CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47547 – net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
https://notcve.org/view.php?id=CVE-2021-47547
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be out of bound. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tulip: de4x5: soluciona el problema de que la matriz 'lp->phy[8]' puede estar fuera de límites En la línea 5001, si todos los ID de la matriz 'lp ->phy[8]' no es 0, cuando termina 'for', 'k' es 8. En este momento, la matriz 'lp->phy[8]' puede estar fuera de límite. • https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98 https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8 https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58 https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049 https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237 https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47522 – HID: bigbenff: prevent null pointer dereference
https://notcve.org/view.php?id=CVE-2021-47522
In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: bigbenff: evita la desreferencia del puntero nulo Al emular el dispositivo a través de uhid, existe la posibilidad de que no tengamos informes de salida y, por lo tanto, report_field sea nulo. • https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd https://git.kernel.org/stable/c/6272b17001e6fdcf7b4a16206287010a1523fa6e https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7 https://git.kernel.org/stable/c/918aa1ef104d286d16b9e7ef139a463ac7a296f0 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47511 – ALSA: pcm: oss: Fix negative period/buffer sizes
https://notcve.org/view.php?id=CVE-2021-47511
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers. This patch changes the code to handle with ssize_t and adds the proper error checks appropriately. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: oss: corrige tamaños de período/búfer negativos El cálculo del tamaño del período en la capa OSS puede recibir un valor negativo como error, pero el código allí asume solo los valores positivos y manejarlos con size_t. Debido a esto, es posible que se pase un valor demasiado grande a las capas inferiores. Este parche cambia el código para manejar con ssize_t y agrega las comprobaciones de errores adecuadas. • https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2 https://git.kernel.org/stable/c/502e1146873d870f87da3b8f93d6bf2de5f38d0c https://git.kernel.org/stable/c/8af815ab052eaf74addbbfb556d63ce2137c0e1b https://git.kernel.org/stable/c/f96c0959c1ee92adc911c10d6ec209af50105049 https://git.kernel.org/stable/c/f12c8a7515f641885677960af450082569a87243 https://git.kernel.org/stable/c/02b2b691b77cd7b951fa7b6c9d44d4e472cdc823 https://git.kernel.org/stable/c/00a860678098fcd9fa8db2b5fb9d2ddf4776d4cc https://git.kernel.org/stable/c/9d2479c960875ca1239bcb899f386970c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47509 – ALSA: pcm: oss: Limit the period size to 16MB
https://notcve.org/view.php?id=CVE-2021-47509
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size (the fragment shift in OSS) instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of the period size, too. As of this patch, we set to 16MB limit, which should cover all use cases. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: oss: Limitar el tamaño del período a 16 MB Establezca el límite práctico para el tamaño del período (el desplazamiento de fragmentos en OSS) en lugar de 31 bits completos; un valor demasiado grande podría provocar el agotamiento de la memoria, ya que también asignamos búferes temporales del tamaño del período. A partir de este parche, establecimos un límite de 16 MB, que debería cubrir todos los casos de uso. • https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc https://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257 https://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb https://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a https://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3 https://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c https://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2 https://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47508 – btrfs: free exchange changeset on failures
https://notcve.org/view.php?id=CVE-2021-47508
In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64): comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s) hex dump (first 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................ 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ backtrace: [<00000000ac0176d2>] ulist_add_merge+0x60/0x150 [btrfs] [<0000000076e9f312>] set_state_bits+0x86/0xc0 [btrfs] [<0000000014fe73d6>] set_extent_bit+0x270/0x690 [btrfs] [<000000004f675208>] set_record_extent_bits+0x19/0x20 [btrfs] [<00000000b96137b1>] qgroup_reserve_data+0x274/0x310 [btrfs] [<0000000057e9dcbb>] btrfs_check_data_free_space+0x5c/0xa0 [btrfs] [<0000000019c4511d>] btrfs_delalloc_reserve_space+0x1b/0xa0 [btrfs] [<000000006d37e007>] btrfs_dio_iomap_begin+0x415/0x970 [btrfs] [<00000000fb8a74b8>] iomap_iter+0x161/0x1e0 [<0000000071dff6ff>] __iomap_dio_rw+0x1df/0x700 [<000000002567ba53>] iomap_dio_rw+0x5/0x20 [<0000000072e555f8>] btrfs_file_write_iter+0x290/0x530 [btrfs] [<000000005eb3d845>] new_sync_write+0x106/0x180 [<000000003fb505bf>] vfs_write+0x24d/0x2f0 [<000000009bb57d37>] __x64_sys_pwrite64+0x69/0xa0 [<000000003eba3fdf>] do_syscall_64+0x43/0x90 In case brtfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata() fail the allocated extent_changeset will not be freed. So in btrfs_check_data_free_space() and btrfs_delalloc_reserve_space() free the allocated extent_changeset to get rid of the allocated memory. The issue currently only happens in the direct IO write path, but only after 65b3c08606e5 ("btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range"), and also at defrag_one_locked_target(). Every other place is always calling extent_changeset_free() even if its call to btrfs_delalloc_reserve_space() or btrfs_check_data_free_space() has failed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: btrfs: conjunto de cambios de intercambio gratuito en caso de fallas. Las ejecuciones de Fstests en mis VM han mostrado varios informes de kmemleak como el siguiente. objeto sin referencia 0xffff88811ae59080 (tamaño 64): comm "xfs_io", pid 12124, jiffies 4294987392 (edad 6,368 s) volcado hexadecimal (primeros 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00... ............. 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ retroceso: [<00000000ac0176d2 >] ulist_add_merge+0x60/0x150 [btrfs] [<0000000076e9f312>] set_state_bits+0x86/0xc0 [btrfs] [<0000000014fe73d6>] set_extent_bit+0x270/0x690 [btrfs] [<000000004f 675208>] set_record_extent_bits+0x19/0x20 [btrfs] [ <00000000b96137b1>] qgroup_reserve_data+0x274/0x310 [btrfs] [<0000000057e9dcbb>] btrfs_check_data_free_space+0x5c/0xa0 [btrfs] [<0000000019c4511d>] +0x1b/0xa0 [btrfs] [<000000006d37e007>] btrfs_dio_iomap_begin+0x415/0x970 [btrfs ] [<00000000fb8a74b8>] iomap_iter+0x161/0x1e0 [<0000000071dff6ff>] __iomap_dio_rw+0x1df/0x700 [<000000002567ba53>] iomap_dio_rw+0x5/0x20 [<000000 0072e555f8>] btrfs_file_write_iter+0x290/0x530 [btrfs] [<000000005eb3d845>] new_sync_write +0x106/0x180 [<000000003fb505bf>] vfs_write+0x24d/0x2f0 [<000000009bb57d37>] __x64_sys_pwrite64+0x69/0xa0 [<000000003eba3fdf>] 3/0x90 En caso de que brtfs_qgroup_reserve_data() o btrfs_delalloc_reserve_metadata() fallen, el conjunto de cambios asignado no será liberado. Entonces, en btrfs_check_data_free_space() y btrfs_delalloc_reserve_space() libera el extend_changeset asignado para deshacerte de la memoria asignada. • https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519 https://git.kernel.org/stable/c/da5e817d9d75422eaaa05490d0b9a5e328fc1a51 •