CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47329 – scsi: megaraid_sas: Fix resource leak in case of probe failure
https://notcve.org/view.php?id=CVE-2021-47329
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device probe. Clean up all those resources. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: megaraid_sas: corrige la fuga de recursos en caso de fallo de la sonda El controlador no limpia todos los recursos asignados correctamente cuando la función scsi_add_host(), megasas_start_aen() falla durante el dispositivo PCI Investigacion. Limpia todos esos recursos. • https://git.kernel.org/stable/c/0c6226601c3e191a44a57d8f9f814b7e5c308959 https://git.kernel.org/stable/c/0680db6f41920b2c91c7df3cc9cd5968701a6f74 https://git.kernel.org/stable/c/04b6b9ea80906e3b41ff120b45db31768947cf72 https://git.kernel.org/stable/c/e623f79691c5104317669ab36ec316a90c05062f https://git.kernel.org/stable/c/b5438f48fdd8e1c3f130d32637511efd32038152 • CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47328 – scsi: iscsi: Fix conn use after free during resets
https://notcve.org/view.php?id=CVE-2021-47328
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still accessing the conn ehwait. We can only do one TMF per session so this just moves the TMF fields from the conn to the session. We can then rely on the iscsi_session_teardown->iscsi_remove_session->__iscsi_unbind_session call to remove the target and it's devices, and know after that point there is no device or scsi-ml callout trying to access the session. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: iscsi: corrige el uso de la conexión después de liberarla durante los reinicios. Si no hemos realizado una llamada de destino de desvinculación, podemos correr donde iscsi_conn_teardown activa el subproceso EH y luego libera la conexión mientras esos Los hilos todavía están accediendo a la conexión ehwait. Solo podemos hacer un TMF por sesión, por lo que esto simplemente mueve los campos TMF de la conexión a la sesión. • https://git.kernel.org/stable/c/bf20d85a88384574fabb3d53ad62a8af57e7ab11 https://git.kernel.org/stable/c/d04958a348e560938410e04a12fb99da9c7e6a00 https://git.kernel.org/stable/c/89812e7957ab0746eab66ed6fc49d52bb4dca250 https://git.kernel.org/stable/c/f0a031f7c55ffd944fead1ddaf2aa94df9a158c1 https://git.kernel.org/stable/c/fa9542b35ceb4202e8f8d65f440529a63524dca9 https://git.kernel.org/stable/c/ec29d0ac29be366450a7faffbcf8cba3a6a3b506 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47327 – iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails
https://notcve.org/view.php?id=CVE-2021-47327
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the refcount of the "smmu" even though the return value is less than 0. The reference counting issue happens in some error handling paths of arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get() fails, the caller functions forget to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by calling pm_runtime_resume_and_get() instead of pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount balanced in case of failure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de refcount de arm_smmu_device cuando falla arm_smmu_rpm_get arm_smmu_rpm_get() invoca pm_runtime_get_sync(), lo que aumenta el refcount de "smmu" aunque el valor de retorno sea menor que 0. El problema del conteo de referencias ocurre en algunas rutas de manejo de errores de arm_smmu_rpm_get() en sus funciones de llamada. Cuando arm_smmu_rpm_get() falla, las funciones de la persona que llama se olvidan de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/3761ae0d0e549f2acdaf11f49df4ed06d256b20f https://git.kernel.org/stable/c/c4007596fbdabc29f858dc2e1990858a146b60b2 https://git.kernel.org/stable/c/fbf4daa6f4105e01fbd3868006f65c163365c1e3 https://git.kernel.org/stable/c/fe92c058199067ae90cf2a901ddf3c271893557a https://git.kernel.org/stable/c/1adf30f198c26539a62d761e45af72cde570413d • CWE-911: Improper Update of Reference Count •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47325 – iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
https://notcve.org/view.php?id=CVE-2021-47325
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label when those error scenarios occur. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/arm-smmu: corrige la fuga de recuento de referencias de arm_smmu_device en la traducción de direcciones. El problema de recuento de referencias ocurre en varias rutas de manejo de excepciones de arm_smmu_iova_to_phys_hard(). Cuando ocurren esos escenarios de error, la función se olvida de disminuir el recuento de "smmu" aumentado en arm_smmu_rpm_get(), lo que provoca una fuga de recuento. • https://git.kernel.org/stable/c/b11220803ad14a2a880cc06d8e01fe2548cc85b0 https://git.kernel.org/stable/c/43d1aaa1965f9b58035196dac49b1e1e6c9c25eb https://git.kernel.org/stable/c/0f0c5ea09139777d90729d408b807021f2ea6492 https://git.kernel.org/stable/c/5f9741a9a91f25c89e04b408cd61e3ab050ce24b https://git.kernel.org/stable/c/7c8f176d6a3fa18aa0f8875da6f7c672ed2a8554 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47324 – watchdog: Fix possible use-after-free in wdt_startup()
https://notcve.org/view.php?id=CVE-2021-47324
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling del_timer_sync(), which makes sure the timer handler has finished, and unable to re-schedule itself. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perro guardián: soluciona el posible use after free en wdt_startup(). La ruta de eliminación de este módulo llama a del_timer(). • https://git.kernel.org/stable/c/63a3dc24bd053792f84cb4eef0168b1266202a02 https://git.kernel.org/stable/c/862f2b5a7c38762ac9e369daefbf361a91aca685 https://git.kernel.org/stable/c/0ac50a76cf3cd63db000648b3b19f3f98b8aaa76 https://git.kernel.org/stable/c/dc9403097be52d57a5c9c35efa9be79d166a78af https://git.kernel.org/stable/c/146cc288fb80c662c9c35e7bc58325d1ac0a7875 https://git.kernel.org/stable/c/a397cb4576fc2fc802562418b3a50b8f67d60d31 https://git.kernel.org/stable/c/b4ebf4a4692e84163a69444c70ad515de06e2259 https://git.kernel.org/stable/c/8adbbe6c86bb13e14f8a19e036ae5f4f5 • CWE-416: Use After Free •