CVE-2021-47168 – NFS: fix an incorrect limit in filelayout_decode_layout()
https://notcve.org/view.php?id=CVE-2021-47168
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFS: corrige un límite incorrecto en filelayout_decode_layout() El "sizeof(struct nfs_fh)" es dos bytes demasiado grande y podría provocar daños en la memoria. Debería ser NFS_MAXFHSIZE porque ese es el tamaño del búfer ->datos[]. Invertí el tamaño de los argumentos para poner la variable a la izquierda. • https://git.kernel.org/stable/c/16b374ca439fb406e46e071f75428f5b033056f8 https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040 https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1 https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714 https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1 https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bb •
CVE-2021-47167 – NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
https://notcve.org/view.php?id=CVE-2021-47167
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFS: corrija una condición de Oopsable en __nfs_pageio_add_request() Asegúrese de que nfs_pageio_error_cleanup() restablezca el contenido de la matriz reflejada, de modo que la estructura refleje el hecho de que ahora está vacía. También cambie la prueba en nfs_pageio_do_add_request() para que sea más sólida verificando si la lista está vacía o no en lugar de confiar en el valor de pg_count. • https://git.kernel.org/stable/c/a7d42ddb3099727f58366fa006f850a219cce6c8 https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101 https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490 https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb •
CVE-2021-47166 – NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
https://notcve.org/view.php?id=CVE-2021-47166
In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFS: no corrompa el valor de pg_bytes_writing en nfs_do_recoalesce() El valor de mirror->pg_bytes_write solo debe actualizarse después de un intento exitoso de eliminar las solicitudes de la lista. • https://git.kernel.org/stable/c/a7d42ddb3099727f58366fa006f850a219cce6c8 https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008 https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33 https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997 https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c36 •
CVE-2021-47165 – drm/meson: fix shutdown crash when component not probed
https://notcve.org/view.php?id=CVE-2021-47165
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 ... Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 ... Simply check if the priv struct has been allocated before using it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/meson: corrige el fallo de apagado cuando el componente no se prueba Cuando el componente principal no se prueba, por ejemplo, cuando el módulo dw-hdmi aún no está cargado o en el aplazamiento de la prueba, se produce el siguiente fallo aparece al apagar: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000038... pc: meson_drv_shutdown+0x24/0x50 lr: platform_drv_shutdown+0x20/0x30... Rastreo de llamadas: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x3 0 dispositivo_apagado+ 0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30... Simplemente verifique si la estructura priv se ha asignado antes de usarla. • https://git.kernel.org/stable/c/8a5160cc8488776ddc48ea045860dab015f47390 https://git.kernel.org/stable/c/8fbbf2b3849419e31731902d7478b0c934732632 https://git.kernel.org/stable/c/d2100ef32a8cfd024bad94f4fbc5e53d40d2b3da https://git.kernel.org/stable/c/d4ec1ffbdaa8939a208656e9c1440742c457ef16 https://git.kernel.org/stable/c/fa0c16caf3d73ab4d2e5d6fa2ef2394dbec91791 https://git.kernel.org/stable/c/cef14d5d92f14a6e282c3216c2da63e05f14758a https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b165 •
CVE-2021-47164 – net/mlx5e: Fix null deref accessing lag dev
https://notcve.org/view.php?id=CVE-2021-47164
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/mlx5e: corrigió el deref nulo al acceder a lag dev. Podría ser que el lag dev sea nulo, así que deje de procesar el evento. En bond_enslave(), el esclavo activo/de respaldo se configura antes de configurar el desarrollo superior, por lo que el primer evento es sin un desarrollo superior. Después de configurar el desarrollo superior con bond_master_upper_dev_link() hay un segundo evento y en ese evento tenemos un desarrollo superior. • https://git.kernel.org/stable/c/7e51891a237f9ea319f53f9beb83afb0077d88e6 https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587 https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55 • CWE-476: NULL Pointer Dereference •