CVE-2021-46974 – bpf: Fix masking negation logic upon negative dst register
https://notcve.org/view.php?id=CVE-2021-46974
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix, perform the final bitwise and-op unconditionally into AX from the off_reg, then move the pointer from the src to dst and finally use AX as the source for the original pointer arithmetic operation such that the inversion yields a correct result. The single non-AX mov in between is possible given constant blinding is retaining it as it's not an immediate based operation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: corrige la lógica de negación de enmascaramiento en el registro dst negativo. La lógica de negación para el caso en el que off_reg se encuentra en el registro dst no es correcta, dado que entonces no podemos simplemente invertir la adición a un sub o viceversa. • https://git.kernel.org/stable/c/ae03b6b1c880a03d4771257336dc3bca156dd51b https://git.kernel.org/stable/c/f92a819b4cbef8c9527d9797110544b2055a4b96 https://git.kernel.org/stable/c/979d63d50c0c0f7bc537bf821e056cc9fe5abd38 https://git.kernel.org/stable/c/078da99d449f64ca04d459cdbdcce513b64173cd https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848 https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d055 •
CVE-2021-46966 – ACPI: custom_method: fix potential use-after-free issue
https://notcve.org/view.php?id=CVE-2021-46966
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: custom_method: soluciona un posible problema de use-after-free En cm_write(), buf siempre se libera al llegar al final de la función. Si el recuento solicitado es menor que table.length, el búfer asignado se liberará, pero las llamadas posteriores a cm_write() seguirán intentando acceder a él. Elimine el kfree(buf) incondicional al final de la función y establezca el buf en NULL en la ruta de error -EINVAL para que coincida con el resto de la función. • https://git.kernel.org/stable/c/4bda2b79a9d04c8ba31681c66e95877dbb433416 https://git.kernel.org/stable/c/5c12dadcbef8cd55ef1f5dac799bfcbb7ea7db1d https://git.kernel.org/stable/c/35b88a10535edcf62d3e6b7893a8cd506ff98a24 https://git.kernel.org/stable/c/e4467fb6ef547aa352dc03397f9474ec84eced5b https://git.kernel.org/stable/c/03d1571d9513369c17e6848476763ebbd10ec2cb https://git.kernel.org/stable/c/70424999fbf1f160ade111cb9baab51776e0f9c2 https://git.kernel.org/stable/c/06cd4a06eb596a888239fb8ceb6ea15677cab396 https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3 •
CVE-2021-46963 – scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
https://notcve.org/view.php?id=CVE-2021-46963
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Soluciona falla en qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Rastreo de llamadas: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_ directamente+0x128 /0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Se corrigió la llamada incorrecta para liberar srb en qla2xxx_mqueuecommand(), ya que srb ahora está asignado por capas superiores. Esto corrige la advertencia de srb gratuito no deseado. • https://git.kernel.org/stable/c/64a8c5018a4b21b04a756a56c495ef47c14e92d9 https://git.kernel.org/stable/c/dea6ee7173039d489977c9ed92e3749154615db4 https://git.kernel.org/stable/c/af2a0c51b1205327f55a7e82e530403ae1d42cbb https://git.kernel.org/stable/c/4a1cc2f71bc57cf8dee6f58e7d2355a43aabb312 https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538 https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49 •
CVE-2021-46962 – mmc: uniphier-sd: Fix a resource leak in the remove function
https://notcve.org/view.php?id=CVE-2021-46962
In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in order to balance a 'tmio_mmc_host_alloc()' call in the probe. This is done in the error handling path of the probe, but not in the remove function. Add the missing call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: uniphier-sd: corrige una fuga de recursos en la función de eliminación Falta una llamada 'tmio_mmc_host_free()' en la función de eliminación, para equilibrar un 'tmio_mmc_host_alloc()' llamar a la sonda. Esto se hace en la ruta de manejo de errores de la sonda, pero no en la función de eliminación. Agrega la llamada faltante. • https://git.kernel.org/stable/c/3fd784f745dd1747863775a99ec749619ee6759c https://git.kernel.org/stable/c/0d8941b9b2d3e7b3481fdf43b1a6189d162175b7 https://git.kernel.org/stable/c/25ac6ce65f1ab458982d15ec1caf441acd37106a https://git.kernel.org/stable/c/ebe0f12cf4c044f812c6d17011531582f9ac8bb3 https://git.kernel.org/stable/c/d6e7fda496978f2763413b5523557b38dc2bf6c2 https://git.kernel.org/stable/c/e29c84857e2d51aa017ce04284b962742fb97d9e •
CVE-2021-46960 – cifs: Return correct error code from smb2_get_enc_key
https://notcve.org/view.php?id=CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947] ------------[ cut here ]------------ [440700.386948] err = 1 [440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu ... [440700.397334] Call Trace: [440700.397346] __filemap_set_wb_err+0x1a/0x70 [440700.397419] cifs_writepages+0x9c7/0xb30 [cifs] [440700.397426] do_writepages+0x4b/0xe0 [440700.397444] __filemap_fdatawrite_range+0xcb/0x100 [440700.397455] filemap_write_and_wait+0x42/0xa0 [440700.397486] cifs_setattr+0x68b/0xf30 [cifs] [440700.397493] notify_change+0x358/0x4a0 [440700.397500] utimes_common+0xe9/0x1c0 [440700.397510] do_utimes+0xc5/0x150 [440700.397520] __x64_sys_utimensat+0x88/0xd0 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: devuelve el código de error correcto de smb2_get_enc_key Evite una advertencia si el error se repite: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: no se pudo obtener la clave de cifrado [440700.386947] ------------[ cortar aquí ]------------ [440700.386948] err = 1 [440700.386977] ADVERTENCIA: CPU: 11 PID: 2733 en / build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70 ... [440700.397304] CPU: 11 PID: 2733 Comm: tar Contaminado: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu... [440700.397334] Seguimiento de llamadas: [440700.397346] __filemap_set_wb_err+0x1a/0x70 [440700.397419] cifs_writepages+0x9c7/0xb30 [cifs ] [440700.397426] do_writepages+0x4b /0xe0 [440700.397444] __filemap_fdatawrite_range+0xcb/0x100 [440700.397455] filemap_write_and_wait+0x42/0xa0 [440700.397486] cifs_setattr+0x68b/0xf30 [cifs] [440700.39749 3] notify_change+0x358/0x4a0 [440700.397500] utimes_common+0xe9/0x1c0 [440700.397510] do_utimes+ 0xc5/0x150 [440700.397520] __x64_sys_utimensat+0x88/0xd0 • https://git.kernel.org/stable/c/61cfac6f267dabcf2740a7ec8a0295833b28b5f5 https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20 https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54 https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0 https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468 •