CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47291 – ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
https://notcve.org/view.php?id=CVE-2021-47291
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions"). We additionally need to take care of fib6_metrics initialization failure when the caller provides an nh. The fix is similar, explicitly free the route instead of calling fib6_info_release on a half-initialized object. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: corrige otra slab fuera de los límites en fib6_nh_flush_exceptions. • https://git.kernel.org/stable/c/f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 https://git.kernel.org/stable/c/830251361425c5be044db4d826aaf304ea3d14c6 https://git.kernel.org/stable/c/ce8fafb68051fba52546f8bbe8621f7641683680 https://git.kernel.org/stable/c/115784bcccf135c3a3548098153413d76f16aae0 https://git.kernel.org/stable/c/8fb4792f091e608a0a1d353dfdf07ef55a719db5 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47290 – scsi: target: Fix NULL dereference on XCOPY completion
https://notcve.org/view.php?id=CVE-2021-47290
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core: Make completion affinity configurable") makes target_complete_cmd() queue work on a CPU based on se_tpg->se_tpg_wwn->cmd_compl_affinity state. LIO's EXTENDED COPY worker is a special case in that read/write cmds are dispatched using the global xcopy_pt_tpg, which carries a NULL se_tpg_wwn pointer following initialization in target_xcopy_setup_pt(). The NULL xcopy_pt_tpg->se_tpg_wwn pointer is dereferenced on completion of any EXTENDED COPY initiated read/write cmds. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: corrige la desreferencia NULL al completar XCOPY. • https://git.kernel.org/stable/c/39ae3edda325e9cf9e978c9788affe88231f3b34 https://git.kernel.org/stable/c/e7732c5a19a15a62b0b23fd683a639b0483e1f40 https://git.kernel.org/stable/c/a47fa41381a09e5997afd762664db4f5f6657e03 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47289 – ACPI: fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47289
In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ACPI: corrige la desreferencia del puntero NULL. • https://git.kernel.org/stable/c/38f54217b423c0101d03a00feec6fb8ec608b12e https://git.kernel.org/stable/c/cae3fa3d8165761f3000f523b11cfa1cd35206bc https://git.kernel.org/stable/c/ccf23a0888077a25a0793a746c3941db2a7562e4 https://git.kernel.org/stable/c/fc68f42aa737dc15e7665a4101d4168aadb8e4c4 https://access.redhat.com/security/cve/CVE-2021-47289 https://bugzilla.redhat.com/show_bug.cgi?id=2282508 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47288 – media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
https://notcve.org/view.php?id=CVE-2021-47288
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] The problem is that the original code is trying to copy 6 bytes of data into a one-byte size member _config_ of the wrong structue FW_CONFIGURE_BUFFERS, in a single call to memcpy(). ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: ngene: corrige un error fuera de los límites en ngene_command_config_free_buf(). • https://git.kernel.org/stable/c/dae52d009fc950b5c209260d50fcc000f5becd3c https://git.kernel.org/stable/c/4487b968e5eacd02c493303dc2b61150bb7fe4b2 https://git.kernel.org/stable/c/c6ddeb63dd543b5474b0217c4e47538b7ffd7686 https://git.kernel.org/stable/c/e818f2ff648581a6c553ae2bebc5dcef9a8bb90c https://git.kernel.org/stable/c/ec731c6ef564ee6fc101fc5d73e3a3a953d09a00 https://git.kernel.org/stable/c/e617fa62f6cf859a7b042cdd6c73af905ff8fca3 https://git.kernel.org/stable/c/e991457afdcb5f4dbc5bc9d79eaf775be33e7092 https://git.kernel.org/stable/c/b9a178f189bb6d75293573e181928735f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47287 – driver core: auxiliary bus: Fix memory leak when driver_register() fail
https://notcve.org/view.php?id=CVE-2021-47287
In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free the memory allocated for auxdrv->driver.name before returning from __auxiliary_driver_register() En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: núcleo del controlador: bus auxiliar: corrige la pérdida de memoria cuando falla driver_register(). • https://git.kernel.org/stable/c/7de3697e9cbd4bd3d62bafa249d57990e1b8f294 https://git.kernel.org/stable/c/ce5b3de58fc21303722df46551f7eb9a91afb409 https://git.kernel.org/stable/c/4afa0c22eed33cfe0c590742387f0d16f32412f3 https://access.redhat.com/security/cve/CVE-2021-47287 https://bugzilla.redhat.com/show_bug.cgi?id=2282511 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •