CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47357 – atm: iphase: fix possible use-after-free in ia_module_exit()
https://notcve.org/view.php?id=CVE-2021-47357
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el k... • https://git.kernel.org/stable/c/9e161687855175334ca93c6c3ccb221731194479 •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47356 – mISDN: fix possible use-after-free in HFC_cleanup()
https://notcve.org/view.php?id=CVE-2021-47356
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de ... • https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47355 – atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
https://notcve.org/view.php?id=CVE-2021-47355
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el... • https://git.kernel.org/stable/c/99779c9d9ffc7775da6f7fd8a7c93ac61657bed5 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47354 – drm/sched: Avoid data corruptions
https://notcve.org/view.php?id=CVE-2021-47354
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/sched: evite la corrupción de datos. Espere a que se completen todas las dependencias de un trabajo antes de eliminarlo para evitar la corrupción de datos. In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corr... • https://git.kernel.org/stable/c/c32d0f0e164ffab2a56c7cf8e612584b4b740e2e • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47353 – udf: Fix NULL pointer dereference in udf_symlink function
https://notcve.org/view.php?id=CVE-2021-47353
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by udf_tgetblk. The function udf_tgetblk is defined in udf/misc.c and returns the value of sb_getblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sb_getblk fails. This fix adds a check to validate the value of epos.bh. En el kernel de Linux, s... • https://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47352 – virtio-net: Add validation for used length
https://notcve.org/view.php?id=CVE-2021-47352
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos. A vulnerability... • https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47348 – drm/amd/display: Avoid HDCP over-read and corruption
https://notcve.org/view.php?id=CVE-2021-47348
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: evita la sobrelectura ... • https://git.kernel.org/stable/c/c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47347 – wl1251: Fix possible buffer overflow in wl1251_cmd_scan
https://notcve.org/view.php?id=CVE-2021-47347
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wl1251: corrige posible desbordamiento del buffer en wl1251_cmd_scan. La función wl1251_cmd_scan llama a memcpy sin comprobar la longitud. Endurecer comprobando que el largo esté dentro del... • https://git.kernel.org/stable/c/57ad99ae3c6738ba87bad259bb57c641ca68ebf6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47345 – RDMA/cma: Fix rdma_resolve_route() memory leak
https://notcve.org/view.php?id=CVE-2021-47345
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix rdma_resolve_route() memory leak Fix a memory leak when "mda_resolve_route() is called more than once on the same "rdma_cm_id". This is possible if cma_query_handler() triggers the RDMA_CM_EVENT_ROUTE_ERROR flow which puts the state machine back and allows rdma_resolve_route() to be called again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/cma: Reparar pérdida de memoria rdma_resolve_route(). Repara... • https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47343 – dm btree remove: assign new_root only when removal succeeds
https://notcve.org/view.php?id=CVE-2021-47343
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shadow_spine::root is uninitialized, but the uninitialized value is still assign to new_root in the end of dm_btree_remove(). For dm-thin, the value of pmd->details_root or pmd->root will become an uninitialized value, so if trying to read... • https://git.kernel.org/stable/c/4c84b3e0728ffe10d89c633694c35a02b5c477dc •