CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47096 – ALSA: rawmidi - fix the uninitalized user_pversion
https://notcve.org/view.php?id=CVE-2021-47096
In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the open function, because the file private structure use kmalloc for the allocation. The kernel ALSA sequencer code clears the file structure, so no additional fixes are required. BugLink: https://github.com/alsa-project/alsa-lib/issues/178 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ALSA: rawmidi: corrige la user_pversion no inicializada. La user_pversion no se inicializó para la estructura de archivos del espacio de usuario en la función abierta, porque la estructura privada del archivo usa kmalloc para la asignación. El código del secuenciador ALSA del kernel borra la estructura del archivo, por lo que no se requieren correcciones adicionales. Enlace de error: https://github.com/alsa-project/alsa-lib/issues/178 • https://git.kernel.org/stable/c/09d23174402da0f10e98da2c61bb5ac8e7d79fdd https://git.kernel.org/stable/c/12d50801497235956fb3760be8530f4e44e4ce67 https://git.kernel.org/stable/c/b398fcbe4de1e1100867fdb6f447c6fbc8fe7085 https://git.kernel.org/stable/c/39a8fc4971a00d22536aeb7d446ee4a97810611b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47095 – ipmi: ssif: initialize ssif_info->client early
https://notcve.org/view.php?id=CVE-2021-47095
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssif_info->client early During probe ssif_info->client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error path is taken: [ 30.645593][ T674] ipmi_ssif 0-000e: ipmi_ssif: Not probing, Interface already present [ 30.657616][ T674] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088 ... [ 30.657723][ T674] pc : __dev_printk+0x28/0xa0 [ 30.657732][ T674] lr : _dev_err+0x7c/0xa0 ... [ 30.657772][ T674] Call trace: [ 30.657775][ T674] __dev_printk+0x28/0xa0 [ 30.657778][ T674] _dev_err+0x7c/0xa0 [ 30.657781][ T674] ssif_probe+0x548/0x900 [ipmi_ssif 62ce4b08badc1458fd896206d9ef69a3c31f3d3e] [ 30.657791][ T674] i2c_device_probe+0x37c/0x3c0 ... Initialize ssif_info->client before any error path can be taken. Clear i2c_client data in the error path to prevent the dangling pointer from leaking. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipmi: ssif: inicializa ssif_info->client temprano Durante la sonda, ssif_info->client se desreferencia en la ruta de error. • https://git.kernel.org/stable/c/c4436c9149c5d2bc0c49ab57ec85c75ea1c4d61c https://git.kernel.org/stable/c/8efd6a3391f7b0b19fb0c38e50add06ca30c94af https://git.kernel.org/stable/c/1f6ab847461ce7dd89ae9db2dd4658c993355d7c https://git.kernel.org/stable/c/77a7311ca167aa5b7055c549a940a56e73ee5f29 https://git.kernel.org/stable/c/34f35f8f14bc406efc06ee4ff73202c6fd245d15 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47094 – KVM: x86/mmu: Don't advance iterator after restart due to yielding
https://notcve.org/view.php?id=CVE-2021-47094
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator during tdp_iter_next() and do not advance the iterator. Advancing the iterator results in skipping the top-level SPTE and all its children, which is fatal if any of the skipped SPTEs were not visited before yielding. When zapping all SPTEs, i.e. when min_level == root_level, restarting the iter and then invoking tdp_iter_next() is always fatal if the current gfn has as a valid SPTE, as advancing the iterator results in try_step_side() skipping the current gfn, which wasn't visited before yielding. Sprinkle WARNs on iter->yielded being true in various helpers that are often used in conjunction with yielding, and tag the helper with __must_check to reduce the probabily of improper usage. Failing to zap a top-level SPTE manifests in one of two ways. If a valid SPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(), the shadow page will be leaked and KVM will WARN accordingly. WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm] RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm] Call Trace: <TASK> kvm_arch_destroy_vm+0x130/0x1b0 [kvm] kvm_destroy_vm+0x162/0x2a0 [kvm] kvm_vcpu_release+0x34/0x60 [kvm] __fput+0x82/0x240 task_work_run+0x5c/0x90 do_exit+0x364/0xa10 ? futex_unqueue+0x38/0x60 do_group_exit+0x33/0xa0 get_signal+0x155/0x850 arch_do_signal_or_restart+0xed/0x750 