CVE-2021-47030 – mt76: mt7615: fix memory leak in mt7615_coredump_work
https://notcve.org/view.php?id=CVE-2021-47030
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615_coredump_work Similar to the issue fixed in mt7921_coredump_work, fix a possible memory leak in mt7615_coredump_work routine. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7615: corrige la pérdida de memoria en mt7615_coredump_work. Similar al problema solucionado en mt7921_coredump_work, soluciona una posible pérdida de memoria en la rutina mt7615_coredump_work. • https://git.kernel.org/stable/c/d2bf7959d9c0f631ef860edaf834d55773fdedff https://git.kernel.org/stable/c/54b989653c5531bc4416ced33f146b9cb633d978 https://git.kernel.org/stable/c/49cc85059a2cb656f96ff3693f891e8fe8f669a9 •
CVE-2021-47029 – mt76: connac: fix kernel warning adding monitor interface
https://notcve.org/view.php?id=CVE-2021-47029
In the Linux kernel, the following vulnerability has been resolved: mt76: connac: fix kernel warning adding monitor interface Fix the following kernel warning adding a monitor interface in mt76_connac_mcu_uni_add_dev routine. [ 507.984882] ------------[ cut here ]------------ [ 507.989515] WARNING: CPU: 1 PID: 3017 at mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib] [ 508.059379] CPU: 1 PID: 3017 Comm: ifconfig Not tainted 5.4.98 #0 [ 508.065461] Hardware name: MT7622_MT7531 RFB (DT) [ 508.070156] pstate: 80000005 (Nzcv daif -PAN -UAO) [ 508.074939] pc : mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib] [ 508.081806] lr : mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e] [ 508.087367] sp : ffffffc013a33930 [ 508.090671] x29: ffffffc013a33930 x28: ffffff801e628ac0 [ 508.095973] x27: ffffff801c7f1200 x26: ffffff801c7eb008 [ 508.101275] x25: ffffff801c7eaef0 x24: ffffff801d025610 [ 508.106577] x23: ffffff801d022990 x22: ffffff801d024de8 [ 508.111879] x21: ffffff801d0226a0 x20: ffffff801c7eaee8 [ 508.117181] x19: ffffff801d0226a0 x18: 000000005d00b000 [ 508.122482] x17: 00000000ffffffff x16: 0000000000000000 [ 508.127785] x15: 0000000000000080 x14: ffffff801d704000 [ 508.133087] x13: 0000000000000040 x12: 0000000000000002 [ 508.138389] x11: 000000000000000c x10: 0000000000000000 [ 508.143691] x9 : 0000000000000020 x8 : 0000000000000001 [ 508.148992] x7 : 0000000000000000 x6 : 0000000000000000 [ 508.154294] x5 : ffffff801c7eaee8 x4 : 0000000000000006 [ 508.159596] x3 : 0000000000000001 x2 : 0000000000000000 [ 508.164898] x1 : ffffff801c7eac08 x0 : ffffff801d0226a0 [ 508.170200] Call trace: [ 508.172640] mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib] [ 508.179159] mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e] [ 508.184394] drv_add_interface+0x34/0x88 [mac80211] [ 508.189271] ieee80211_add_virtual_monitor+0xe0/0xb48 [mac80211] [ 508.195277] ieee80211_do_open+0x86c/0x918 [mac80211] [ 508.200328] ieee80211_do_open+0x900/0x918 [mac80211] [ 508.205372] __dev_open+0xcc/0x150 [ 508.208763] __dev_change_flags+0x134/0x198 [ 508.212937] dev_change_flags+0x20/0x60 [ 508.216764] devinet_ioctl+0x3e8/0x748 [ 508.220503] inet_ioctl+0x1e4/0x350 [ 508.223983] sock_do_ioctl+0x48/0x2a0 [ 508.227635] sock_ioctl+0x310/0x4f8 [ 508.231116] do_vfs_ioctl+0xa4/0xac0 [ 508.234681] ksys_ioctl+0x44/0x90 [ 508.237985] __arm64_sys_ioctl+0x1c/0x48 [ 508.241901] el0_svc_common.constprop.1+0x7c/0x100 [ 508.246681] el0_svc_handler+0x18/0x20 [ 508.250421] el0_svc+0x8/0x1c8 [ 508.253465] ---[ end trace c7b90fee13d72c39 ]--- [ 508.261278] ------------[ cut here ]------------ En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: connac: corrige la advertencia del kernel agregando una interfaz de monitor. Corrija la siguiente advertencia del kernel agregando una interfaz de monitor en la rutina mt76_connac_mcu_uni_add_dev. [507.984882] ------------[ cortar aquí ]------------ [ 507.989515] ADVERTENCIA: CPU: 1 PID: 3017 en mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib ] [ 508.059379] CPU: 1 PID: 3017 Comm: ifconfig No contaminado 5.4.98 #0 [ 508.065461] Nombre de hardware: MT7622_MT7531 RFB (DT) [ 508.070156] pstate: 80000005 (Nzcv daif -PAN -UAO) [ 508.074 939] ordenador personal : mt76_connac_mcu_uni_add_dev+0x178/0x190 [mt76_connac_lib] [ 508.081806] lr : mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e] [ 508.087367] sp : ffffffc013a33930 [ 508.090671] x29: ffffffc013a33930 x28: ffffff801e628ac0 [ 508.095973] x27: ffffff801c7f1200 x26: ffffff801c7eb008 [ 508.101275] x25: ffffff801c7eaef0 x24: ffffff801d025610 [ 508.106577] x23: ffffff801d022990 x22: ffffff801d024de8 [ 508.111879] x21: ffffff801d0226a0 x20: ffffff801c7eaee 8 [ 508.117181] x19: ffffff801d0226a0 x18: 000000005d00b000 [ 508.122482] x17: 00000000ffffffff x16: 00000000000000000 [ 508.127785] x15: 000 0000000000080 x14: ffffff801d704000 [ 508.133087] x13: 0000000000000040 x12: 0000000000000002 [ 508.138389] x11: 0000000000000000c x10: 0000000000000000 [ 508.143691] x9 : 0000000000000020 x8 : 0000000000000001 [ 508.148992] x7 : 0000000000000000 x6 : 00000000000000000 [ 508.154294] x5 : ffffff801c7eaee8 x4 : 00 00000000000006 [508.159596] x3: 0000000000000001 x2: 0000000000000000 [508.164898] x1: ffffff801c7eac08 x0: ffffff801d0226a0 [508.170200] Rastreo de llamadas: [508.172640] mt76_connac_mcu_uni_add_dev+0x178/0x1 90 [mt76_connac_lib] [508.179159] mt7921_eeprom_init+0x1288/0x1cb8 [mt7921e] [508.184394] drv_add_interface+0x34/0x88 [mac80211 ] [ 508.189271] ieee80211_add_virtual_monitor+0xe0/0xb48 [mac80211] [ 508.195277] ieee80211_do_open+0x86c/0x918 [mac80211] [ 508.200328] ieee80211_do_open+0 x900/0x918 [mac80211] [ 508.205372] __dev_open+0xcc/0x150 [ 508.208763] __dev_change_flags+0x134/0x198 [ 508.212937] dev_change_flags+0x20/0x60 [ 508.216764] devinet_ioctl+0x3e8/0x748 [ 508.220503] inet_ioctl+0x1e4/0x350 [ 508.223983] sock_do_ioctl+0x48/0x2 a0 [ 508.227635] sock_ioctl+0x310/0x4f8 [ 508.231116] do_vfs_ioctl+0xa4/0xac0 [ 508.234681 ] ksys_ioctl+0x44/0x90 [ 508.237985] __arm64_sys_ioctl+0x1c/0x48 [ 508.241901] el0_svc_common.constprop.1+0x7c/0x100 [ 508.246681] el0_svc_handler+0x18/0 x20 [ 508.250421] el0_svc+0x8/0x1c8 [ 508.253465] ---[ fin rastrear c7b90fee13d72c39 ]--- [ 508.261278] • https://git.kernel.org/stable/c/d0e274af2f2e44b9d496f5d2c0431fdd2ea76fb8 https://git.kernel.org/stable/c/2554b9cb4b5e097c6071ec3ed5bc7c665c477ca7 https://git.kernel.org/stable/c/c996f0346e40e3b1ac2ebaf0681df898fb157f60 •
