CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47656 – jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
https://notcve.org/view.php?id=CVE-2021-47656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result, an error is returned in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then called in jffs2_build_filesystem() and then again in jffs2_do_fill_super(). Finally we can observe the following report: ==... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47654 – samples/landlock: Fix path_list memory leak
https://notcve.org/view.php?id=CVE-2021-47654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. • https://git.kernel.org/stable/c/20fbf100f84b9aeb9c91421abe1927bc152bc32b •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47652 – video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
https://notcve.org/view.php?id=CVE-2021-47652
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destro... • https://git.kernel.org/stable/c/3c8a63e22a0802fd56380f6ab305b419f18eb6f5 •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47646 – Revert "Revert "block, bfq: honor already-setup queue merges""
https://notcve.org/view.php?id=CVE-2021-47646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fi... • https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47645 – media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
https://notcve.org/view.php?id=CVE-2021-47645
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later. So let's fix the calcul and add a check to prevent this to reappear. • https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47644 – media: staging: media: zoran: move videodev alloc
https://notcve.org/view.php?id=CVE-2021-47644
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodev alloc Move some code out of zr36057_init() and create new functions for handling zr->video_dev. This permit to ease code reading and fix a zr->video_dev memory leak. • https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47642 – video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
https://notcve.org/view.php?id=CVE-2021-47642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. ... • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47641 – video: fbdev: cirrusfb: check pixclock to avoid divide by zero
https://notcve.org/view.php?id=CVE-2021-47641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU... • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47636 – ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
https://notcve.org/view.php?id=CVE-2021-47636
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds in following process: ubifs_wbuf_write_nolock(): aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096 if (aligned_len <= wbuf->avail) ... // Not satisfy if (wbuf->used) { ubifs_leb_write() // Fill some data in avail wbuf len -= wbuf->avail; // len is still not 8-bytes aligned aligned_len -= wbuf->avail;... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47635 – ubifs: Fix to add refcount once page is set private
https://notcve.org/view.php?id=CVE-2021-47635
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_private flag, we should increment the refcount in that page, also main flows like pageout(), migrate_page() will assume there is one additional page reference count if page_has_private() returns true. Otherwise, we may get a BUG in page migration: page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8 index:... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •