CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47366 – afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server
https://notcve.org/view.php?id=CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read size, the file position or the sum of the two have the upper 32 bits set of the 64-bit value. This is a problem, however, since the file position and length fields of FS.FetchData are *signed* 32-bit values. Fix this by capturing the capability bits obtained from the fileserver when it's sent an FS.GetCapabilities RPC, rather than just discarding them, and then picking out the VICED_CAPABILITY_64BITFILES flag. ... It's also not a problem with Auristor servers as its YFS.FetchData64 op uses unsigned 64-bit values. This can be tested by cloning a git repo through an OpenAFS client to an OpenAFS server and then doing "git status" on it from a Linux afs client[1]. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: afs: corrige la corrupción en las lecturas en fpos 2G-4G desde un servidor OpenAFS. AFS-3 tiene dos variantes RPC de recuperación de datos, FS.FetchData y FS.FetchData64, y conmutadores de cliente afs de Linux. entre ellos cuando se habla con un servidor que no es YFS si el tamaño de lectura, la posición del archivo o la suma de los dos tienen los 32 bits superiores establecidos del valor de 64 bits. ... Esto se puede probar clonando un repositorio de git a través de un cliente OpenAFS en un servidor OpenAFS y luego ejecutando el "estado de git" desde un cliente afs de Linux[1]. • https://git.kernel.org/stable/c/b9b1f8d5930a813879278d0cbfc8c658d6a038dc https://git.kernel.org/stable/c/e66fc460d6dcf85cf12288e133a081205aebcd97 https://git.kernel.org/stable/c/b537a3c21775075395af475dcc6ef212fcf29db8 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47365 – afs: Fix page leak
https://notcve.org/view.php?id=CVE-2021-47365
In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a write we want to make to improve the efficiency of the writeback by making it larger. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: afs: Reparar pérdida de página. • https://git.kernel.org/stable/c/e87b03f5830ecd8ca21836d3ee48c74f8d58fa31 https://git.kernel.org/stable/c/d130b5fdd42254d92948d06347940276140c927e https://git.kernel.org/stable/c/581b2027af0018944ba301d68e7af45c6d1128b5 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47364 – comedi: Fix memory leak in compat_insnlist()
https://notcve.org/view.php?id=CVE-2021-47364
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: comedi: Reparar pérdida de memoria en compat_insnlist() `compat_insnlist()` maneja la versión de 32 bits del ioctl `COMEDI_INSNLIST` (cuando `CONFIG_COMPAT` está habilitado). • https://git.kernel.org/stable/c/b8d47d8813055ce38c0d2ad913d5462017e52692 https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671 https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47363 – nexthop: Fix division by zero while replacing a resilient group
https://notcve.org/view.php?id=CVE-2021-47363
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed a possible division by zero while replacing a resilient group [1]. ... The tests do not specify the number of buckets while performing the replacement, resulting in the kernel allocating a stub resilient table (i.e, 'struct nh_res_table') with zero buckets. This table should never be visible to the data path, but the old nexthop group (i.e., 'oldg') might still be used by the data path when the stub table is assigned to it. Fix this by only assigning the stub table to the old nexthop group after making sure the group is no longer used by the data path. Tested with fib_nexthops.sh: Tests passed: 222 Tests failed: 0 [1] divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 1850 Comm: ping Not tainted 5.14.0-custom-10271-ga86eb53057fe #1107 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:nexthop_select_path+0x2d2/0x1a80 [...] Call Trace: fib_select_multipath+0x79b/0x1530 fib_select_path+0x8fb/0x1c10 ip_route_output_key_hash_rcu+0x1198/0x2da0 ip_route_output_key_hash+0x190/0x340 ip_route_output_flow+0x21/0x120 raw_sendmsg+0x91d/0x2e10 inet_sendmsg+0x9e/0xe0 __sys_sendto+0x23d/0x360 __x64_sys_sendto+0xe1/0x1b0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nexthop: corrige la división por cero mientras se reemplaza un grupo resistente Las pruebas de tortura del grupo resiliente de nexthop en fib_nexthop.sh expusieron una posible división por cero mientras se reemplaza un grupo resistente [1]. • https://git.kernel.org/stable/c/283a72a5599e80750699d2021830a294ed9ab3f3 https://git.kernel.org/stable/c/e9d32ec26e7f01d1af13bdc687f586362546aa25 https://git.kernel.org/stable/c/563f23b002534176f49524b5ca0e1d94d8906c40 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47362 – drm/amd/pm: Update intermediate power state for SI
https://notcve.org/view.php?id=CVE-2021-47362
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state. set_power_state refers to values from the current state and without current state populated, it could result in NULL pointer dereference. For ex: on platforms where PCI speed change is supported through ACPI ATCS method, the link speed of current state needs to be queried before deciding on changing to final power state's link speed. ... The issue became visible when broken ATCS-support logic got fixed with commit f9b7f3703ff9 ("drm/amdgpu/acpi: make ATPX/ATCS structures global (v2)"). Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1698 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Actualizar el estado de energía intermedio para SI. • https://git.kernel.org/stable/c/68d4fbe6220cd1f3d07cab0a4901e62f8c12cc68 https://git.kernel.org/stable/c/06a18e64256f7aecb5a27df02faa3568fcd3c105 https://git.kernel.org/stable/c/ab39d3cef526ba09c4c6923b4cd7e6ec1c5d4faa •