CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47310 – net: ti: fix UAF in tlan_remove_one
https://notcve.org/view.php?id=CVE-2021-47310
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ti: corrige UAF en tlan_remove_one priv son datos privados de netdev y no se pueden usar después de la llamada free_netdev(). Usar priv después de free_... • https://git.kernel.org/stable/c/1e0a8b13d35510e711fdf72e9a3e30bcb2bd49fa • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47308 – scsi: libfc: Fix array index out of bound exception
https://notcve.org/view.php?id=CVE-2021-47308
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: libfc: Corregir excepción de índice de matriz fuera de los límites. Corregir excepción de índice de matriz fuera de los límites en fc_rport_prli_resp(). • https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47307 – cifs: prevent NULL deref in cifs_compose_mount_options()
https://notcve.org/view.php?id=CVE-2021-47307
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: evita la eliminación de desreferencias NULL en cifs_compose_mount_options() El parámetro @ref opcional puede contener un nombre de... • https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47297 – net: fix uninit-value in caif_seqpkt_sendmsg
https://notcve.org/view.php?id=CVE-2021-47297
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we cann't just judge msg->msg_iter.iov->base directlly. We can use nr_segs to judge msg in caif_seqpkt_sendmsg whether has data buffers. ===================================================== BUG: KMSAN: uninit-value in caif_seqpkt_send... • https://git.kernel.org/stable/c/bece7b2398d073d11b2e352405a3ecd3a1e39c60 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47289 – ACPI: fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-47289
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails miserably, because that helper inline function is not set up to handle that case. Just make acpi_dev_put() silently accept a NULL pointer, rather than calling down to put_device() with an invalid offset off that NULL pointer. En el kerne... • https://git.kernel.org/stable/c/38f54217b423c0101d03a00feec6fb8ec608b12e • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47288 – media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
https://notcve.org/view.php?id=CVE-2021-47288
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] arch/x86/include/asm/strin... • https://git.kernel.org/stable/c/dae52d009fc950b5c209260d50fcc000f5becd3c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47284 – isdn: mISDN: netjet: Fix crash in nj_probe:
https://notcve.org/view.php?id=CVE-2021-47284
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'nj_release' will free the irq that has not been requested. Fix this bug by deleting the previous assignment to 'card->irq' and just keep the assignment before 'request_irq'. The KASAN's log reveals it: [ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manag... • https://git.kernel.org/stable/c/958cb1078ca60d214826fd90a0961a447fade59a • CWE-400: Uncontrolled Resource Consumption CWE-590: Free of Memory not on the Heap •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47283 – net:sfc: fix non-freed irq in legacy irq mode
https://notcve.org/view.php?id=CVE-2021-47283
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI or legacy IRQ interrupts. In the last one, the interrupt was not properly released on module remove. It was not freed because the flag irqs_hooked was not set during initialization in the case of using legacy IRQ. Example of (trimmed) trace during module remove without this fix: remove_proc_entry: removing non-empty director... • https://git.kernel.org/stable/c/8d717c9135a3340ae62d1699484850bfb4112b0c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47281 – ALSA: seq: Fix race of snd_seq_timer_open()
https://notcve.org/view.php?id=CVE-2021-47281
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open() should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning, but it's not right, because there is no protection, hence any later concurrent call of snd_seq_timer_open() may override the timer instance easily. This may result in UAF, as the leftover timer instan... • https://git.kernel.org/stable/c/bd7d88b0874f82f7b29d1a53e574cedaf23166ba •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47280 – drm: Fix use-after-free read in drm_getunique()
https://notcve.org/view.php?id=CVE-2021-47280
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can be seen in the crash report of the use-after-free error found by Syzbot: https://syzkaller.appspot.com/bug?id=148d2f1dfac64af52ffd27b661981a540724f803 In the report, the master pointer was used after being freed. This is because ano... • https://git.kernel.org/stable/c/17dab9326ff263c62dab1dbac4492e2938a049e4 •