Vulnerability-Lookup

CERTFR-2025-AVI-0252

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	N/A	SUSE Linux Enterprise Micro 5.3
SUSE	N/A	SUSE Manager Proxy 4.3
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP4
SUSE	N/A	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	N/A	SUSE Linux Enterprise Live Patching 15-SP4
SUSE	N/A	SUSE Manager Retail Branch Server 4.3
SUSE	N/A	openSUSE Leap 15.4
SUSE	N/A	SUSE Linux Enterprise Server 11 SP4
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE	N/A	SUSE Manager Server 4.3
SUSE	N/A	SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE	N/A	SUSE Linux Enterprise Server 15 SP4 LTSS
SUSE	N/A	SUSE Linux Enterprise Server 15 SP4
SUSE	N/A	SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
SUSE	N/A	SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
SUSE	N/A	SUSE Linux Enterprise Real Time 15 SP4
SUSE	N/A	SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
SUSE	N/A	SUSE Linux Enterprise Micro 5.4

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2025:1027-1	2025-03-26	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2025:0983-1	2025-03-21	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Micro for Rancher 5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Proxy 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro for Rancher 5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Retail Branch Server 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 11 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Server 4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
    },
    {
      "name": "CVE-2022-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
    },
    {
      "name": "CVE-2022-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2022-29901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
    },
    {
      "name": "CVE-2022-29900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
    },
    {
      "name": "CVE-2022-2977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2977"
    },
    {
      "name": "CVE-2022-3303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
    },
    {
      "name": "CVE-2023-28410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28410"
    },
    {
      "name": "CVE-2024-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
    },
    {
      "name": "CVE-2024-42229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
    },
    {
      "name": "CVE-2024-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
    },
    {
      "name": "CVE-2024-42098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-56658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
    },
    {
      "name": "CVE-2021-47633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47633"
    },
    {
      "name": "CVE-2021-47644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47644"
    },
    {
      "name": "CVE-2022-49076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49076"
    },
    {
      "name": "CVE-2022-49089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49089"
    },
    {
      "name": "CVE-2022-49135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49135"
    },
    {
      "name": "CVE-2022-49151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49151"
    },
    {
      "name": "CVE-2022-49182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49182"
    },
    {
      "name": "CVE-2022-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49201"
    },
    {
      "name": "CVE-2022-49247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49247"
    },
    {
      "name": "CVE-2022-49490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49490"
    },
    {
      "name": "CVE-2022-49626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49626"
    },
    {
      "name": "CVE-2022-49661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49661"
    },
    {
      "name": "CVE-2021-4453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4453"
    },
    {
      "name": "CVE-2021-47631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47631"
    },
    {
      "name": "CVE-2021-47632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47632"
    },
    {
      "name": "CVE-2021-47635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47635"
    },
    {
      "name": "CVE-2021-47636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47636"
    },
    {
      "name": "CVE-2021-47637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47637"
    },
    {
      "name": "CVE-2021-47638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47638"
    },
    {
      "name": "CVE-2021-47639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47639"
    },
    {
      "name": "CVE-2021-47641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47641"
    },
    {
      "name": "CVE-2021-47642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47642"
    },
    {
      "name": "CVE-2021-47643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47643"
    },
    {
      "name": "CVE-2021-47645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47645"
    },
    {
      "name": "CVE-2021-47646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47646"
    },
    {
      "name": "CVE-2021-47647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47647"
    },
    {
      "name": "CVE-2021-47648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47648"
    },
    {
      "name": "CVE-2021-47649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47649"
    },
    {
      "name": "CVE-2021-47650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47650"
    },
    {
      "name": "CVE-2021-47651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47651"
    },
    {
      "name": "CVE-2021-47652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47652"
    },
    {
      "name": "CVE-2021-47653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47653"
    },
    {
      "name": "CVE-2021-47654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47654"
    },
    {
      "name": "CVE-2021-47656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47656"
    },
    {
      "name": "CVE-2021-47657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47657"
    },
    {
      "name": "CVE-2021-47659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47659"
    },
    {
      "name": "CVE-2022-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
    },
    {
      "name": "CVE-2022-49044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49044"
    },
    {
      "name": "CVE-2022-49050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49050"
    },
    {
      "name": "CVE-2022-49051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49051"
    },
    {
      "name": "CVE-2022-49054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49054"
    },
    {
      "name": "CVE-2022-49055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49055"
    },
    {
      "name": "CVE-2022-49058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
    },
    {
      "name": "CVE-2022-49059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49059"
    },
    {
      "name": "CVE-2022-49060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49060"
