CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47479 – staging: rtl8712: fix use-after-free in rtl8712_dl_fw
https://notcve.org/view.php?id=CVE-2021-47479
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was in race condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see from crash log, that driver accesses released firmware in ->ndo_open() callback. It may happen, since driver was releasing firmware _before_ unregistering netdev. Fix it by moving unregister_netdev() before cleaning up resources. • https://git.kernel.org/stable/c/8c213fa59199f9673d66970d6940fa093186642f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47478 – isofs: Fix out of bound access for corrupted isofs image
https://notcve.org/view.php?id=CVE-2021-47478
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: isofs: corrige el acceso fuera de los límites para una imagen isofs corrupta. Cuando la imagen isofs está adecuadamente dañada, isofs_read_inode() puede leer datos m... • https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47477 – comedi: dt9812: fix DMA buffers on stack
https://notcve.org/view.php?id=CVE-2021-47477
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers and return an error on short transfers instead of acting on random stack data. Note that this also fixes a stack info leak on systems where DMA is not used as 32 bytes are always sent to the device regardless of how short the ... • https://git.kernel.org/stable/c/63274cd7d38a3322d90b66a5bc976de1fb899051 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47475 – comedi: vmk80xx: fix transfer-buffer overflows
https://notcve.org/view.php?id=CVE-2021-47475
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSize of usb endpoints found") inadvertently fixed NULL-pointer dereferences when accessing the transfer buffers in case a malicious device has a zero wMaxPacketSize. Make sure to allocate buffers large enough to handle al... • https://git.kernel.org/stable/c/985cafccbf9b7f862aa1c5ee566801e18b5161fb •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47474 – comedi: vmk80xx: fix bulk-buffer overflow
https://notcve.org/view.php?id=CVE-2021-47474
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffers are of equal size or a malicious device could overflow the slab-allocated receive buffer when doing bulk transfers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: comedi: vmk80xx: corrige el desbordamiento masivo del búfer El controlador utiliza búferes del tamaño de un endpoint, pero no debe a... • https://git.kernel.org/stable/c/985cafccbf9b7f862aa1c5ee566801e18b5161fb •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47469 – spi: Fix deadlock when adding SPI controllers on SPI buses
https://notcve.org/view.php?id=CVE-2021-47469
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix deadlock when adding SPI controllers on SPI buses Currently we have a global spi_add_lock which we take when adding new devices so that we can check that we're not trying to reuse a chip select that's already controlled. This means that if the SPI device is itself a SPI controller and triggers the instantiation of further SPI devices we trigger a deadlock as we try to register and instantiate those devices while in the process of d... • https://git.kernel.org/stable/c/aa3f3d7bef59583f2d3234173105a27ff61ef8fe •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47468 – isdn: mISDN: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2021-47468
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The following log reveals it: [ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018 [ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe [ 44.169574 ] INFO: lockdep is turn... • https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47467 – kunit: fix reference count leak in kfree_at_end
https://notcve.org/view.php?id=CVE-2021-47467
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the returned resource object, whose refcount increased inside, causing a refcount leak. Fix this issue by calling kunit_alloc_resource() instead of kunit_alloc_and_get_resource(). Fixed the following when applying: Shuah Khan
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47458 – ocfs2: mount fails with buffer overflow in strlen
https://notcve.org/view.php?id=CVE-2021-47458
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that strings for cluster stack and cluster name are not guaranteed to be null terminated in the disk representation, while strlcpy assumes that the source string is always null terminated. This causes a read outside of t... • https://git.kernel.org/stable/c/ac011cb3ff7a76b3e0e6e77158ee4ba2f929e1fb •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47456 – can: peak_pci: peak_pci_remove(): fix UAF
https://notcve.org/view.php?id=CVE-2021-47456
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ 35.961814 ] BUG: KASAN: use-after-free in peak_pci_remove+0x16f/0x270 [peak_pci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dump_stack_lvl+0xa8/0xd1 [ 35.966028 ] pri... • https://git.kernel.org/stable/c/e6d9c80b7ca1504411ad6d7acdb8683e4ae1c9cd • CWE-416: Use After Free CWE-467: Use of sizeof() on a Pointer Type •