CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46974 – bpf: Fix masking negation logic upon negative dst register
https://notcve.org/view.php?id=CVE-2021-46974
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inve... • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46973 – net: qrtr: Avoid potential use after free in MHI send
https://notcve.org/view.php?id=CVE-2021-46973
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb. As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop it... • https://git.kernel.org/stable/c/6e728f321393b1fce9e1c2c3e55f9f7c15991321 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46972 – ovl: fix leaked dentry
https://notcve.org/view.php?id=CVE-2021-46972
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()"), overlayfs doesn't put temporary dentry when there is a metacopy error, which leads to dentry leaks when shutting down the related superblock: overlayfs: refusing to follow metacopy origin for (/file0) ... BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay] ... WARNING: CPU: 1 PID: 432 at umount_check... • https://git.kernel.org/stable/c/6815f479ca90ee7fd2e28b2a420f796b974155fe • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46971 – perf/core: Fix unconditional security_locked_down() call
https://notcve.org/view.php?id=CVE-2021-46971
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERF_SAMPLE_REGS_INTR bit is set in attr.sample_type. While that doesn't matter in case of the Lockdown LSM, it causes trouble with the SELinux's lockdown hook implementation. SELinux implements the locked_down hook with a check whether the current task's type has the corresponding "lo... • https://git.kernel.org/stable/c/b0c8fdc7fdb77586c3d1937050925b960743306e •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46970 – bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
https://notcve.org/view.php?id=CVE-2021-46970
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue A recent change created a dedicated workqueue for the state-change work with WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags, but the state-change work (mhi_pm_st_worker) does not guarantee forward progress under memory pressure, and will even wait on various memory allocations when e.g. creating devices, loading firmware, etc... The work is then not part... • https://git.kernel.org/stable/c/8f70397876872789b2a5deba804eb6216fb5deb7 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46969 – bus: mhi: core: Fix invalid error returning in mhi_queue
https://notcve.org/view.php?id=CVE-2021-46969
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhi_queue mhi_queue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up prior ringing the DB. This case is managed earlier by triggering an asynchronous M3 exit via controller resume/suspend callbacks, that in turn will cause M0 transition and DB update. So, since it's not an error but j... • https://git.kernel.org/stable/c/a8f75cb348fd52e7a5cf25991cdf9c89fb0cfd41 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46968 – s390/zcrypt: fix zcard and zqueue hot-unplug memleak
https://notcve.org/view.php?id=CVE-2021-46968
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix zcard and zqueue hot-unplug memleak Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter. This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or qu... • https://git.kernel.org/stable/c/29c2680fd2bf3862ff5cf2957f198512493156f9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46967 – vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
https://notcve.org/view.php?id=CVE-2021-46967
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don't provide the necessary vma->flags like VM_PFNMAP. This may cause several issues e.g when userspace tries to map the doorbell via vhost IOTLB, kernel may panic due to the page is not backed by page structure. This patch fixes this by setting the necessary vm_flags. With this patch, try to map doorbell via IOTLB wil... • https://git.kernel.org/stable/c/ddd89d0a059d8e9740c75a97e0efe9bf07ee51f9 •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2021-46966 – ACPI: custom_method: fix potential use-after-free issue
https://notcve.org/view.php?id=CVE-2021-46966
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function. En el kernel de Linux... • https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46965 – mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
https://notcve.org/view.php?id=CVE-2021-46965
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: physmap: physmap-bt1-rom: Fix unintentional stack access Cast &data to (char *) in order to avoid unintentionally accessing the stack. Notice that data is of type u32, so any increment to &data will be in the order of 4-byte chunks, and this piece of code is actually intended to be a byte offset. Addresses-Coverity-ID: 1497765 ("Out-of-bounds access") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: physmap: phys... • https://git.kernel.org/stable/c/b3e79e7682e075326df8041b826b03453acacd0a •