CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47405 – HID: usbhid: free raw_report buffers in usbhid_stop
https://notcve.org/view.php?id=CVE-2021-47405
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: buffers raw_report libres en usbhid_stop. Libera los buffers raw_report no enviados cuando se elimina el dispositivo. Corrige un... • https://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030 •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47404 – HID: betop: fix slab-out-of-bounds Write in betop_probe
https://notcve.org/view.php?id=CVE-2021-47404
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate this assumption. So this patch checks hid_device's input is non empty before it's been used. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: betop: corrige escritura slab-out-of-bounds en betop... • https://git.kernel.org/stable/c/a4faa7153b87fbcfe4be15f4278676f79ca6e019 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47391 – RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
https://notcve.org/view.php?id=CVE-2021-47391
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests The FSM can run in a circle allowing rdma_resolve_ip() to be called twice on the same id_priv. While this cannot happen without going through the work, it violates the invariant that the same address resolution background request cannot be active twice. CPU 1 CPU 2 rdma_resolve_addr(): RDMA_CM_IDLE -> RDMA_CM_ADDR_QUERY rdma_resolve_ip(addr_handler) #1 process_one_req(... • https://git.kernel.org/stable/c/e51060f08a61965c4dd91516d82fe90617152590 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47386 – hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
https://notcve.org/view.php?id=CVE-2021-47386
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(... • https://git.kernel.org/stable/c/44d3c480e4e2a75bf6296a18b4356157991ccd80 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47385 – hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
https://notcve.org/view.php?id=CVE-2021-47385
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(... • https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47384 – hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
https://notcve.org/view.php?id=CVE-2021-47384
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients()... • https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623 •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47383 – tty: Fix out-of-bound vmalloc access in imageblit
https://notcve.org/view.php?id=CVE-2021-47383
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bits_per_pixel with values. If this struct is the same as the previous ioctl, the vc_resize() detects it and doesn't call the resize_screen(), leaving the fb_var_screeninfo incomplete. And this leads to the updatescrollmode() calculates... • https://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47380 – HID: amd_sfh: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47380
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@suse.cz: rebase] En el kernel de Linux, se resolvió la siguiente vulner... • https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47379 – blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
https://notcve.org/view.php?id=CVE-2021-47379
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094] BUG: KASAN: use-after-free in bfq_io_set_weight_legacy+0xd3/0x160 [693354.105336] Read of size 4 at addr ffff888be0a35664 by task sh/1453338 [693354.105607] CPU: 41 PID: 1453338 Comm: sh Kdump: loaded Not tainted 4.1... • https://git.kernel.org/stable/c/d12ddd843f1877de1f7dd2aeea4907cf9ff3ac08 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47378 – nvme-rdma: destroy cm id before destroy qp to avoid use after free
https://notcve.org/view.php?id=CVE-2021-47378
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishment error flow, don't destroy qp in cm event handler.Just report cm_error to upper level, qp will be destroy in nvme_rdma_alloc_queue() after destroy cm id. En el kernel de Linux, se ha resuelto la siguiente vulnera... • https://git.kernel.org/stable/c/ecf0dc5a904830c926a64feffd8e01141f89822f • CWE-416: Use After Free •