CVE-2021-47028 – mt76: mt7915: fix txrate reporting
https://notcve.org/view.php?id=CVE-2021-47028
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace: [ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211] [ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211] [ 1215.175624] ieee80211_tx_status_ext+0x508/0x838 [mac80211] [ 1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e] [ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e] [ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e] [ 1215.196582] mt76_dma_cleanup+0x7b0/0x11d0 [mt76] [ 1215.201276] __napi_poll+0x38/0xf8 [ 1215.204668] napi_workfn+0x40/0x80 [ 1215.208062] process_one_work+0x1fc/0x390 [ 1215.212062] worker_thread+0x48/0x4d0 [ 1215.215715] kthread+0x120/0x128 [ 1215.218935] ret_from_fork+0x10/0x1c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mt76: mt7915: corrige informes txrate Verifique correctamente rate_info para corregir informes inesperados. [ 1215.161863] Rastreo de llamadas: [ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211] [ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211] [ 1215.17562 4] ieee80211_tx_status_ext+0x508/0x838 [mac80211] [1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e] [ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e] [ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e] [ 1215.196582] mt76_dma_cleanup+0x7b 0/0x11d0 [mt76] [ 1215.201276] __napi_poll+0x38/0xf8 [ 1215.204668] napi_workfn+0x40/0x80 [ 1215.208062] proceso_one_work+0x1fc/0x390 [ 1215.212062] hilo_trabajador+0x48/0x4d0 [ 1215.215715] kthread+0x120/0x128 [ 1215.218935] ret_from_fork+0x10/0x1c • https://git.kernel.org/stable/c/e57b7901469fc0b021930b83a8094baaf3d81b09 https://git.kernel.org/stable/c/dfc8a71448c7d4fec38fb22bdc8a76d79c14b6da https://git.kernel.org/stable/c/4bd926e5ca88eac4d95eacb806b229f8729bc62e https://git.kernel.org/stable/c/f43b941fd61003659a3f0e039595e5e525917aa8 •
CVE-2021-47027 – mt76: mt7921: fix kernel crash when the firmware fails to download
https://notcve.org/view.php?id=CVE-2021-47027
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash when the firmware fails to download Fix kernel crash when the firmware is missing or fails to download. [ 9.444758] kernel BUG at drivers/pci/msi.c:375! [ 9.449363] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 9.501033] pstate: a0400009 (NzCv daif +PAN -UAO) [ 9.505814] pc : free_msi_irqs+0x180/0x184 [ 9.509897] lr : free_msi_irqs+0x40/0x184 [ 9.513893] sp : ffffffc015193870 [ 9.517194] x29: ffffffc015193870 x28: 00000000f0e94fa2 [ 9.522492] x27: 0000000000000acd x26: 000000000000009a [ 9.527790] x25: ffffffc0152cee58 x24: ffffffdbb383e0d8 [ 9.533087] x23: ffffffdbb38628d0 x22: 0000000000040200 [ 9.538384] x21: ffffff8cf7de7318 x20: ffffff8cd65a2480 [ 9.543681] x19: ffffff8cf7de7000 x18: 0000000000000000 [ 9.548979] x17: ffffff8cf9ca03b4 x16: ffffffdc13ad9a34 [ 9.554277] x15: 0000000000000000 x14: 0000000000080800 [ 9.559575] x13: ffffff8cd65a2980 x12: 