CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47306 – net: fddi: fix UAF in fza_probe
https://notcve.org/view.php?id=CVE-2021-47306
In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot be used after free_netdev() call. ... Fix it by moving free_netdev() after error message. TURBOchannel adapter") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fddi: corrige UAF en fza_probe fp son datos privados de netdev y no se pueden usar después de la llamada a free_netdev(). • https://git.kernel.org/stable/c/61414f5ec9834df8aa4f55c90de16b71a3d6ca8d https://git.kernel.org/stable/c/04b06716838bfc26742dbed3ae1d3697fe5317ee https://git.kernel.org/stable/c/f33605908a9b6063525e9f68e62d739948c5fccf https://git.kernel.org/stable/c/bdfbb51f7a437ae8ea91317a5c133ec13adf3c47 https://git.kernel.org/stable/c/deb7178eb940e2c5caca1b1db084a69b2e59b4c9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47305 – dma-buf/sync_file: Don't leak fences on merge failure
https://notcve.org/view.php?id=CVE-2021-47305
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf/sync_file: no filtrar barreras en caso de falla de fusión. • https://git.kernel.org/stable/c/a02b9dc90d844cc7df7b63264e7920cc425052d9 https://git.kernel.org/stable/c/19f51c2529339280d2c8c6427cd3e21ddf1ac3f8 https://git.kernel.org/stable/c/e0355a0ad31a1d677b2a4514206de4902bd550e8 https://git.kernel.org/stable/c/41f45e91c92c8480242ea448d54e28c753b13902 https://git.kernel.org/stable/c/0d514185ae792d3a1903c8e1a83899aa996705ce https://git.kernel.org/stable/c/19edcd97727aae9362444a859a24d99a8730cb27 https://git.kernel.org/stable/c/ffe000217c5068c5da07ccb1c0f8cce7ad767435 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47304 – tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized
https://notcve.org/view.php?id=CVE-2021-47304
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems for congestion control modules (like CDG) that allocate memory in their init functions. The buggy scenario constructed by syzkaller was something like: (1) create a TCP socket (2) initiate a TFO connect via sendto() (3) while socket is in TCP_SYN_SENT, call setsockopt(TCP_CONGESTION), which calls: tcp_set_congestion_control() -> tcp_reinit_congestion_control() -> tcp_init_congestion_control() (4) receive ACK, connection is established, call tcp_init_transfer(), set icsk_ca_initialized=0 (without first calling cc->release()), call tcp_init_congestion_control() again. Note that in this sequence tcp_init_congestion_control() is called twice without a cc->release() call in between. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: corrige tcp_init_transfer() para no restablecer icsk_ca_initialized Esta confirmación corrige un error (encontrado por syzkaller) que podría causar dobles inicializaciones falsas para los módulos de control de congestión, lo que podría causar pérdidas de memoria o Otros problemas para los módulos de control de congestión (como CDG) que asignan memoria en sus funciones de inicio. • https://git.kernel.org/stable/c/8919a9b31eb4fb4c0a93e5fb350a626924302aa6 https://git.kernel.org/stable/c/ad4ba3404931745a5977ad12db4f0c34080e52f7 https://git.kernel.org/stable/c/fe77b85828ca9ddc42977b79de9e40d18545b4fe https://git.kernel.org/stable/c/be5d1b61a2ad28c7e57fe8bfa277373e8ecffcdc https://access.redhat.com/security/cve/CVE-2021-47304 https://bugzilla.redhat.com/show_bug.cgi?id=2282479 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47303 – bpf: Track subprog poke descriptors correctly and fix use-after-free
https://notcve.org/view.php?id=CVE-2021-47303
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program release there is no hook to call map_poke_untrack(). ... Lastly, a748c6975dea3 ("bpf: propagate poke des ---truncated--- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: realiza un seguimiento correcto de los descriptores de poke del subprog y corrige el use-after-free. • https://git.kernel.org/stable/c/a748c6975dea325da540610c2ba9b5f332c603e6 https://git.kernel.org/stable/c/a9f36bf3613c65cb587c70fac655c775d911409b https://git.kernel.org/stable/c/599148d40366bd5d1d504a3a8fcd65e21107e500 https://git.kernel.org/stable/c/f263a81451c12da5a342d90572e317e611846f2c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47302 – igc: Fix use-after-free error during reset
https://notcve.org/view.php?id=CVE-2021-47302
In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. ... kthread_park+0x80/0x80 [ 101.525415] ret_from_fork+0x22/0x30 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igc: corrige el error de use after free durante el reinicio. • https://git.kernel.org/stable/c/13b5b7fd6a4a96dffe604f25e7b64cfbd9520924 https://git.kernel.org/stable/c/a9508e0edfe369ac95d0825bcdca976436ce780f https://git.kernel.org/stable/c/e15f629036bac005fc758b4ad17896cf2312add4 https://git.kernel.org/stable/c/ea5e36b7367ea0a36ef73a163768f16d2977bd83 https://git.kernel.org/stable/c/56ea7ed103b46970e171eb1c95916f393d64eeff •