CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47152 – mptcp: fix data stream corruption
https://notcve.org/view.php?id=CVE-2021-47152
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to 'mptcp_frag_can_collapse_to()' assuming that only MPTCP will use the given page_frag. If others - e.g. the plain TCP protocol - allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: - added missing fixes tag (Mat) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mptcp: corrige la corrupción del flujo de datos Maxim informó varios problemas al forzar a un proxy transparente TCP a utilizar el protocolo MPTCP para las conexiones entrantes. También proporcionó un reproductor limpio. El problema se reduce a 'mptcp_frag_can_collapse_to()' suponiendo que sólo MPTCP utilizará el page_frag dado. Si otros (por ejemplo, el protocolo TCP simple) asignan fragmentos de página, podemos terminar reutilizando la memoria ya asignada para mptcp_data_frag. • https://git.kernel.org/stable/c/18b683bff89d46ace55f12d00c0440d44d6160c4 https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34 https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8 https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47151 – interconnect: qcom: bcm-voter: add a missing of_node_put()
https://notcve.org/view.php?id=CVE-2021-47151
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexión: qcom: bcm-voter: agregar un of_node_put() faltante. Agregue un of_node_put() faltante en of_bcm_voter_get() para evitar la fuga de referencia. • https://git.kernel.org/stable/c/976daac4a1c581e5d5fd64047519fd6fcde39738 https://git.kernel.org/stable/c/4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae https://git.kernel.org/stable/c/93d1dbe7043b3c9492bdf396b2e98a008435b55b https://git.kernel.org/stable/c/a00593737f8bac2c9e97b696e7ff84a4446653e8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47150 – net: fec: fix the potential memory leak in fec_enet_init()
https://notcve.org/view.php?id=CVE-2021-47150
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: soluciona la posible pérdida de memoria en fec_enet_init() Si la memoria asignada para cbd_base falla, debería liberar la memoria asignada para las colas; de lo contrario, provoca una pérdida de memoria. Y si falla la memoria asignada para las colas, puede devolver un error directamente. • https://git.kernel.org/stable/c/59d0f746564495c7f54526674deabfcf101236a1 https://git.kernel.org/stable/c/15102886bc8f5f29daaadf2d925591d564c17e9f https://git.kernel.org/stable/c/20255d41ac560397b6a07d8d87dcc5e2efc7672a https://git.kernel.org/stable/c/8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd https://git.kernel.org/stable/c/32a1777fd113335c3f70dc445dffee0ad1c6870f https://git.kernel.org/stable/c/619fee9eb13b5d29e4267cb394645608088c28a8 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47149 – net: fujitsu: fix potential null-ptr-deref
https://notcve.org/view.php?id=CVE-2021-47149
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fujitsu: corrige el potencial null-ptr-deref En fmvj18x_get_hwinfo(), si ioremap falla, habrá un puntero NULL deref. Para solucionar este problema, verifique el valor de retorno de ioremap y devuelva -1 a la persona que llama en caso de falla. • https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6 https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7 https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251 https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50 https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6 https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47146 – mld: fix panic in mld_newpack()
https://notcve.org/view.php?id=CVE-2021-47146
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? • https://git.kernel.org/stable/c/72e09ad107e78d69ff4d3b97a69f0aad2b77280f https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1 https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17 https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0 https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5 https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23 https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f744 •