0000000000000000 [ 9.564873] x11: ffffff8cfa45d820 x10: ffffff8cfa45d6d0 [ 9.570171] x9 : 0000000000000040 x8 : ffffff8ccef1b780 [ 9.575469] x7 : aaaaaaaaaaaaaaaa x6 : 0000000000000000 [ 9.580766] x5 : ffffffdc13824900 x4 : ffffff8ccefe0000 [ 9.586063] x3 : 0000000000000000 x2 : 0000000000000000 [ 9.591362] x1 : 0000000000000125 x0 : ffffff8ccefe0000 [ 9.596660] Call trace: [ 9.599095] free_msi_irqs+0x180/0x184 [ 9.602831] pci_disable_msi+0x100/0x130 [ 9.606740] pci_free_irq_vectors+0x24/0x30 [ 9.610915] mt7921_pci_probe+0xbc/0x250 [mt7921e] [ 9.615693] pci_device_probe+0xd4/0x14c [ 9.619604] really_probe+0x134/0x2ec [ 9.623252] driver_probe_device+0x64/0xfc [ 9.627335] device_driver_attach+0x4c/0x6c [ 9.631506] __driver_attach+0xac/0xc0 [ 9.635243] bus_for_each_dev+0x8c/0xd4 [ 9.639066] driver_attach+0x2c/0x38 [ 9.642628] bus_add_driver+0xfc/0x1d0 [ 9.646365] driver_register+0x64/0xf8 [ 9.650101] __pci_register_driver+0x6c/0x7c [ 9.654360] init_module+0x28/0xfdc [mt7921e] [ 9.658704] do_one_initcall+0x13c/0x2d0 [ 9.662615] do_init_module+0x58/0x1e8 [ 9.666351] load_module+0xd80/0xeb4 [ 9.669912] __arm64_sys_finit_module+0xa8/0xe0 [ 9.674430] el0_svc_common+0xa4/0x16c [ 9.678168] el0_svc_compat_handler+0x2c/0x40 [ 9.682511] el0_svc_compat+0x8/0x10 [ 9.686076] Code: a94257f6 f9400bf7 a8c47bfd d65f03c0 (d4210000) [ 9.692155] ---[ end trace 7621f966afbf0a29 ]--- [ 9.697385] Kernel panic - not syncing: Fatal exception [ 9.702599] SMP: stopping secondary CPUs [ 9.706549] Kernel Offset: 0x1c03600000 from 0xffffffc010000000 [ 9.712456] PHYS_OFFSET: 0xfffffff440000000 [ 9.716625] CPU features: 0x080026,2a80aa18 [ 9.720795] Memory Limit: none En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: mt7921: soluciona el fallo del kernel cuando no se puede descargar el firmware. Se soluciona el fallo del kernel cuando falta el firmware o no se puede descargar. [9.444758] ¡ERROR del kernel en drivers/pci/msi.c:375! [0 x40/ 0x184 [ 9.513893] sp : ffffffc015193870 [ 9.517194] x29: ffffffc015193870 x28: 00000000f0e94fa2 [ 9.522492] x27: 0000000000000acd x26: 000000 000000009a [ 9.527790] x25: ffffffc0152cee58 x24: ffffffdbb383e0d8 [ 9.533087] x23: ffffffdbb38628d0 x22: 0000000000040200 [ 9.538384] x21: ffffff8cf 7de7318 x20 : ffffff8cd65a2480 [ 9.543681] x19: ffffff8cf7de7000 x18: 0000000000000000 [ 9.548979] x17: ffffff8cf9ca03b4 x16: ffffffdc13ad9a34 [ 9.554277] x15: 00 00000000000000 x14: 0000000000080800 [ 9.559575] x13: ffffff8cd65a2980 x12: 00000000000000000 [ 9.564873] x11: ffffff8cfa45d820 x10: ffffff8cfa45 d6d0 [9.570171] X9: 000000000000000040 X8: FFFFFF8CCEF1B780 [9.575469] x7: aaaaaaaaaaaaaaaaa X6: 00000000000000000000 [9.580766] x5: fffffffdc13824900 x4: fffff8ce 00000000000000 x2: 000000000000000000 [9.591362] X1: 000000000000000125 X0: FFFFFFF8CCEFE0000 [9.596660] Llame Trace: [9.599095 ] free_msi_irqs+0x180/0x184 [ 9.602831] pci_disable_msi+0x100/0x130 [ 9.606740] pci_free_irq_vectors+0x24/0x30 [ 9.610915] mt7921_pci_probe+0xbc/0x250 [mt7921 e] [ 9.615693] pci_device_probe+0xd4/0x14c [ 9.619604] very_probe+0x134/0x2ec [ 9.623252] driver_probe_device+0x64/0xfc [ 