CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2021-47643 – media: ir_toy: free before error exiting
https://notcve.org/view.php?id=CVE-2021-47643
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: free before error exiting Fix leak in error path. • https://git.kernel.org/stable/c/99e3f83539cac6884a4df02cb204a57a184ea12b •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47642 – video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
https://notcve.org/view.php?id=CVE-2021-47642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. ... • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47641 – video: fbdev: cirrusfb: check pixclock to avoid divide by zero
https://notcve.org/view.php?id=CVE-2021-47641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU... • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2021-47640 – powerpc/kasan: Fix early region not updated correctly
https://notcve.org/view.php?id=CVE-2021-47640
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24 and PAGE_SHIFT is 12. It not only causes false positives but also false negative as shown the following text. Fix it by bringing the logic of kasan_early_shadow_page_entry here. 1. False Positive: ================================================================== BUG: KASAN: vmalloc-out-of-bounds in pcpu_alloc+0x508/0xa50 Wr... • https://git.kernel.org/stable/c/cbd18991e24fea2c31da3bb117c83e4a3538cd11 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2021-47639 – KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
https://notcve.org/view.php?id=CVE-2021-47639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap operation. Most notably, the TDP MMU doesn't zap invalid roots in mmu_notifier callbacks. This leads to use-after-free and other issues if the mmu_notifier runs to completion while an invalid root zapper yields as KVM ... • https://git.kernel.org/stable/c/b7cccd397f310739fb85383033e95580f99927e0 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2021-47638 – ubifs: rename_whiteout: Fix double free for whiteout_ui->data
https://notcve.org/view.php?id=CVE-2021-47638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free o... • https://git.kernel.org/stable/c/9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2021-47637 – ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
https://notcve.org/view.php?id=CVE-2021-47637
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: [ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132 [ 77.028820] Call Trace: [ 77.029027] schedule+0x8c/0x1b0 [ 77.029067] mutex_lock+0x50/0x60 [ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs] [ 77.029117] __writeback_single_inode+0x43c/0x570 [ 77.029128] writeback_sb_inodes+0x259/0x740 [ 77.029148] wb_writeback+0x107/0x4d0 [ 77.029163] wb_work... • https://git.kernel.org/stable/c/9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2021-47636 – ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
https://notcve.org/view.php?id=CVE-2021-47636
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds in following process: ubifs_wbuf_write_nolock(): aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096 if (aligned_len <= wbuf->avail) ... // Not satisfy if (wbuf->used) { ubifs_leb_write() // Fill some data in avail wbuf len -= wbuf->avail; // len is still not 8-bytes aligned aligned_len -= wbuf->avail;... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2021-47635 – ubifs: Fix to add refcount once page is set private
https://notcve.org/view.php?id=CVE-2021-47635
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_private flag, we should increment the refcount in that page, also main flows like pageout(), migrate_page() will assume there is one additional page reference count if page_has_private() returns true. Otherwise, we may get a BUG in page migration: page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8 index:... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: -EPSS: %CPEs: 17EXPL: 0CVE-2021-47634 – ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
https://notcve.org/view.php?id=CVE-2021-47634
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Hulk Robot reported a KASAN report about use-after-free: ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0x13d/0x160 Read of size 8 at addr ffff888035e37d98 by task ubiattach/1385 [...] Call Trace: klist_dec_and_del+0xa7/0x4a0 klist_put+0xc7/0x1a0 device_del+0x4d4/0xed0 cdev_device_del+0x1a/0x80 ubi_atta... • https://git.kernel.org/stable/c/714fb87e8bc05ff78255afc0dca981e8c5242785 •