CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47265 – RDMA: Verify port when creating flow rule
https://notcve.org/view.php?id=CVE-2021-47265
In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the below oops. Call trace: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs] ib_uverbs_cmd_verbs.isra.7+0xb28/0xc50 [ib_uverbs] ib_uverbs_ioctl+0x158/0x1d0 [ib_uverbs] do_vfs_ioctl+0xd0/0xaf0 ksys_ioctl+0x84/0xb4 __arm64_sys_ioctl+0x28/0xc4 el0_svc_common.constprop.3+0xa4/0x254 el0_svc_handler+0x84/0xa0 el0_svc+0x10/0x26c Code: b9401260 f9615681 51000400 8b001c20 (f9403c1a) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: RDMA: Verificar puerto al crear regla de flujo. • https://git.kernel.org/stable/c/436f2ad05a0b65b1467ddf51bc68171c381bf844 https://git.kernel.org/stable/c/8dc1b0e0ca204596c50bcd159ee069ae0f998176 https://git.kernel.org/stable/c/2adcb4c5a52a2623cd2b43efa7041e74d19f3a5e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47264 – ASoC: core: Fix Null-point-dereference in fmt_single_name()
https://notcve.org/view.php?id=CVE-2021-47264
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix Null-point-dereference in fmt_single_name() Check the return value of devm_kstrdup() in case of Null-point-dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: core: corrige la desreferencia de punto nulo en fmt_single_name(). • https://git.kernel.org/stable/c/45dd9943fce08f1b38352ff9453682253bdf19b7 https://git.kernel.org/stable/c/0e2c9aeb00289f279b8181fbd4c20765127d8943 https://git.kernel.org/stable/c/047fd16015a79180771650aa6ce71f68b2c23368 https://git.kernel.org/stable/c/41daf6ba594d55f201c50280ebcd430590441da1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47263 – gpio: wcd934x: Fix shift-out-of-bounds error
https://notcve.org/view.php?id=CVE-2021-47263
In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) which is not right, and this was caught by below usban check UBSAN: shift-out-of-bounds in drivers/gpio/gpio-wcd934x.c:34:14 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gpio: wcd934x: corrección de error de desplazamiento fuera de los límites. • https://git.kernel.org/stable/c/59c324683400b41caa6d85b091e812ee3d5415c3 https://git.kernel.org/stable/c/e0b518a2eb44d8a74c19e50f79a8ed393e96d634 https://git.kernel.org/stable/c/dd55331d493b7ea75c5db1f24d6822946fde2862 https://git.kernel.org/stable/c/dbec64b11c65d74f31427e2b9d5746fbf17bf840 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47262 – KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
https://notcve.org/view.php?id=CVE-2021-47262
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. ... kvm_nested_vmenter_failed: ' WARNING: CPU: 3 PID: 140134 at kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0 CPU: 3 PID: 140134 Comm: less Not tainted 5.13.0-rc1-ce2e73ce600a-req #184 Hardware name: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:trace_check_vprintf+0x3be/0x3e0 Code: <0f> 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20 RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffa895cc37bd08 RCX: 0000000000000027 RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8 RBP: ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffffc0a041d4 R13: ffffffffc0f4dba8 R14: 0000000000000000 R15: ffff976409f2c000 FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0 Call Trace: trace_event_printf+0x5e/0x80 trace_raw_output_kvm_nested_vmenter_failed+0x3a/0x60 [kvm] print_trace_line+0x1dd/0x4e0 s_show+0x45/0x150 seq_read_iter+0x2d5/0x4c0 seq_read+0x106/0x150 vfs_read+0x98/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x40/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Garantizar la vivacidad de la VM anidada. • https://git.kernel.org/stable/c/380e0055bc7e4a5c687436ba3ccebb4667836b95 https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc https://git.kernel.org/stable/c/d046f724bbd725a24007b7e52b2d675249870888 https://git.kernel.org/stable/c/9fb088ce13bc3c59a51260207b487db3e556f275 https://git.kernel.org/stable/c/f31500b0d437a2464ca5972d8f5439e156b74960 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47261 – IB/mlx5: Fix initializing CQ fragments buffer
https://notcve.org/view.php?id=CVE-2021-47261
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize operation. However, the offending commit started to use function get_cqe() for getting the CQEs, the issue with this change is that get_cqe() always returns CQEs from cq->buf, which leads us to initialize the wrong buffer, and in case of enlarging the CQ we try to access elements beyond the size of the current cq->buf and eventually hit a kernel panic. [exception RIP: init_cq_frag_buf+103] [ffff9f799ddcbcd8] mlx5_ib_resize_cq at ffffffffc0835d60 [mlx5_ib] [ffff9f799ddcbdb0] ib_resize_cq at ffffffffc05270df [ib_core] [ffff9f799ddcbdc0] llt_rdma_setup_qp at ffffffffc0a6a712 [llt] [ffff9f799ddcbe10] llt_rdma_cc_event_action at ffffffffc0a6b411 [llt] [ffff9f799ddcbe98] llt_rdma_client_conn_thread at ffffffffc0a6bb75 [llt] [ffff9f799ddcbec8] kthread at ffffffffa66c5da1 [ffff9f799ddcbf50] ret_from_fork_nospec_begin at ffffffffa6d95ddd Fix it by getting the needed CQE by calling mlx5_frag_buf_get_wqe() that takes the correct source buffer as a parameter. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: IB/mlx5: Corrección al inicializar el búfer de fragmentos CQ. • https://git.kernel.org/stable/c/388ca8be00370db132464e27f745b8a0add19fcb https://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9 https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26 https://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0 https://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4 https://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a •