9.627335] dispositivo_driver_attach+0x4c/0x6c [ 9.631506] __driver_attach+0xac/0xc0 [ 9.635243] bus_for_each_dev+0x8c/0xd4 [ 9.639066] driver_ adjuntar+0x2c/0x38 [ 9.642628] bus_add_driver+0xfc/0x1d0 [ 9.646365] driver_register+0x64/0xf8 [ 9.650101] __pci_register_driver+0x6c/0x7c [ 9.654360] init_module+0x28/0xfdc [mt7921e] [ 9.658704] do_one_initcall+0x13c/0x2d0 [ 9.662615] do_ módulo_init+0x58/0x1e8 [ 9.666351] módulo_carga+0xd80/0xeb4 [ 9.669912 ] __arm64_sys_finit_module+0xa8/0xe0 [ 9.674430] el0_svc_common+0xa4/0x16c [ 9.678168] el0_svc_compat_handler+0x2c/0x40 [ 9.682511] el0_svc_compat+0x8/0x10 [ 9.68 6076] Código: a94257f6 f9400bf7 a8c47bfd d65f03c0 (d4210000) [ 9.692155] ---[ fin trace 7621f966afbf0a29 ]--- [ 9.697385] Pánico del kernel: no se sincroniza: excepción grave [ 9.702599] SMP: detención de CPU secundarias [ 9.706549] Compensación del kernel: 0x1c03600000 de 0xffffffc010000000 [ 9.712456] PHYS_OFF CONJUNTO: 0xffffff440000000 [9.716625] Características de la CPU: 0x080026,2a80aa18 [ 9.720795] Límite de memoria: ninguno • https://git.kernel.org/stable/c/5c14a5f944b91371961548b1907802f74a4d2e5c https://git.kernel.org/stable/c/a46b536cd60c0dbd4bf767c62a8774dec52bf099 https://git.kernel.org/stable/c/e230f0c44f011f3270680a506b19b7e84c5e8923 •
CVE-2021-47026 – RDMA/rtrs-clt: destroy sysfs after removing session from active list
https://notcve.org/view.php?id=CVE-2021-47026
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" that eventually calls rtrs_clt_remove_path_from_sysfs function. The current rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and frees sess->stats object. Second it removes the session from the active list. Therefore some functions could access non-connected session and access the freed sess->stats object even-if they check the session status before accessing the session. For instance rtrs_clt_request and get_next_path_min_inflight check the session status and try to send IO to the session. The session status could be changed when they are trying to send IO but they could not catch the change and update the statistics information in sess->stats object, and generate use-after-free problem. (see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats") This patch changes the rtrs_clt_remove_path_from_sysfs to remove the session from the active session list and then destroy the sysfs interfaces. Each function still should check the session status because closing or error recovery paths can change the status. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/rtrs-clt: destruye sysfs después de eliminar la sesión de la lista activa Una sesión se puede eliminar dinámicamente mediante la interfaz sysfs "remove_path" que eventualmente llama a la función rtrs_clt_remove_path_from_sysfs. • https://git.kernel.org/stable/c/6a98d71daea186247005099758af549e6afdd244 https://git.kernel.org/stable/c/b64415c6b3476cf9fa4d0aea3807065b8403a937 https://git.kernel.org/stable/c/676171f9405dcaa45a33d18241c32f387dbaae39 https://git.kernel.org/stable/c/d3cca8067d43dfee4a3535c645b55f618708dccb https://git.kernel.org/stable/c/7f4a8592ff29f19c5a2ca549d0973821319afaad •