exit_to_user_mode_prepare+0xc5/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae If kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped by kvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form of marking a struct page as dirty/accessed after it has been put back on the free list. This directly triggers a WARN due to encountering a page with page_count() == 0, but it can also lead to data corruption and additional errors in the kernel. WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../.. • https://git.kernel.org/stable/c/faaf05b00aecdb347ffd1d763d024394ec0329f8 https://git.kernel.org/stable/c/3c7a18440638b1c5a4645e2de1670cee32df7307 https://git.kernel.org/stable/c/d884eefd75cc54887bc2e9e724207443525dfb2c https://git.kernel.org/stable/c/3a0f64de479cae75effb630a2e0a237ca0d0623c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47093 – platform/x86: intel_pmc_core: fix memleak on registration failure
https://notcve.org/view.php?id=CVE-2021-47093
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel_pmc_core: fix memleak on registration failure In case device registration fails during module initialisation, the platform device structure needs to be freed using platform_device_put() to properly free all resources (e.g. the device name). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: intel_pmc_core: corrige memleak en falla de registro En caso de que el registro del dispositivo falle durante la inicialización del módulo, la estructura del dispositivo de la plataforma debe liberarse usando platform_device_put() para liberar adecuadamente todos los recursos ( por ejemplo, el nombre del dispositivo). • https://git.kernel.org/stable/c/938835aa903ae19ad62805134f79bbcf20fc3bea https://git.kernel.org/stable/c/7a37f2e370699e2feca3dca6c8178c71ceee7e8a https://git.kernel.org/stable/c/9ca1324755f1f8629a370af5cc315b175331f5d1 https://git.kernel.org/stable/c/26a8b09437804fabfb1db080d676b96c0de68e7c •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47092 – KVM: VMX: Always clear vmx->fail on emulation_required
https://notcve.org/view.php?id=CVE-2021-47092
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx->fail on emulation_required Revert a relatively recent change that set vmx->fail if the vCPU is in L2 and emulation_required is true, as that behavior is completely bogus. Setting vmx->fail and synthesizing a VM-Exit is contradictory and wrong: (a) it's impossible to have both a VM-Fail and VM-Exit (b) vmcs.EXIT_REASON is not modified on VM-Fail (c) emulation_required refers to guest state and guest state checks are always VM-Exits, not VM-Fails. For KVM specifically, emulation_required is handled before nested exits in __vmx_handle_exit(), thus setting vmx->fail has no immediate effect, i.e. KVM calls into handle_invalid_guest_state() and vmx->fail is ignored. Setting vmx->fail can ultimately result in a WARN in nested_vmx_vmexit() firing when tearing down the VM as KVM never expects vmx->fail to be set when L2 is active, KVM always reflects those errors into L1. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 21158 at arch/x86/kvm/vmx/nested.c:4548 nested_vmx_vmexit+0x16bd/0x17e0 arch/x86/kvm/vmx/nested.c:4547 Modules linked in: CPU: 0 PID: 21158 Comm: syz-executor.1 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:nested_vmx_vmexit+0x16bd/0x17e0 arch/x86/kvm/vmx/nested.c:4547 Code: <0f> 0b e9 2e f8 ff ff e8 57 b3 5d 00 0f 0b e9 00 f1 ff ff 89 e9 80 Call Trace: vmx_leave_nested arch/x86/kvm/vmx/nested.c:6220 [inline] nested_vmx_free_vcpu+0x83/0xc0 arch/x86/kvm/vmx/nested.c:330 vmx_free_vcpu+0x11f/0x2a0 arch/x86/kvm/vmx/vmx.c:6799 kvm_arch_vcpu_destroy+0x6b/0x240 arch/x86/kvm/x86.c:10989 kvm_vcpu_destroy+0x29/0x90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:441 kvm_free_vcpus arch/x86/kvm/x86.c:11426 [inline] kvm_arch_destroy_vm+0x3ef/0x6b0 arch/x86/kvm/x86.c:11545 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1189 [inline] kvm_put_kvm+0x751/0xe40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1220 kvm_vcpu_release+0x53/0x60 arch/x86/kvm/../../.. • https://git.kernel.org/stable/c/c8607e4a086fae05efe5bffb47c5199c65e7216e https://git.kernel.org/stable/c/e4e4e7cb229821cd215031abc47efdab5486a67c https://git.kernel.org/stable/c/a80dfc025924024d2c61a4c1b8ef62b2fce76a04 •