CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:k... • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47610 – drm/msm: Fix null ptr access msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2021-47610
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.29102... • https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47606 – net: netlink: af_netlink: Prevent empty skb by adding a check on len.
https://notcve.org/view.php?id=CVE-2021-47606
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 and skb->data_len=0 in the randomized corruption step as shown below. skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); Crash Report: [ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port... • https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47600 – dm btree remove: fix use after free in rebalance_children()
https://notcve.org/view.php?id=CVE-2021-47600
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm btree remove: corrige el use after free en rebalance_children() Mueve dm_tm_unlock() después de dm_tm_dec(). • https://git.kernel.org/stable/c/a48f6a2bf33734ec5669ee03067dfb6c5b4818d6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47599 – btrfs: use latest_dev in btrfs_show_devname
https://notcve.org/view.php?id=CVE-2021-47599
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: btrfs_show_devname+0x108/0x1b4 [btrfs] show_mountinfo+0x234/0x2c4 m_show+0x28/0x34 seq_read_iter+0x12c/0x3c4 vfs_read+0... • https://git.kernel.org/stable/c/e342c2558016ead462f376b6c6c2ac5efc17f3b1 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47589 – igbvf: fix double free in `igbvf_probe`
https://notcve.org/view.php?id=CVE-2021-47589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which is added by `netif_napi_add` in igbvf_alloc_queues(). Ho... • https://git.kernel.org/stable/c/d4e0fe01a38a073568aee541a0247fe734095979 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47582 – USB: core: Make do_proc_control() and do_proc_bulk() killable
https://notcve.org/view.php?id=CVE-2021-47582
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds", as found in testing by syzbot: INFO: task syz-ex... • https://git.kernel.org/stable/c/403716741c6c2c510dce44e88f085a740f535de6 • CWE-667: Improper Locking •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47580 – scsi: scsi_debug: Fix type in min_t to avoid stack OOB
https://notcve.org/view.php?id=CVE-2021-47580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used causing stack out of bounds. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976 Read of size 127 at a... • https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47579 – ovl: fix warning in ovl_create_real()
https://notcve.org/view.php?id=CVE-2021-47579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such a warning, call ovl_mkdir_real() directly from ovl_workdir_create(... • https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8 • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47578 – scsi: scsi_debug: Don't call kcalloc() if size arg is zero
https://notcve.org/view.php?id=CVE-2021-47578
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, kcalloc() must not be called with the size arg equal to zero. Return early without error before the kcalloc() call if size arg is zero. BUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: null-pt... • https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26 •