CVE-2021-46949 – sfc: farch: fix TX queue lookup in TX flush done handling
https://notcve.org/view.php?id=CVE-2021-46949
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX flush done handling We're starting from a TXQ instance number ('qid'), not a TXQ type, so efx_get_tx_queue() is inappropriate (and could return NULL, leading to panics). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: farch: corrige la búsqueda de la cola TX en el manejo finalizado del vaciado TX. Estamos comenzando desde un número de instancia TXQ ('qid'), no un tipo TXQ, por lo que efx_get_tx_queue() es inapropiado (y podría devolver NULL, lo que provocaría pánico). • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 https://git.kernel.org/stable/c/fb791572d6747ef385f628450f8d57cd132e6e5a https://git.kernel.org/stable/c/a1570985ec04116cc665b760faf666a104154170 https://git.kernel.org/stable/c/98d91180748986bfb6dfb3e72765f3225719a647 https://git.kernel.org/stable/c/5b1faa92289b53cad654123ed2bc8e10f6ddd4ac • CWE-476: NULL Pointer Dereference •
CVE-2021-46948 – sfc: farch: fix TX queue lookup in TX event handling
https://notcve.org/view.php?id=CVE-2021-46948
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queue() is inappropriate (and could return NULL, leading to panics). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: farch: corrige la búsqueda de cola TX en el manejo de eventos TX Estamos comenzando desde una etiqueta TXQ, no un tipo TXQ, por lo que efx_channel_get_tx_queue() es inapropiado (y podría devolver NULL, provocando pánico). • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 https://git.kernel.org/stable/c/bf2b941d0a6f2d3b9f5fa3c4c21bdd54f71ce253 https://git.kernel.org/stable/c/35c7a83ad1bb1d48ae249346e61b1132bcbf9052 https://git.kernel.org/stable/c/e531db1ea6f98c9612cb2de093a107c7eadfb96c https://git.kernel.org/stable/c/83b09a1807415608b387c7bc748d329fefc5617e • CWE-476: NULL Pointer Dereference •
CVE-2021-46944 – media: staging/intel-ipu3: Fix memory leak in imu_fmt
https://notcve.org/view.php?id=CVE-2021-46944
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: staging/intel-ipu3: Reparar pérdida de memoria en imu_fmt Estamos perdiendo la referencia a una memoria asignada si lo intentamos. Cambie el orden del cheque para evitarlo. • https://git.kernel.org/stable/c/6d5f26f2e045f2377b524516194657c00efbbce8 https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9 https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3 https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-46943 – media: staging/intel-ipu3: Fix set_fmt error handling
https://notcve.org/view.php?id=CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causing the following OOPs [ 38.662975] ipu3-imgu 0000:00:05.0: swiotlb buffer is full (sz: 4096 bytes) [ 38.662980] DMA: Out of SW-IOMMU space for 4096 bytes at device 0000:00:05.0 [ 38.663010] general protection fault: 0000 [#1] PREEMPT SMP En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: staging/intel-ipu3: Corrija el manejo de errores set_fmt Si ocurre un error durante un set_fmt, no sobrescriba los tamaños anteriores con la configuración no válida. Sin este parche, el cumplimiento de v4l2 termina asignando 4 GiB de RAM y provocando los siguientes OOP [38.662975] ipu3-imgu 0000:00:05.0: el búfer swiotlb está lleno (sz: 4096 bytes) [38.662980] DMA: Fuera de SW-IOMMU espacio para 4096 bytes en el dispositivo 0000:00:05.0 [38.663010] falla de protección general: 0000 [#1] PREEMPT SMP • https://git.kernel.org/stable/c/6d5f26f2e045f2377b524516194657c00efbbce8 https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6 https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137 https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916 https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356 • CWE-131: Incorrect Calculation of Buffer Size •
CVE-2021-46941 – usb: dwc3: core: Do core softreset when switch mode
https://notcve.org/view.php?id=CVE-2021-46941
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with GCTL.CoreSoftReset 2. Set GCTL.PrtCapDir(host mode) 3. Reset the host with USBCMD.HCRESET 4. Then follow up with the initializing host registers sequence To switch from host to device: 1. • https://git.kernel.org/stable/c/41ce1456e1dbbc7355d0fcc10cf7c337c13def24 https://git.kernel.org/stable/c/fce7bbcd07d59ac30dba8ce225316b3b4c1c7b50 https://git.kernel.org/stable/c/800f58217626c8b147aa40660e572ed8a0d56e3b https://git.kernel.org/stable/c/1c10fd60c8595ea7ff7e29d3cf1fa88069941da3 https://git.kernel.org/stable/c/f88359e1588b85cf0e8209ab7d6620085f3441d9 •