CVE-2020-36782 – i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36782
In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in lpi2c_imx_master_enable. However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: imx-lpi2c: corrige la fuga de referencia cuando falla pm_runtime_get_sync No se espera que el recuento de referencias de PM aumente al regresar en lpi2c_imx_master_enable. Sin embargo, pm_runtime_get_sync incrementará el recuento de referencias de PM incluso si falla. Olvidarse de poner en funcionamiento resultará en una fuga de referencia aquí. • https://git.kernel.org/stable/c/13d6eb20fc79a1e606307256dad4098375539a09 https://git.kernel.org/stable/c/815859cb1d2302e74f11bf6894bceace9ca9eb4a https://git.kernel.org/stable/c/cc49d206414240483bb93ffa3d80243e6a776916 https://git.kernel.org/stable/c/bb300acc867e937edc2a6898e92b21f88e4e4e66 https://git.kernel.org/stable/c/b100650d80cd2292f6c152f5f2943b5944b3e8ce https://git.kernel.org/stable/c/278e5bbdb9a94fa063c0f9bcde2479d0b8042462 •
CVE-2020-36780 – i2c: sprd: fix reference leak when pm_runtime_get_sync fails
https://notcve.org/view.php?id=CVE-2020-36780
In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM reference count even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: sprd: corrige la fuga de referencia cuando falla pm_runtime_get_sync No se espera que el recuento de referencias de PM aumente al regresar en sprd_i2c_master_xfer() y sprd_i2c_remove(). Sin embargo, pm_runtime_get_sync incrementará el recuento de referencias de PM incluso si falla. Olvidarse de poner en funcionamiento resultará en una fuga de referencia aquí. • https://git.kernel.org/stable/c/8b9ec0719834fe66146d138d62ed66cef025c864 https://git.kernel.org/stable/c/7e1764312440c5df9dfe6b436035a03673b0c1b9 https://git.kernel.org/stable/c/e547640cee7981fd751d2c9cde3a61bdb678b755 https://git.kernel.org/stable/c/9223505e938ba3db5907e058f4209770cff2f2a7 https://git.kernel.org/stable/c/d3406ab52097328a3bc4cbe124bfd8f6d51fb86f https://git.kernel.org/stable/c/3a4f326463117cee3adcb72999ca34a9aaafda93 •
CVE-2021-46974 – bpf: Fix masking negation logic upon negative dst register
https://notcve.org/view.php?id=CVE-2021-46974
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inversion yields a correct result. The single non-AX mov in between is possible given constant blinding is retaining it as it's not an immediate based operation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: corrige la lógica de negación de enmascaramiento en el registro dst negativo. La lógica de negación para el caso en el que off_reg se encuentra en el registro dst no es correcta, dado que entonces no podemos simplemente invertir la adición a un sub o viceversa. • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b https://git.kernel.org/stable/c/f92a819b4cbef8c9527d9797110544b2055a4b96 https://git.kernel.org/stable/c/979d63d50c0c0f7bc537bf821e056cc9fe5abd38 https://git.kernel.org/stable/c/078da99d449f64ca04d459cdbdcce513b64173cd https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848 https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d055 •
CVE-2021-46966 – ACPI: custom_method: fix potential use-after-free issue
https://notcve.org/view.php?id=CVE-2021-46966
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: custom_method: soluciona un posible problema de use-after-free En cm_write(), buf siempre se libera al llegar al final de la función. Si el recuento solicitado es menor que table.length, el búfer asignado se liberará, pero las llamadas posteriores a cm_write() seguirán intentando acceder a él. Elimine el kfree(buf) incondicional al final de la función y establezca el buf en NULL en la ruta de error -EINVAL para que coincida con el resto de la función. • https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 https://git.kernel.org/stable/c/5c12dadcbef8cd55ef1f5dac799bfcbb7ea7db1d https://git.kernel.org/stable/c/35b88a10535edcf62d3e6b7893a8cd506ff98a24 https://git.kernel.org/stable/c/e4467fb6ef547aa352dc03397f9474ec84eced5b https://git.kernel.org/stable/c/03d1571d9513369c17e6848476763ebbd10ec2cb https://git.kernel.org/stable/c/70424999fbf1f160ade111cb9baab51776e0f9c2 https://git.kernel.org/stable/c/06cd4a06eb596a888239fb8ceb6ea15677cab396 https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3 •
CVE-2021-46960 – cifs: Return correct error code from smb2_get_enc_key
https://notcve.org/view.php?id=CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947] ------------[ cut here ]------------ [440700.386948] err = 1 [440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu ... [440700.397334] Call Trace: [440700.397346] __filemap_set_wb_err+0x1a/0x70 [440700.397419] cifs_writepages+0x9c7/0xb30 [cifs] [440700.397426] do_writepages+0x4b/0xe0 [440700.397444] __filemap_fdatawrite_range+0xcb/0x100 [440700.397455] filemap_write_and_wait+0x42/0xa0 [440700.397486] cifs_setattr+0x68b/0xf30 [cifs] [440700.397493] notify_change+0x358/0x4a0 [440700.397500] utimes_common+0xe9/0x1c0 [440700.397510] do_utimes+0xc5/0x150 [440700.397520] __x64_sys_utimensat+0x88/0xd0 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: devuelve el código de error correcto de smb2_get_enc_key Evite una advertencia si el error se repite: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: no se pudo obtener la clave de cifrado [440700.386947] ------------[ cortar aquí ]------------ [440700.386948] err = 1 [440700.386977] ADVERTENCIA: CPU: 11 PID: 2733 en / build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm: tar Contaminado: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu... [440700.397334] Seguimiento de llamadas: [440700.397346] __filemap_set_wb_err+0x1a/0x70 [440700.397419] cifs_writepages+0x9c7/0xb30 [cifs ] [440700.397426] do_writepages+0x4b /0xe0 [440700.397444] __filemap_fdatawrite_range+0xcb/0x100 [440700.397455] filemap_write_and_wait+0x42/0xa0 [440700.397486] cifs_setattr+0x68b/0xf30 [cifs] [440700.39749 3] notify_change+0x358/0x4a0 [440700.397500] utimes_common+0xe9/0x1c0 [440700.397510] do_utimes+ 0xc5/0x150 [440700.397520] __x64_sys_utimensat+0x88/0xd0 • https://git.kernel.org/stable/c/61cfac6f267dabcf2740a7ec8a0295833b28b5f5 https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20 https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54 https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0 https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468 •