CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46934 – i2c: validate user data in compat ioctl
https://notcve.org/view.php?id=CVE-2021-46934
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: validar datos de usuario en compat ioctl Los datos de usuario incorrectos pueden causar advertencia en i2c_transfer... • https://git.kernel.org/stable/c/7d5cb45655f2e9e37ef75d18f50c0072ef14a38b • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46933 – usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
https://notcve.org/view.php?id=CVE-2021-46933
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function's USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.... • https://git.kernel.org/stable/c/5e33f6fdf735cda1d4580fe6f1878da05718fe73 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46932 – Input: appletouch - initialize work before device registration
https://notcve.org/view.php?id=CVE-2021-46932
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device En el kernel d... • https://git.kernel.org/stable/c/5a6eb676d3bc4d7a6feab200a92437b62ad298da • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46931 – net/mlx5e: Wrap the tx reporter dump callback to extract the sq
https://notcve.org/view.php?id=CVE-2021-46931
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually of type struct mlx5e_tx_timeout_ctx *. mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 215650... • https://git.kernel.org/stable/c/5f29458b77d51c104554575b73184c243930aa87 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46930 – usb: mtu3: fix list_head check warning
https://notcve.org/view.php?id=CVE-2021-46930
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report+0x14/0x20 __asan_load8+0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 ... • https://git.kernel.org/stable/c/83374e035b6286731c5aa617844c7b724294c2a7 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-46929 – sctp: use call_rcu to free endpoint
https://notcve.org/view.php?id=CVE-2021-46929
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20 Call Trace: __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_... • https://git.kernel.org/stable/c/d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46928 – parisc: Clear stale IIR value on instruction access rights trap
https://notcve.org/view.php?id=CVE-2021-46928
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 (Instruction access rights) occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this case it seems the CPU didn't even fetched the instruction from memory and thus did not store it in the cr19 (IIR) register before calling the trap handler. So, the trap handler will find some random old stale va... • https://git.kernel.org/stable/c/d01e9ce1af6116f812491d3d3873d204f10ae0b8 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46927 – nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
https://notcve.org/view.php?id=CVE-2021-46927
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert After commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked() annotations to find_vma*()"), the call to get_user_pages() will trigger the mmap assert. static inline void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [ 62.521410] kernel BUG at include/linux/mmap_lock.h:156... • https://git.kernel.org/stable/c/5b78ed24e8ec48602c1d6f5a188e58d000c81e2b • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46926 – ALSA: hda: intel-sdw-acpi: harden detection of controller
https://notcve.org/view.php?id=CVE-2021-46926
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found. En el kernel de Linux, se ha resuelto la s... • https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46925 – net/smc: fix kernel panic caused by race of smc_sock
https://notcve.org/view.php?id=CVE-2021-46925
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A crash occurs when smc_cdc_tx_handler() tries to access smc_sock but smc_release() has already freed it. [ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88 [ 4570.696048] #PF: supervisor write access in kernel mode [ 4570.696728] #PF: error_code(0x0002) - not-present page [ 4570.697401] PGD 0 P4D 0 [ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 4570.6982... • https://git.kernel.org/stable/c/5f08318f617b05b6ee389d8bd174c7af921ebf19 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •