CVE-2021-47056 – crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
https://notcve.org/view.php?id=CVE-2021-47056
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the vf2pf_lock is initialized in adf_dev_init(), which can fail and when it fail, the vf2pf_lock is either not initialized or destroyed, a subsequent use of vf2pf_lock will cause issue. To fix this issue, only set this flag if adf_dev_init() returns 0. [ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0 [ 7.180345] Call Trace: [ 7.182576] mutex_lock+0xc9/0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: qat - ADF_STATUS_PF_RUNNING debe configurarse después de adf_dev_init ADF_STATUS_PF_RUNNING es (solo) usado y verificado por adf_vf2pf_shutdown() antes de llamar a adf_iov_putmsg()->mutex_lock(vf2pf_lock), sin embargo, vf2pf_lock es inicializado en adf_dev_init(), que puede fallar y cuando falla, vf2pf_lock no se inicializa o se destruye, un uso posterior de vf2pf_lock causará problemas. Para solucionar este problema, establezca este indicador solo si adf_dev_init() devuelve 0. [7.178404] ERROR: KASAN: acceso a memoria de usuario en __mutex_lock.isra.0+0x1ac/0x7c0 [7.180345] Seguimiento de llamadas: [7.182576] mutex_lock+0xc9 /0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf] • https://git.kernel.org/stable/c/25c6ffb249f612c56a48ce48a3887adf57b8f4bd https://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d https://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654 https://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda https://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6 https://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c https://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1 https://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3 •
CVE-2021-47055 – mtd: require write permissions for locking and badblock ioctls
https://notcve.org/view.php?id=CVE-2021-47055
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table. En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: mtd: requiere permisos de escritura para bloqueo y badblock ioctls MEMLOCK, MEMUNLOCK y OTPLOCK modifican los bits de protección. • https://git.kernel.org/stable/c/1c9f9125892a43901438bf704ada6b7019e2a884 https://git.kernel.org/stable/c/583d42400532fbd6228b0254d7c732b771e4750d https://git.kernel.org/stable/c/389c74c218d3b182e9cd767e98cee0e0fd0dabaa https://git.kernel.org/stable/c/ab1a602a9cea98aa37b2e6851b168d2a2633a58d https://git.kernel.org/stable/c/9a53e8bd59d9f070505e51d3fd19606a270e6b93 https://git.kernel.org/stable/c/f7e6b19bc76471ba03725fe58e0c218a3d6266c3 https://git.kernel.org/stable/c/36a8b2f49235e63ab3f901fe12e1b6732f075c2e https://git.kernel.org/stable/c/eb3d82abc335624a5e8ecfb75aba0b684 •
CVE-2021-47054 – bus: qcom: Put child node before return
https://notcve.org/view.php?id=CVE-2021-47054
In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_each_available_child_of_node() and should be decremented manually if the loop is broken in loop body. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bus: qcom: Colocar el nodo secundario antes del retorno. Colocar el nodo secundario antes del retorno para corregir una posible pérdida del recuento de referencias. Generalmente, el recuento de referencia del niño se incrementa y disminuye automáticamente en la macro for_each_available_child_of_node() y debe disminuirse manualmente si el bucle se rompe en el cuerpo del bucle. • https://git.kernel.org/stable/c/335a127548081322bd2b294d715418648912f20c https://git.kernel.org/stable/c/a6191e91c10e50bd51db65a00e03d02b6b0cf8c4 https://git.kernel.org/stable/c/94810fc52925eb122a922df7f9966cf3f4ba7391 https://git.kernel.org/stable/c/a399dd80e697a02cfb23e2fc09b87849994043d9 https://git.kernel.org/stable/c/3a76ec28824c01b57aa1f0927841d75e4f167cb8 https://git.kernel.org/stable/c/00f6abd3509b1d70d0ab0fbe65ce5685cebed8be https://git.kernel.org/stable/c/6b68c03dfc79cd95a58dfd03f91f6e82829a1b0c https://git.kernel.org/stable/c/c6f8e0dc8da1cd78d640dee392071cc23 •
CVE-2021-47020 – soundwire: stream: fix memory leak in stream config error path
https://notcve.org/view.php?id=CVE-2021-47020
In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at this time. This patch frees slave runtime in the config error path to fix the memory leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la pérdida de memoria en la ruta de error de configuración de stream Cuando falla la configuración de stream, el tiempo de ejecución maestro liberará todo el tiempo de ejecución esclavo en Slave_rt_list, pero el tiempo de ejecución esclavo no se agrega a la lista. en este momento. Este parche libera el tiempo de ejecución esclavo en la ruta del error de configuración para corregir la pérdida de memoria. • https://git.kernel.org/stable/c/89e590535f32d4bc548bcf266f3b046e50942f6d https://git.kernel.org/stable/c/342260fe821047c3d515e3d28085d73fbdce3e80 https://git.kernel.org/stable/c/870533403ffa28ff63e173045fc5369365642002 https://git.kernel.org/stable/c/7c468deae306d0cbbd539408c26cfec04c66159a https://git.kernel.org/stable/c/2f17ac005b320c85d686088cfd4c2e7017912b88 https://git.kernel.org/stable/c/effd2bd62b416f6629e18e3ce077c60de14cfdea https://git.kernel.org/stable/c/48f17f96a81763c7c8bf5500460a359b9939359f •
CVE-2021-47016 – m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
https://notcve.org/view.php?id=CVE-2021-47016
In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt flag and counter overflow. As Michael reported, "This results in no timer interrupts being delivered after the first. Initialization then hangs in calibrate_delay as the jiffies counter is not updated." On mvme16x, enable the timer after requesting the irq, consistent with mvme147. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: m68k: mvme147,mvme16x: No borre los bits de configuración del temporizador PCC. • https://git.kernel.org/stable/c/7529b90d051e4629884771ba2b1d3a87d2c6a9d7 https://git.kernel.org/stable/c/f6a90818a32058fca62cda3a2027a6a2364e1878 https://git.kernel.org/stable/c/1dfb26df15fc7036a74221d43de7427f74293dae https://git.kernel.org/stable/c/73fdeb612d25b5e105c219e05434285a45d23576 https://git.kernel.org/stable/c/5d34225169346cab5145978d153b9ce90e9ace21 https://git.kernel.org/stable/c/43262178c043032e7c42d00de44c818ba05f9967 •