CVE-2021-47316 – nfsd: fix NULL dereference in nfs3svc_encode_getaclres
https://notcve.org/view.php?id=CVE-2021-47316
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and d_really_is_positive(dentry), but that looks like overkill to me--zero status should be enough to guarantee a positive dentry. This isn't the first time we've seen an error-case NULL dereference hidden in the initialization of a local variable in an xdr encoder. But I went back through the other recent rewrites and didn't spot any similar bugs. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrige la desreferencia NULL en nfs3svc_encode_getaclres. En casos de error, la dentry puede ser NULL. Antes de 20798dfe249a, el codificador también verificaba dentry y d_really_is_positive(dentry), pero eso me parece excesivo: el estado cero debería ser suficiente para garantizar un dentry positivo. • https://git.kernel.org/stable/c/20798dfe249a01ad1b12eec7dbc572db5003244a https://git.kernel.org/stable/c/650e6f383a6eb40f7c0a010982a74ab4b6893870 https://git.kernel.org/stable/c/ab1016d39cc052064e32f25ad18ef8767a0ee3b8 https://git.kernel.org/stable/c/e79057d15d96ef19de4de6d7e479bae3d58a2a8d •
CVE-2021-47315 – memory: fsl_ifc: fix leak of IO mapping on probe failure
https://notcve.org/view.php?id=CVE-2021-47315
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la fuga de asignación de IO en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe desasignar la memoria de IO. Informes de coincidencias: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() advertencia: 'fsl_ifc_ctrl_dev->gregs' no publicado en las líneas: 298. • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 https://git.kernel.org/stable/c/b7a2bcb4a3731d68f938207f75ed3e1d41774510 https://git.kernel.org/stable/c/bd051b3e184fa56eeb6276ee913ba4d48069024b https://git.kernel.org/stable/c/d0d04b95e8ed0223844a1d58497c686fe2e4a955 https://git.kernel.org/stable/c/6b3b002de90738e3c85853a682ce7e0fa078d42b https://git.kernel.org/stable/c/94bc2fe46102d1e060fc749c0c19511e76c9995f https://git.kernel.org/stable/c/d9213d4f372d30b5bc4d921795d6bed0c0e3eebf https://git.kernel.org/stable/c/8d071d270afba468708faca5f7b6d9e65 •
CVE-2021-47314 – memory: fsl_ifc: fix leak of private memory on probe failure
https://notcve.org/view.php?id=CVE-2021-47314
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: memoria: fsl_ifc: corrige la pérdida de memoria privada en caso de fallo de la sonda. En caso de error de la sonda, el controlador debe liberar la memoria asignada para la estructura privada. Solucione este problema utilizando la asignación administrada de recursos. • https://git.kernel.org/stable/c/a20cbdeffce247a2b6fb83cd8d22433994068565 https://git.kernel.org/stable/c/8018476756066e97ecb886c3dc024aeb7d5792ad https://git.kernel.org/stable/c/3b45b8a7d549bd92ec94b5357c2c2c1a7ed107e4 https://git.kernel.org/stable/c/7626ffbea708e5aba6912295c012d2b409a1769f https://git.kernel.org/stable/c/ee1aa737ba0b75ab8af3444c4ae5bdba36aed6e6 https://git.kernel.org/stable/c/443f6ca6fd186b4fa4e6f377b6e19a91feb1a0d5 https://git.kernel.org/stable/c/b5789e23773f4a852fbfe244b63f675e265d3a7f https://git.kernel.org/stable/c/48ee69825f7480622ed447b0249123236 •
CVE-2021-47313 – cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init
https://notcve.org/view.php?id=CVE-2021-47313
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail and never free the resources. Make sure we free all resources on policy ->init() failures. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: cpufreq: CPPC: arregla potencial memleak en cppc_cpufreq_cpu_init Es un ejemplo clásico de memleak, asignamos algo, fallamos y nunca liberamos los recursos. Asegúrese de liberar todos los recursos en fallos de política ->init(). • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 https://git.kernel.org/stable/c/b775383355755885b19d2acef977f1ca132e80a3 https://git.kernel.org/stable/c/e1b2b2b61d30d7ce057ec17237c217d152ed97f2 https://git.kernel.org/stable/c/fe2535a44904a77615a3af8e8fd7dafb98fb0e1b • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-47311 – net: qcom/emac: fix UAF in emac_remove
https://notcve.org/view.php?id=CVE-2021-47311
In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: qcom/emac: corrige UAF en emac_remove adpt son datos privados de netdev y no se pueden usar después de la llamada a free_netdev(). Usar adpt después de free_netdev() puede causar un error en UAF. • https://git.kernel.org/stable/c/54e19bc74f3380d414681762ceed9f7245bc6a6e https://git.kernel.org/stable/c/4d04a42b926e682140776e54188f4a44f1f01a81 https://git.kernel.org/stable/c/b1e091331920f8fbfc747dcbd16263fcd71abb2d https://git.kernel.org/stable/c/11e9d163d631198bb3eb41a677a61b499516c0f7 https://git.kernel.org/stable/c/2b70ca92847c619d6264c7372ef74fcbfd1e048c https://git.kernel.org/stable/c/b560521eca03d0a2db6093a5a632cbdd0a0cf833 https://git.kernel.org/stable/c/8a225a6e07a57a1538d53637cb3d82bd3e477839 https://git.kernel.org/stable/c/ad297cd2db8953e2202970e9504cab247 • CWE-416: Use After Free •