CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47518 – nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
https://notcve.org/view.php?id=CVE-2021-47518
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: corrige la posible deref del puntero NULL en nfc_genl_dump_ses_done La devolución de llamada de netlink done() nfc_genl_dump_ses_done(... • https://git.kernel.org/stable/c/ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47511 – ALSA: pcm: oss: Fix negative period/buffer sizes
https://notcve.org/view.php?id=CVE-2021-47511
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers. This patch changes the code to handle with ssize_t and adds the proper error checks appropriately. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: A... • https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47509 – ALSA: pcm: oss: Limit the period size to 16MB
https://notcve.org/view.php?id=CVE-2021-47509
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Limit the period size to 16MB Set the practical limit to the period size (the fragment shift in OSS) instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of the period size, too. As of this patch, we set to 16MB limit, which should cover all use cases. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: oss: Limitar el tamaño del período a 1... • https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47508 – btrfs: free exchange changeset on failures
https://notcve.org/view.php?id=CVE-2021-47508
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64): comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s) hex dump (first 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................ 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ backtrace: [<00000000ac0176d2>] ulist_add_merge+0x60/0x150... • https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47506 – nfsd: fix use-after-free due to delegation race
https://notcve.org/view.php?id=CVE-2021-47506
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix use-after-free due to delegation race A delegation break could arrive as soon as we've called vfs_setlease. A delegation break runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the delegation to del_recall_lru. If we then exit nfs4_set_delegation without hashing the delegation, it will be freed as soon as the callback is done with it, without ever being removed from del_recall_lru. Symptoms show up later as use-a... • https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47504 – io_uring: ensure task_work gets run as part of cancelations
https://notcve.org/view.php?id=CVE-2021-47504
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to be processed through task_work, then we can be sleeping uninterruptibly in io_uring_cancel_generic() and never process it. Hence we don't make forward progress and we end up with an uninterruptible sleep warning. While in there, correct a comment that should be IFF, not IIF. En el kernel de Linux, se ha resuelto la s... • https://git.kernel.org/stable/c/8e12976c0c19ebc14b60046b1348c516a74c25a2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47501 – i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
https://notcve.org/view.php?id=CVE-2021-47501
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptors using debugfs there was a crash due to NULL pointer dereference in i40e_dbg_dump_desc. Added a check to i40e_dbg_dump_desc that checks if VSI type is correct for dumping RX/TX descriptors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i40e: Se corrigió la desreferencia del puntero NULL en i40e_dbg_dump_desc Al intentar vo... • https://git.kernel.org/stable/c/02e9c290814cc143ceccecb14eac3e7a05da745e • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47500 – iio: mma8452: Fix trigger reference couting
https://notcve.org/view.php?id=CVE-2021-47500
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before as... • https://git.kernel.org/stable/c/ae6d9ce05691bf79694074db7c7da980080548af •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47499 – iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
https://notcve.org/view.php?id=CVE-2021-47499
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the memory allocated by iio_triggered_buffer_setup() will not be freed, and cause memory leak as follows: unreferenced object 0xffff888009551400 (size 512): comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s) hex dump (first 32 bytes): 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ......... • https://git.kernel.org/stable/c/a25691c1f9674090fb66586cf4c5d60d3efdf339 •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36013 – Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
https://notcve.org/view.php?id=CVE-2024-36013
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack sum... • https://git.kernel.org/stable/c/73ffa904b78287f6acf8797e040150aa26a4af4a • CWE-416: Use After Free •