CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47653 – media: davinci: vpif: fix use-after-free on driver unbind
https://notcve.org/view.php?id=CVE-2021-47653
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free on driver unbind as the device structures were allocated using devres and would be freed by driver core when remove() returns. Fix this by adding the missing deregistration calls to the remove() callback and failing... • https://git.kernel.org/stable/c/479f7a1181058689435baddc16a6a42e1a8ff0e8 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47652 – video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
https://notcve.org/view.php?id=CVE-2021-47652
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destro... • https://git.kernel.org/stable/c/3c8a63e22a0802fd56380f6ab305b419f18eb6f5 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47648 – gpu: host1x: Fix a memory leak in 'host1x_remove()'
https://notcve.org/view.php?id=CVE-2021-47648
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1x_remove()' Add a missing 'host1x_channel_list_free()' call in the remove function, as already done in the error handling path of the probe function. • https://git.kernel.org/stable/c/8474b02531c4881a762c52ef869c52429e38633f •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47646 – Revert "Revert "block, bfq: honor already-setup queue merges""
https://notcve.org/view.php?id=CVE-2021-47646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq: honor already-setup queue merges""). Yet, the reverted commit was not the one introducing the bug. In fact, it actually triggered a UAF introduced by a different commit, and now fi... • https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47645 – media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
https://notcve.org/view.php?id=CVE-2021-47645
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later. So let's fix the calcul and add a check to prevent this to reappear. • https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47644 – media: staging: media: zoran: move videodev alloc
https://notcve.org/view.php?id=CVE-2021-47644
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodev alloc Move some code out of zr36057_init() and create new functions for handling zr->video_dev. This permit to ease code reading and fix a zr->video_dev memory leak. • https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47642 – video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
https://notcve.org/view.php?id=CVE-2021-47642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. ... • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47641 – video: fbdev: cirrusfb: check pixclock to avoid divide by zero
https://notcve.org/view.php?id=CVE-2021-47641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU... • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47638 – ubifs: rename_whiteout: Fix double free for whiteout_ui->data
https://notcve.org/view.php?id=CVE-2021-47638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free o... • https://git.kernel.org/stable/c/9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47637 – ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
https://notcve.org/view.php?id=CVE-2021-47637
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: [ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132 [ 77.028820] Call Trace: [ 77.029027] schedule+0x8c/0x1b0 [ 77.029067] mutex_lock+0x50/0x60 [ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs] [ 77.029117] __writeback_single_inode+0x43c/0x570 [ 77.029128] writeback_sb_inodes+0x259/0x740 [ 77.029148] wb_writeback+0x107/0x4d0 [ 77.029163] wb_work... • https://git.kernel.org/stable/c/9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 •