    },
    {
      "name": "CVE-2022-49061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49061"
    },
    {
      "name": "CVE-2022-49063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
    },
    {
      "name": "CVE-2022-49065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49065"
    },
    {
      "name": "CVE-2022-49066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49066"
    },
    {
      "name": "CVE-2022-49073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49073"
    },
    {
      "name": "CVE-2022-49074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49074"
    },
    {
      "name": "CVE-2022-49078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49078"
    },
    {
      "name": "CVE-2022-49082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49082"
    },
    {
      "name": "CVE-2022-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49083"
    },
    {
      "name": "CVE-2022-49084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49084"
    },
    {
      "name": "CVE-2022-49085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49085"
    },
    {
      "name": "CVE-2022-49086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49086"
    },
    {
      "name": "CVE-2022-49088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49088"
    },
    {
      "name": "CVE-2022-49090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49090"
    },
    {
      "name": "CVE-2022-49091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49091"
    },
    {
      "name": "CVE-2022-49092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49092"
    },
    {
      "name": "CVE-2022-49093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49093"
    },
    {
      "name": "CVE-2022-49095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49095"
    },
    {
      "name": "CVE-2022-49096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49096"
    },
    {
      "name": "CVE-2022-49097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49097"
    },
    {
      "name": "CVE-2022-49098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49098"
    },
    {
      "name": "CVE-2022-49099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49099"
    },
    {
      "name": "CVE-2022-49100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49100"
    },
    {
      "name": "CVE-2022-49102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49102"
    },
    {
      "name": "CVE-2022-49103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49103"
    },
    {
      "name": "CVE-2022-49104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49104"
    },
    {
      "name": "CVE-2022-49105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49105"
    },
    {
      "name": "CVE-2022-49106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49106"
    },
    {
      "name": "CVE-2022-49107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49107"
    },
    {
      "name": "CVE-2022-49109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49109"
    },
    {
      "name": "CVE-2022-49111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
    },
    {
      "name": "CVE-2022-49112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49112"
    },
    {
      "name": "CVE-2022-49113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49113"
    },
    {
      "name": "CVE-2022-49114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49114"
    },
    {
      "name": "CVE-2022-49115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49115"
    },
    {
      "name": "CVE-2022-49116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49116"
    },
    {
      "name": "CVE-2022-49118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49118"
    },
    {
      "name": "CVE-2022-49119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49119"
    },
    {
      "name": "CVE-2022-49120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49120"
    },
    {
      "name": "CVE-2022-49121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49121"
    },
    {
      "name": "CVE-2022-49122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49122"
    },
    {
      "name": "CVE-2022-49126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49126"
    },
    {
      "name": "CVE-2022-49128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49128"
    },
    {
      "name": "CVE-2022-49129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49129"
    },
    {
      "name": "CVE-2022-49130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49130"
    },
    {
      "name": "CVE-2022-49131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49131"
    },
    {
      "name": "CVE-2022-49132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49132"
    },
    {
      "name": "CVE-2022-49137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49137"
    },
    {
      "name": "CVE-2022-49145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49145"
    },
    {
      "name": "CVE-2022-49147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49147"
    },
    {
      "name": "CVE-2022-49148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49148"
    },
    {
      "name": "CVE-2022-49153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49153"
    },
    {
      "name": "CVE-2022-49154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49154"
    },
    {
      "name": "CVE-2022-49155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49155"
    },
    {
      "name": "CVE-2022-49156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49156"
    },
    {
      "name": "CVE-2022-49157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49157"
    },
    {
      "name": "CVE-2022-49158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49158"
    },
    {
      "name": "CVE-2022-49159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49159"
    },
    {
      "name": "CVE-2022-49160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49160"
    },
    {
      "name": "CVE-2022-49162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49162"
    },
    {
      "name": "CVE-2022-49163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49163"
    },
    {
      "name": "CVE-2022-49164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49164"
    },
    {
      "name": "CVE-2022-49165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49165"
    },
    {
      "name": "CVE-2022-49174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49174"
    },
    {
      "name": "CVE-2022-49175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49175"
    },
    {
      "name": "CVE-2022-49176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49176"
    },
    {
      "name": "CVE-2022-49177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49177"
    },
    {
      "name": "CVE-2022-49179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49179"
    },
    {
      "name": "CVE-2022-49180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49180"
    },
    {
      "name": "CVE-2022-49185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49185"
    },
    {
