • https://git.kernel.org/stable/c/c22b0bcb1dd024cb9caad9230e3a387d8b061df5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46956 – virtiofs: fix memory leak in virtio_fs_probe()
https://notcve.org/view.php?id=CVE-2021-46956
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (that's when I realised the duplicated tag): virtiofs: probe of virtio5 failed with error -17 Here's the kmemleak log for reference: unreferenced object 0xffff888103d47800 (size 1024): comm "systemd-udevd", pid 118, jiffies 4294893780 (a... • https://git.kernel.org/stable/c/a62a8ef9d97da23762a588592c8b8eb50a8deb6a •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-46955 – openvswitch: fix stack OOB read while fragmenting IPv4 packets
https://notcve.org/view.php?id=CVE-2021-46955
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60 Read of size 1 at addr ffff888112fc713c by task handler2/1367 CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+40... • https://git.kernel.org/stable/c/119bbaa6795a4f4aed46994cc7d9ab01989c87e3 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46954 – net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
https://notcve.org/view.php?id=CVE-2021-46954
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets when 'act_mirred' tries to fragment IPv4 packets that had been previously re-assembled using 'act_ct', splats like the following can be observed on kernels built with KASAN: BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60 Read of size 1 at addr ffff888147009574 by task ping/947 CPU: 0 PID: 947 Comm: ping Not tainted 5.12.0-rc6+ #418 Hardware name: Red Hat... • https://git.kernel.org/stable/c/c129412f74e99b609f0a8e95fc3915af1fd40f34 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-46953 – ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
https://notcve.org/view.php?id=CVE-2021-46953
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks whether the mapping of the interrupt actially succeeded. Even more, should the firmware report an illegal interrupt number that overlaps with the GIC SGI range, this can result in an IPI being unmapped, and subsequent... • https://git.kernel.org/stable/c/ca9ae5ec4ef0ed13833b03297ab319676965492c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46952 – NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
https://notcve.org/view.php?id=CVE-2021-46952
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused by a garbage timeout (retrans) mount option being passed to nfs mount, in this case from syzkaller. If the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift value for a 64-bit long integer, so 'retrans' cannot be >= 64. If it is >= 64, fail the mount and return an error. En el kernel de Linux, se ha ... • https://git.kernel.org/stable/c/9954bf92c0cddd50a2a470be302e1c1ffdf21d42 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46951 – tpm: efi: Use local variable for calculating final log size
https://notcve.org/view.php?id=CVE-2021-46951
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tpm_final_log_size will at some point become a negative number due to the subtraction of final_events_preboot_size occurring each time. Use a local variable to avoid this integer underflow. The following issue is now resolved: Mar 8 15:... • https://git.kernel.org/stable/c/166a2809d65b282272c474835ec22c882a39ca1b • CWE-191: Integer Underflow (Wrap or Wraparound) •