CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47566 – proc/vmcore: fix clearing user buffer by properly using clear_user()
https://notcve.org/view.php?id=CVE-2021-47566
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has some logically unplugged memory inside an added Linux memory block, I can easily trigger a BUG by copying the vmcore via "cp": systemd[1]: Starting Kdump Vmcore Save Service... kdump[420]: Kdump is using the default log level(3). kdum... • https://git.kernel.org/stable/c/997c136f518c5debd63847e78e2a8694f56dcf90 • CWE-501: Trust Boundary Violation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47552 – blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
https://notcve.org/view.php?id=CVE-2021-47552
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in blk_release_queue(). However, this way has caused kernel oops[1], reported by Changhui. The log shows that scsi_device can be freed before running blk_release_queue(), which is expected too since scsi_device is rel... • https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47551 – drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
https://notcve.org/view.php?id=CVE-2021-47551
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since there is no resume in this case. When reset been triggered again, driver should avoid to do uninitialization again. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/amdkfd: corrige el pánico del... • https://git.kernel.org/stable/c/74aafe99efb68f15e50be9f7032c2168512f98a8 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47550 – drm/amd/amdgpu: fix potential memleak
https://notcve.org/view.php?id=CVE-2021-47550
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call kobject_put. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/amdgpu: corrige una posible fuga de mem en la función amdgpu_get_xgmi_hive, cuando falla kobject_init_and_add Hay una posible fuga de mem si no se llama a kobject_put. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/c746945fb6bcbe3863c9ea6369c7ef376e38e5eb • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47549 – sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
https://notcve.org/view.php?id=CVE-2021-47549
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl] Cal... • https://git.kernel.org/stable/c/faf0b2e5afe7dae072d2715763c7f992b612b628 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47548 – ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
https://notcve.org/view.php?id=CVE-2021-47548
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, w... • https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b • CWE-129: Improper Validation of Array Index •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47547 – net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
https://notcve.org/view.php?id=CVE-2021-47547
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be out of bound. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tulip: de4x5: soluciona el problema de que la matriz 'lp->phy[8]' puede estar fuera de límites En la línea 5001, si todos los ID de la... • https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47544 – tcp: fix page frag corruption on page fault
https://notcve.org/view.php?id=CVE-2021-47544
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar to the one addressed by commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from memory reclaim"). Here the nested access to the task page frag is caused by a page fault on the (mmapped) user-space memory buffe... • https://git.kernel.org/stable/c/5640f7685831e088fe6c2e1f863a6805962f8e81 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47522 – HID: bigbenff: prevent null pointer dereference
https://notcve.org/view.php?id=CVE-2021-47522
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: bigbenff: evita la desreferencia del puntero nulo Al emular el dispositivo a través de uhid, existe la posibilidad de que no tengamos informes de salida y, por lo tanto, report_field sea nulo. In the Linux ke... • https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47521 – can: sja1000: fix use after free in ems_pcmcia_add_card()
https://notcve.org/view.php?id=CVE-2021-47521
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set up. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: sja1000: arreglar el use after free en ems_pcmcia_add_card() Si el último canal no está disponible entonces se libera "dev". Afortunadamente, podemos... • https://git.kernel.org/stable/c/fd734c6f25aea4b2b44b045e489aec67b388577e • CWE-416: Use After Free •