      "name": "CVE-2022-49187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49187"
    },
    {
      "name": "CVE-2022-49188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49188"
    },
    {
      "name": "CVE-2022-49189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49189"
    },
    {
      "name": "CVE-2022-49193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49193"
    },
    {
      "name": "CVE-2022-49194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49194"
    },
    {
      "name": "CVE-2022-49196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49196"
    },
    {
      "name": "CVE-2022-49199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49199"
    },
    {
      "name": "CVE-2022-49200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49200"
    },
    {
      "name": "CVE-2022-49206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49206"
    },
    {
      "name": "CVE-2022-49208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49208"
    },
    {
      "name": "CVE-2022-49212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49212"
    },
    {
      "name": "CVE-2022-49213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49213"
    },
    {
      "name": "CVE-2022-49214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49214"
    },
    {
      "name": "CVE-2022-49216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49216"
    },
    {
      "name": "CVE-2022-49217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49217"
    },
    {
      "name": "CVE-2022-49218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49218"
    },
    {
      "name": "CVE-2022-49221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49221"
    },
    {
      "name": "CVE-2022-49222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49222"
    },
    {
      "name": "CVE-2022-49224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49224"
    },
    {
      "name": "CVE-2022-49226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49226"
    },
    {
      "name": "CVE-2022-49227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49227"
    },
    {
      "name": "CVE-2022-49232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49232"
    },
    {
      "name": "CVE-2022-49235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49235"
    },
    {
      "name": "CVE-2022-49236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49236"
    },
    {
      "name": "CVE-2022-49239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49239"
    },
    {
      "name": "CVE-2022-49241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49241"
    },
    {
      "name": "CVE-2022-49242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49242"
    },
    {
      "name": "CVE-2022-49243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49243"
    },
    {
      "name": "CVE-2022-49244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49244"
    },
    {
      "name": "CVE-2022-49246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49246"
    },
    {
      "name": "CVE-2022-49248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49248"
    },
    {
      "name": "CVE-2022-49249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49249"
    },
    {
      "name": "CVE-2022-49250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49250"
    },
    {
      "name": "CVE-2022-49251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49251"
    },
    {
      "name": "CVE-2022-49252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49252"
    },
    {
      "name": "CVE-2022-49253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49253"
    },
    {
      "name": "CVE-2022-49254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49254"
    },
    {
      "name": "CVE-2022-49256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49256"
    },
    {
      "name": "CVE-2022-49257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49257"
    },
    {
      "name": "CVE-2022-49258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49258"
    },
    {
      "name": "CVE-2022-49259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49259"
    },
    {
      "name": "CVE-2022-49260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49260"
    },
    {
      "name": "CVE-2022-49261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49261"
    },
    {
      "name": "CVE-2022-49262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49262"
    },
    {
      "name": "CVE-2022-49263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49263"
    },
    {
      "name": "CVE-2022-49264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49264"
    },
    {
      "name": "CVE-2022-49265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49265"
    },
    {
      "name": "CVE-2022-49266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49266"
    },
    {
      "name": "CVE-2022-49268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49268"
    },
    {
      "name": "CVE-2022-49269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49269"
    },
    {
      "name": "CVE-2022-49270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49270"
    },
    {
      "name": "CVE-2022-49271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49271"
    },
    {
      "name": "CVE-2022-49272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49272"
    },
    {
      "name": "CVE-2022-49273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49273"
    },
    {
      "name": "CVE-2022-49274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49274"
    },
    {
      "name": "CVE-2022-49275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49275"
    },
    {
      "name": "CVE-2022-49276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49276"
    },
    {
      "name": "CVE-2022-49277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49277"
    },
    {
      "name": "CVE-2022-49278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49278"
    },
    {
      "name": "CVE-2022-49279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49279"
    },
    {
      "name": "CVE-2022-49280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49280"
    },
    {
      "name": "CVE-2022-49281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49281"
    },
    {
      "name": "CVE-2022-49283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49283"
    },
    {
      "name": "CVE-2022-49285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49285"
    },
    {
      "name": "CVE-2022-49286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49286"
    },
    {
      "name": "CVE-2022-49287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49287"
    },
    {
      "name": "CVE-2022-49288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49288"
    },
    {
      "name": "CVE-2022-49290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49290"
    },
    {
      "name": "CVE-2022-49291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49291"
    },
    {
      "name": "CVE-2022-49292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49292"
    },
    {
      "name": "CVE-2022-49294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49294"
