CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47417 – libbpf: Fix memory leak in strset
https://notcve.org/view.php?id=CVE-2021-47417
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: libbpf: repara la pérdida de memoria en strset Libera la estructura strset en sí, no solo sus partes internas. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bug fixes. • https://git.kernel.org/stable/c/90d76d3ececc74bf43b2a97f178dadfa1e52be54 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47416 – phy: mdio: fix memory leak
https://notcve.org/view.php?id=CVE-2021-47416
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiobus_register() fails, but device_register() was called In case of device_register() has been called we should call put_device() to correctly free the memory allocated for this device, but mdiobus_free() calls just kfree(dev) in case of MD... • https://git.kernel.org/stable/c/46abc02175b3c246dd5141d878f565a8725060c9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47415 – iwlwifi: mvm: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2021-47415
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possible NULL dereference In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULL before dereferencing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iwlwifi: mvm: Corrige posible desreferencia NULL En __iwl_mvm_remove_time_event() comprueba que 'te_data->vif' sea NULL antes de desreferenciarlo. In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possi... • https://git.kernel.org/stable/c/7b3954a1d69a992a781e71036950f9254f8147f6 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47414 – riscv: Flush current cpu icache before other cpus
https://notcve.org/view.php?id=CVE-2021-47414
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: [ 0.000000] ftrace: allocating 36610 entries in 144 pages [ 0.000000] Oops - illegal instruction [#1] [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.13.1+ #5 [ 0.000000] Hardware name: SiFive HiFive Unmatched A00 (DT) [ 0.000000] epc : riscv_cpuid_to_hartid_mask+0x6/0xae [ 0.000000... • https://git.kernel.org/stable/c/fab957c11efe2f405e08b9f0d080524bc2631428 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47413 – usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
https://notcve.org/view.php?id=CVE-2021-47413
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 1.498170] Mem abort info: [ 1.500966] ESR = ... • https://git.kernel.org/stable/c/746f316b753a83e366bfc5f936cbf0d72d1c2d1d •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47412 – block: don't call rq_qos_ops->done_bio if the bio isn't tracked
https://notcve.org/view.php?id=CVE-2021-47412
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bio_endio(): 1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount ma... • https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e • CWE-388: 7PK - Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47410 – drm/amdkfd: fix svm_migrate_fini warning
https://notcve.org/view.php?id=CVE-2021-47410
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a device, devm_memunmap_pages and devm_release_mem_region calls in svm_migrate_fini are redundant. It causes below warning trace after patch "drm/amdgpu: Split amdgpu_device_fini into early and late", so remove function svm_migrate_fini. BUG: https://gitlab.freedesktop.org/drm/amd/-/issues/1718 WARNING: CPU: 1 PID: 3646 ... • https://git.kernel.org/stable/c/ac7d732b24f4061f8a732ada49b054ab38c63e15 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47409 – usb: dwc2: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2021-47409
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: dwc2: verifique el valor de retorno después de llamar a platform_get_resource(). Causará null-ptr-deref si platform_get_resource() devuelve NULL, necesitamos verificar el valor de retorno. In the Linux ker... • https://git.kernel.org/stable/c/348becdcc3196addbe882e8a10451744e489e389 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47408 – netfilter: conntrack: serialize hash resizes and cleanups
https://notcve.org/view.php?id=CVE-2021-47408
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by syzbot yet but I was able to trigger similar issue by having 2 scripts running in parallel, changing conntrack hash sizes, and: for j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done It would take more than 5 minutes for net_namespace structures to be cleaned up. This is because nf_ct_iterate_cleanup() ... • https://git.kernel.org/stable/c/e2d192301a0df8160d1555b66ae8611e8050e424 • CWE-667: Improper Locking •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47407 – KVM: x86: Handle SRCU initialization failure during page track init
https://notcve.org/view.php?id=CVE-2021-47407
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of init_srcu_struct(), which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found by a modified syzkaller. [Move the call towards the beginning of kvm_arch_init_vm. - Paolo] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Manejar el error de inicialización de SRCU ... • https://git.kernel.org/stable/c/deb2949417677649e2413266d7ce8c2ff73952b4 •