CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47480 – scsi: core: Put LLD module refcnt after SCSI device is released
https://notcve.org/view.php?id=CVE-2021-47480
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is released because shost->hostt is required in the release handler. Make sure to put LLD module refcnt after SCSI device is released. Fixes a kernel panic of 'BUG: unable to handle page fault for address' reported by... • https://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47478 – isofs: Fix out of bound access for corrupted isofs image
https://notcve.org/view.php?id=CVE-2021-47478
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: isofs: corrige el acceso fuera de los límites para una imagen isofs corrupta. Cuando la imagen isofs está adecuadamente dañada, isofs_read_inode() puede leer datos m... • https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47469 – spi: Fix deadlock when adding SPI controllers on SPI buses
https://notcve.org/view.php?id=CVE-2021-47469
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of d... • https://git.kernel.org/stable/c/aa3f3d7bef59583f2d3234173105a27ff61ef8fe •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47468 – isdn: mISDN: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2021-47468
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turn... • https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47458 – ocfs2: mount fails with buffer overflow in strlen
https://notcve.org/view.php?id=CVE-2021-47458
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while strlcpy assumes that the source string is always null terminated. This causes a read outside of t... • https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47435 – dm: fix mempool NULL pointer race when completing IO
https://notcve.org/view.php?id=CVE-2021-47435
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to mempool->elements being NULL: task1 task2 do_resume ->do_suspend ->dm_wait_for_completion bio_endio ->clone_endio ->dm_io_dec_pending ->end_io_acct ->wakeup task1 ->dm_swap_table ->__bind ->__bind_mempools ->bioset_ex... • https://git.kernel.org/stable/c/9fb7cd5c7fef0f1c982e3cd27745a0dec260eaed • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47434 – xhci: Fix command ring pointer corruption while aborting a command
https://notcve.org/view.php?id=CVE-2021-47434
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort are located at [0:3] bits. While aborting a command, we read the CRCR and set the abort bit and write to the CRCR. The read will always give command ring pointer as all zeros. So we essentially write only the control bits. • https://git.kernel.org/stable/c/22bcb65ea41072ab5d03c0c6290e04e0df6d09a0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47433 – btrfs: fix abort logic in btrfs_replace_file_extents
https://notcve.org/view.php?id=CVE-2021-47433
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfs_replace_file_extents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide if we should abort is wrong. The only way we would abort in this case is if we got a ret != -EOPNOTSUPP and we called from the file clone code. However the prealloc code uses this path too. • https://git.kernel.org/stable/c/0e32a2b85c7d92ece86c17dfef390c5ed79c6378 •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52868 – thermal: core: prevent potential string overflow
https://notcve.org/view.php?id=CVE-2023-52868
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: térmica: núcleo: evita un posible desbordamiento de cadenas. El valor dev->id proviene de ida_alloc(), por lo que es un número entre cero e INT_MAX. Si es demasiado alto, estos sprintf()s se... • https://git.kernel.org/stable/c/203d3d4aa482339b4816f131f713e1b8ee37f6dd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52843 – llc: verify mac len before reading mac header
https://notcve.org/view.php?id=CVE-2023-52843
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len and with user configurable skb->protocol (passing a tun_pi header when not configuring IFF_NO_PI). BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline] BUG: KMSAN: uninit-value in ... • https://git.kernel.org/stable/c/f83f1768f833cb45bc93429fdc552252a4f55ac3 •