CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47275 – bcache: avoid oversized read request in cache missing code path
https://notcve.org/view.php?id=CVE-2021-47275
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss() will be called in cache_lookup_fn() in the following code block, [code block 1] 526 unsigned int sectors = KEY_INODE(k) == s->iop.inode 527 ? min_t(uint64_t, INT_MAX, 528 KEY_START(k) - bio->bi_iter.bi_sector) 529 : ... • https://git.kernel.org/stable/c/555002a840ab88468e252b0eedf0b05e2ce7099c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47269 – usb: dwc3: ep0: fix NULL pointer exception
https://notcve.org/view.php?id=CVE-2021-47269
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configurations we might use fewer eps and the index might wrongly indicate a larger ep index than existing. By adding this validation from the patch we can actually report a wrong index back to the caller. In our usecase we are using a composite ... • https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47267 – usb: fix various gadget panics on 10gbps cabling
https://notcve.org/view.php?id=CVE-2021-47267
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps), high-speed (USB2.0 - 480Mbps), super-speed (USB3.0 - 5Gbps), super-speed-plus (USB3.1 - 10Gbps). The differences between full/high/super-speed descriptors are usually substantial (due to changes in the maximum usb bloc... • https://git.kernel.org/stable/c/fd24be23abf3e94260be0f00bb42c7e91d495f87 •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47258 – scsi: core: Fix error handling of scsi_host_alloc()
https://notcve.org/view.php?id=CVE-2021-47258
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via dev_set_name(), the device has to be freed via put_device(). Otherwise device name will be leaked because it is allocated dynamically in dev_set_name(). Fix the leak by replacing kfree() with put_device(). Since scsi_host_dev_release() properly handles IDA and kthread removal, remove special-casing these from the e... • https://git.kernel.org/stable/c/8958181c1663e24a13434448e7d6b96b5d04900a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47257 – net: ieee802154: fix null deref in parse dev addr
https://notcve.org/view.php?id=CVE-2021-47257
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ieee802154: corrige el deref null en analizar dev addr. Se corrige un error lógico que podría resultar en un deref null si el usuario configura el modo incorrectamente para el tipo de dirección dado. In the Lin... • https://git.kernel.org/stable/c/1f95741981c899c4724647291fec5faa3c777185 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47254 – gfs2: Fix use-after-free in gfs2_glock_shrink_scan
https://notcve.org/view.php?id=CVE-2021-47254
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window ... • https://git.kernel.org/stable/c/38ce329534500bf4ae71f81df6a37a406cf187b4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47253 – drm/amd/display: Fix potential memory leak in DMUB hw_init
https://notcve.org/view.php?id=CVE-2021-47253
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resume scenarios. [How] Allocate memory for the DC wrapper to DMUB only if it was not allocated before. No need to reallocate it on suspend/resume. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/dis... • https://git.kernel.org/stable/c/9e8c2af010463197315fa54a6c17e74988b5259c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47234 – phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init()
https://notcve.org/view.php?id=CVE-2021-47234
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() Use clk_disable_unprepare() in the error path of mtk_phy_init() to fix some resource leaks. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: phy: phy-mtk-tphy: solucione algunas fugas de recursos en mtk_phy_init() Utilice clk_disable_unprepare() en la ruta de error de mtk_phy_init() para solucionar algunas fugas de recursos. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/9a17907946232d01aa2ec109da5f93b8d31dd425 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47233 – regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL
https://notcve.org/view.php?id=CVE-2021-47233
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL devm_gpiod_get_array_optional may return NULL if no GPIO was assigned. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: regulador: rt4801: corrige la desreferencia del puntero NULL si priv->enable_gpios es NULL, devm_gpiod_get_array_optional puede devolver NULL si no se asignó ningún GPIO. • https://git.kernel.org/stable/c/ba8a26a7ce8617f9f3d6230de34b2302df086b41 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47229 – PCI: aardvark: Fix kernel panic during PIO transfer
https://notcve.org/view.php?id=CVE-2021-47229
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START register when previous transfer has not yet completed (which is indicated by value 1 in PIO_START) causes an External Abort on CPU, which results in kernel panic: SError Interrupt on CPU0, code 0xbf000002 -- SError Kernel panic - not syncing: Asynchronous SError Interrupt To prevent kernel panic, it is required to reject a ... • https://git.kernel.org/stable/c/400e6b1860c8be61388d0b77814c53260f96e17a •