CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47144 – drm/amd/amdgpu: fix refcount leak
https://notcve.org/view.php?id=CVE-2021-47144
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/amdgpu: corrige la fuga de refcount [Por qué] el objeto gema rfb->base.obj[0] se obtiene según num_planes en amdgpufb_create, per... • https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47143 – net/smc: remove device from smcd_dev_list after failed device_add()
https://notcve.org/view.php?id=CVE-2021-47143
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/smc: eliminar dispositivo de smcd_dev_list después de fallar devic... • https://git.kernel.org/stable/c/c6ba7c9ba43de1b57e9a53946e7ff988554c84ed •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47142 – drm/amdgpu: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2021-47142
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_des... • https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47141 – gve: Add NULL pointer checks when freeing irqs.
https://notcve.org/view.php?id=CVE-2021-47141
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gve: agrega comprobaciones de puntero NULL al liberar irqs. Al liberar bloques de notificaciones, indexamos priv->ms... • https://git.kernel.org/stable/c/893ce44df56580fb878ca5af9c4a5fd87567da50 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47140 – iommu/amd: Clear DMA ops when switching domain
https://notcve.org/view.php?id=CVE-2021-47140
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops: # ec... • https://git.kernel.org/stable/c/08a27c1c3ecf5e1da193ce5f8fc97c3be16e75f0 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47139 – net: hns3: put off calling register_netdev() until client initialize complete
https://notcve.org/view.php?id=CVE-2021-47139
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.4... • https://git.kernel.org/stable/c/08a100689d4baf296d6898c687ea8d005da8d234 •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47138 – cxgb4: avoid accessing registers when clearing filters
https://notcve.org/view.php?id=CVE-2021-47138
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxgb4: evita acceder a los regi... • https://git.kernel.org/stable/c/b1a79360ee862f8ada4798ad2346fa45bb41b527 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47137 – net: lantiq: fix memory corruption in RX ring
https://notcve.org/view.php?id=CVE-2021-47137
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: lantiq: corrige la corrupción de la... • https://git.kernel.org/stable/c/fe1a56420cf2ec28c8eceef672b87de0bbe1a260 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47136 – net: zero-initialize tc skb extension on allocation
https://notcve.org/view.php?id=CVE-2021-47136
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fie... • https://git.kernel.org/stable/c/038ebb1a713d114d54dbf14868a73181c0c92758 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26643 – netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
https://notcve.org/view.php?id=CVE-2024-26643
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp ... • https://git.kernel.org/stable/c/bbdb3b65aa91aa0a32b212f27780b28987f2d94f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •