CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47051 – spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
https://notcve.org/view.php?id=CVE-2021-47051
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: fsl-lpspi: corrige la fuga de referencia de PM en lpspi_prepare_xfer_hardware() pm_runtime_get_sync incrementará el contador de uso de PM incluso si falla. Olvidarse de poner en funcionamiento resultará en una fuga de referencia aquí. Solucionelo reemplazándolo con pm_runtime_resume_and_get para mantener el contador de uso equilibrado. • https://git.kernel.org/stable/c/944c01a889d97dc08e1b71f4ed868f4023fd6034 https://git.kernel.org/stable/c/4a01ad002d2e03c399af536562693752af7c81b1 https://git.kernel.org/stable/c/ce02e58ddf8658a4c3bed2296f32a5873b3f7cce https://git.kernel.org/stable/c/b8207bfc539cd07d15e753ff2d179c5b61c673b1 https://git.kernel.org/stable/c/6a2b5cee0d31ab6cc51030c441135b0e31217282 https://git.kernel.org/stable/c/a03675497970a93fcf25d81d9d92a59c2d7377a7 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47050 – memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
https://notcve.org/view.php?id=CVE-2021-47050
In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platform_get_resource_byname() can return NULL which would be immediately dereferenced by resource_size(). Instead dereference it after validating the resource. Addresses-Coverity: Dereference null return value En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memoria: renesas-rpc-if: corrige posible desreferencia del puntero NULL del recurso Platform_get_resource_byname() puede devolver NULL, que sería inmediatamente desreferenciado por Resource_size(). En su lugar, elimine la referencia después de validar el recurso. Direcciones-Cobertura: Desreferencia valor de retorno nulo • https://git.kernel.org/stable/c/ca7d8b980b67f133317525c4273e144116ee1ae5 https://git.kernel.org/stable/c/71bcc1b4a1743534d8abdcb57ff912e6bc390438 https://git.kernel.org/stable/c/e16acc3a37f09e18835dc5d8014942c2ef6ca957 https://git.kernel.org/stable/c/a74cb41af7dbe019e4096171f8bc641c7ce910ad https://git.kernel.org/stable/c/59e27d7c94aa02da039b000d33c304c179395801 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47049 – Drivers: hv: vmbus: Use after free in __vmbus_open()
https://notcve.org/view.php?id=CVE-2021-47049
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: Usar después de liberar en __vmbus_open() La variable "open_info" se agrega a &vmbus_connection.chn_msg_list, pero el manejo de errores libera "open_info" sin eliminarlo de la lista. Esto resultará en un uso posterior gratuito. • https://git.kernel.org/stable/c/6f3d791f300618caf82a2be0c27456edd76d5164 https://git.kernel.org/stable/c/6b32d45bd59982751beb8220e442b40b2706647f https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560 https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5 https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47048 – spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
https://notcve.org/view.php?id=CVE-2021-47048
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store op->addr.val and op->cmd.opcode to fix this issue. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-zynqmp-gqspi: corrige use-after-free en zynqmp_qspi_exec_op Al manejar op->addr, se utiliza el buffer "tmpbuf" que ha sido liberado. Esto activará una advertencia de KASAN de use-after-free. • https://git.kernel.org/stable/c/1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62 https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47047 – spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
https://notcve.org/view.php?id=CVE-2021-47047
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails The spi controller supports 44-bit address space on AXI in DMA mode, so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping. In addition, if dma_map_single fails, it should return immediately instead of continuing doing the DMA operation which bases on invalid address. This fixes the following crash which occurs in reading a big block from flash: [ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots) [ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped [ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0 [ 123.792536] Mem abort info: [ 123.795313] ESR = 0x96000145 [ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits [ 123.803655] SET = 0, FnV = 0 [ 123.806693] EA = 0, S1PTW = 0 [ 123.809818] Data abort info: [ 123.812683] ISV = 0, ISS = 0x00000145 [ 123.816503] CM = 1, WnR = 1 [ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000 [ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000 [ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: spi-zynqmp-gqspi: devuelve -ENOMEM si falla dma_map_single El controlador spi admite espacio de direcciones de 44 bits en AXI en modo DMA, por lo tanto, configure el ancho de dma_addr_t en 44 bits para Evite el uso de un mapeo swiotlb. Además, si dma_map_single falla, debería regresar inmediatamente en lugar de continuar realizando la operación DMA que se basa en una dirección no válida. Esto corrige el siguiente fallo que se produce al leer un bloque grande desde flash: [123.633577] zynqmp-qspi ff0f0000.spi: el búfer swiotlb está lleno (tamaño: 4194304 bytes), total 32768 (ranuras), usado 0 (ranuras) [123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memoria no asignada [123.784625] No se puede manejar la solicitud de paginación del kernel en la dirección virtual 00000000003fffc0 [123.792536] Información de cancelación de memoria: [123.795313] ESR = 0x96000145 [1 23.798351] EC = 0x25: DABT (actual EL), IL = 32 bits [ 123.803655] SET = 0, FnV = 0 [ 123.806693] EA = 0, S1PTW = 0 [ 123.809818] Información de cancelación de datos: [ 123.812683] ISV = 0, ISS = 0x00000145 [ 123.816503] CM = 1 , WnR = 1 [ 123.819455] tabla de páginas de usuario: 4k páginas, VA de 48 bits, pgdp=0000000805047000 [ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=000000080 3b45003, pud=0000000000000000 [123.834586] Error interno: Ups: 96000145 [#1 ] ADVERTENCIA SMP • https://git.kernel.org/stable/c/1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e https://git.kernel.org/stable/c/5980a3b9c933408bc22b0e349b78c3ebd7cbf880 https://git.kernel.org/stable/c/c26c026eb496261dbc0adbf606cc81989cd2038c https://git.kernel.org/stable/c/bad5a23cf2b477fa78b85fd392736dae09a1e818 https://git.kernel.org/stable/c/126bdb606fd2802454e6048caef1be3e25dd121e •