CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47542 – net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
https://notcve.org/view.php?id=CVE-2021-47542
In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg, and there is a dereference of it in qlcnic_83xx_add_rings(), which could lead to a NULL pointer dereference on failure of the indirect function like qlcnic_83xx_alloc_mbx_args(). Fix this bug by adding a check of alloc_mbx_args(), this patch imitates the logic of mbx_cmd()'s failure handling. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_QLCNIC=m show no new warnings, and our static analyzer no longer warns about this code. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qlogic: qlcnic: corrigió una desreferencia de puntero NULL en qlcnic_83xx_add_rings() En qlcnic_83xx_add_rings(), se llamará a la función indirecta de ahw->hw_ops->alloc_mbx_args para asignar memoria para cmd.req.arg, y hay una desreferencia del mismo en qlcnic_83xx_add_rings(), lo que podría llevar a una desreferencia del puntero NULL en caso de falla de la función indirecta como qlcnic_83xx_alloc_mbx_args(). Corrija este error agregando una verificación de alloc_mbx_args(); este parche imita la lógica del manejo de fallas de mbx_cmd(). • https://git.kernel.org/stable/c/7f9664525f9cb507de9198a395a111371413f230 https://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03 https://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073 https://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45 https://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf https://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f https://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105 https://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d218 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47522 – HID: bigbenff: prevent null pointer dereference
https://notcve.org/view.php?id=CVE-2021-47522
In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: bigbenff: evita la desreferencia del puntero nulo Al emular el dispositivo a través de uhid, existe la posibilidad de que no tengamos informes de salida y, por lo tanto, report_field sea nulo. • https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd https://git.kernel.org/stable/c/6272b17001e6fdcf7b4a16206287010a1523fa6e https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7 https://git.kernel.org/stable/c/918aa1ef104d286d16b9e7ef139a463ac7a296f0 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47521 – can: sja1000: fix use after free in ems_pcmcia_add_card()
https://notcve.org/view.php?id=CVE-2021-47521
In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set up. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: sja1000: arreglar el use after free en ems_pcmcia_add_card() Si el último canal no está disponible entonces se libera "dev". Afortunadamente, podemos usar "pdev->irq" en su lugar. También debemos comprobar si se configuró al menos un canal. • https://git.kernel.org/stable/c/fd734c6f25aea4b2b44b045e489aec67b388577e https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4 https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36 https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288 https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47520 – can: pch_can: pch_can_rx_normal: fix use after free
https://notcve.org/view.php?id=CVE-2021-47520
In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is dereferenced just after the call netif_receive_skb(skb). Reordering the lines solves the issue. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: pch_can: pch_can_rx_normal: corregir el use after free después de llamar a netif_receive_skb(skb), desreferenciar skb no es seguro. Especialmente, el can_frame cf que alias la memoria skb se desreferencia justo después de la llamada netif_receive_skb(skb). Reordenar las líneas resuelve el problema. • https://git.kernel.org/stable/c/b21d18b51b31a24d17f883b678432fbdee3d5675 https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76 https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3 https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4 https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47518 – nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
https://notcve.org/view.php?id=CVE-2021-47518
In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: corrige la posible deref del puntero NULL en nfc_genl_dump_ses_done La devolución de llamada de netlink done() nfc_genl_dump_ses_done() debe verificar si el argumento recibido no es NULL, porque su asignación podría fallar antes en dumpit() (nfc_genl_dump_ses()). • https://git.kernel.org/stable/c/ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18 https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d2234 • CWE-476: NULL Pointer Dereference •