CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47028 – mt76: mt7915: fix txrate reporting
https://notcve.org/view.php?id=CVE-2021-47028
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace: [ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211] [ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211] [ 1215.175624] ieee80211_tx_status_ext+0x508/0x838 [mac80211] [ 1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e] [ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e] [ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e] [ 1215.196582] mt76_dma_cleanup+0x7b0/0x11d0 [mt76] [ 1215.201276] __napi_poll+0x38/0xf8 [ 1215.204668] napi_workfn+0x40/0x80 [ 1215.208062] process_one_work+0x1fc/0x390 [ 1215.212062] worker_thread+0x48/0x4d0 [ 1215.215715] kthread+0x120/0x128 [ 1215.218935] ret_from_fork+0x10/0x1c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7915: corrige informes txrate Verifique correctamente rate_info para corregir informes inesperados. [ 1215.161863] Rastreo de llamadas: [ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211] [ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211] [ 1215.17562 4] ieee80211_tx_status_ext+0x508/0x838 [mac80211] [1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e] [ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e] [ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e] [ 1215.196582] mt76_dma_cleanup+0x7b 0/0x11d0 [mt76] [ 1215.201276] __napi_poll+0x38/0xf8 [ 1215.204668] napi_workfn+0x40/0x80 [ 1215.208062] proceso_one_work+0x1fc/0x390 [ 1215.212062] hilo_trabajador+0x48/0x4d0 [ 1215.215715] kthread+0x120/0x128 [ 1215.218935] ret_from_fork+0x10/0x1c • https://git.kernel.org/stable/c/e57b7901469fc0b021930b83a8094baaf3d81b09 https://git.kernel.org/stable/c/dfc8a71448c7d4fec38fb22bdc8a76d79c14b6da https://git.kernel.org/stable/c/4bd926e5ca88eac4d95eacb806b229f8729bc62e https://git.kernel.org/stable/c/f43b941fd61003659a3f0e039595e5e525917aa8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47026 – RDMA/rtrs-clt: destroy sysfs after removing session from active list
https://notcve.org/view.php?id=CVE-2021-47026
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" that eventually calls rtrs_clt_remove_path_from_sysfs function. The current rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and frees sess->stats object. Second it removes the session from the active list. Therefore some functions could access non-connected session and access the freed sess->stats object even-if they check the session status before accessing the session. For instance rtrs_clt_request and get_next_path_min_inflight check the session status and try to send IO to the session. The session status could be changed when they are trying to send IO but they could not catch the change and update the statistics information in sess->stats object, and generate use-after-free problem. (see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats") This patch changes the rtrs_clt_remove_path_from_sysfs to remove the session from the active session list and then destroy the sysfs interfaces. Each function still should check the session status because closing or error recovery paths can change the status. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs-clt: destruye sysfs después de eliminar la sesión de la lista activa Una sesión se puede eliminar dinámicamente mediante la interfaz sysfs "remove_path" que eventualmente llama a la función rtrs_clt_remove_path_from_sysfs. • https://git.kernel.org/stable/c/6a98d71daea186247005099758af549e6afdd244 https://git.kernel.org/stable/c/b64415c6b3476cf9fa4d0aea3807065b8403a937 https://git.kernel.org/stable/c/676171f9405dcaa45a33d18241c32f387dbaae39 https://git.kernel.org/stable/c/d3cca8067d43dfee4a3535c645b55f618708dccb https://git.kernel.org/stable/c/7f4a8592ff29f19c5a2ca549d0973821319afaad •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47024 – vsock/virtio: free queued packets when closing socket
https://notcve.org/view.php?id=CVE-2021-47024
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9 En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: vsock/virtio: paquetes libres en cola al cerrar el socket Según lo informado por syzbot [1], hay una pérdida de memoria al cerrar el socket. Resolvimos parcialmente este problema con el compromiso ac03046ece2b ("vsock/virtio: paquetes libres durante el lanzamiento del socket"), pero nos olvidamos de vaciar la cola RX cuando el trabajo programado cierra definitivamente el socket. Para evitar problemas futuros, usemos el nuevo virtio_transport_remove_sock() para drenar la cola RX antes de eliminar el socket de las listas af_vsock llamando a vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug? • https://git.kernel.org/stable/c/ac03046ece2b158ebd204dfc4896fd9f39f0e6c8 https://git.kernel.org/stable/c/4ea082cd3c400cd5bb36a7beb7e441bf3e29350d https://git.kernel.org/stable/c/4e539fa2dec4db3405e47002f2878aa4a99eb68b https://git.kernel.org/stable/c/4af8a327aeba102aaa9b78f3451f725bc590b237 https://git.kernel.org/stable/c/51adb8ebe8c1d80528fc2ea863cfea9d32d2c52b https://git.kernel.org/stable/c/7d29c9ad0ed525c1b10e29cfca4fb1eece1e93fb https://git.kernel.org/stable/c/b605673b523fe33abeafb2136759bcbc9c1e6ebf https://git.kernel.org/stable/c/27691665145e74a45034a9dccf1150cf1 •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47018 – powerpc/64: Fix the definition of the fixmap area
https://notcve.org/view.php?id=CVE-2021-47018
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space. Because of circular dependencies, it is not possible to include asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size AREA at the top of the I/O space for fixmap and ensure during build that the size is big enough. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/64: corrige la definición del área de fixmap Por el momento, el área de fixmap está definida en la parte superior del espacio de direcciones o justo debajo de KASAN. Esta definición no es válida para PPC64. Para PPC64, utilice la parte superior del espacio de E/S. Debido a dependencias circulares, no es posible incluir asm/fixmap.h en asm/book3s/64/pgtable.h, así que defina un ÁREA de tamaño fijo en la parte superior del espacio de E/S para fixmap y asegúrese durante la compilación de que el El tamaño es lo suficientemente grande. • https://git.kernel.org/stable/c/265c3491c4bc8d40587996d6ee2f447a7ccfb4f3 https://git.kernel.org/stable/c/4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd https://git.kernel.org/stable/c/abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f https://git.kernel.org/stable/c/a84df7c80bdac598d6ac9268ae578da6928883e8 https://git.kernel.org/stable/c/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c https://access.redhat.com/security/cve/CVE-2021-47018 https://bugzilla.redhat.com/show_bug.cgi?id=2266594 • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47017 – ath10k: Fix a use after free in ath10k_htc_send_bundle
https://notcve.org/view.php?id=CVE-2021-47017
In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len. As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to skb_len after the bundle_skb was freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath10k: corrige un use after free en ath10k_htc_send_bundle En ath10k_htc_send_bundle, el paquete_skb podría ser liberado por dev_kfree_skb_any(bundle_skb). Pero el paquete_skb lo utiliza más tarde el paquete_skb->len. Como skb_len = bundle_skb->len, mi parche reemplaza bundle_skb->len por skb_len después de que se liberó el paquete_skb. • https://git.kernel.org/stable/c/c8334512f3dd1b94844baca629f9bedca4271593 https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65 https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676 https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 •