    },
    {
      "name": "CVE-2022-49295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49295"
    },
    {
      "name": "CVE-2022-49297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49297"
    },
    {
      "name": "CVE-2022-49298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49298"
    },
    {
      "name": "CVE-2022-49299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49299"
    },
    {
      "name": "CVE-2022-49300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49300"
    },
    {
      "name": "CVE-2022-49301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49301"
    },
    {
      "name": "CVE-2022-49302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49302"
    },
    {
      "name": "CVE-2022-49304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49304"
    },
    {
      "name": "CVE-2022-49305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49305"
    },
    {
      "name": "CVE-2022-49307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49307"
    },
    {
      "name": "CVE-2022-49308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49308"
    },
    {
      "name": "CVE-2022-49309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49309"
    },
    {
      "name": "CVE-2022-49310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49310"
    },
    {
      "name": "CVE-2022-49311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49311"
    },
    {
      "name": "CVE-2022-49312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49312"
    },
    {
      "name": "CVE-2022-49313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49313"
    },
    {
      "name": "CVE-2022-49314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49314"
    },
    {
      "name": "CVE-2022-49315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49315"
    },
    {
      "name": "CVE-2022-49316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49316"
    },
    {
      "name": "CVE-2022-49319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49319"
    },
    {
      "name": "CVE-2022-49320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49320"
    },
    {
      "name": "CVE-2022-49321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49321"
    },
    {
      "name": "CVE-2022-49322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49322"
    },
    {
      "name": "CVE-2022-49323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49323"
    },
    {
      "name": "CVE-2022-49326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49326"
    },
    {
      "name": "CVE-2022-49327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49327"
    },
    {
      "name": "CVE-2022-49328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49328"
    },
    {
      "name": "CVE-2022-49331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49331"
    },
    {
      "name": "CVE-2022-49332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49332"
    },
    {
      "name": "CVE-2022-49335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49335"
    },
    {
      "name": "CVE-2022-49336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49336"
    },
    {
      "name": "CVE-2022-49337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49337"
    },
    {
      "name": "CVE-2022-49339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49339"
    },
    {
      "name": "CVE-2022-49341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49341"
    },
    {
      "name": "CVE-2022-49342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49342"
    },
    {
      "name": "CVE-2022-49343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49343"
    },
    {
      "name": "CVE-2022-49345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49345"
    },
    {
      "name": "CVE-2022-49346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49346"
    },
    {
      "name": "CVE-2022-49347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49347"
    },
    {
      "name": "CVE-2022-49348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49348"
    },
    {
      "name": "CVE-2022-49349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49349"
    },
    {
      "name": "CVE-2022-49350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49350"
    },
    {
      "name": "CVE-2022-49351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49351"
    },
    {
      "name": "CVE-2022-49352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49352"
    },
    {
      "name": "CVE-2022-49354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49354"
    },
    {
      "name": "CVE-2022-49356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49356"
    },
    {
      "name": "CVE-2022-49357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49357"
    },
    {
      "name": "CVE-2022-49367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49367"
    },
    {
      "name": "CVE-2022-49368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49368"
    },
    {
      "name": "CVE-2022-49370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49370"
    },
    {
      "name": "CVE-2022-49371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49371"
    },
    {
      "name": "CVE-2022-49373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49373"
    },
    {
      "name": "CVE-2022-49375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49375"
    },
    {
      "name": "CVE-2022-49376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49376"
    },
    {
      "name": "CVE-2022-49377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49377"
    },
    {
      "name": "CVE-2022-49378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49378"
    },
    {
      "name": "CVE-2022-49379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49379"
    },
    {
      "name": "CVE-2022-49381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49381"
    },
    {
      "name": "CVE-2022-49382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49382"
    },
    {
      "name": "CVE-2022-49384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49384"
    },
    {
      "name": "CVE-2022-49385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49385"
    },
    {
      "name": "CVE-2022-49386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49386"
    },
    {
      "name": "CVE-2022-49389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49389"
    },
    {
      "name": "CVE-2022-49392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49392"
    },
    {
      "name": "CVE-2022-49394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49394"
    },
    {
      "name": "CVE-2022-49396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49396"
    },
    {
      "name": "CVE-2022-49397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49397"
    },
    {
      "name": "CVE-2022-49398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49398"
    },
    {
      "name": "CVE-2022-49399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49399"
    },
    {
      "name": "CVE-2022-49400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49400"
    },
    {
      "name": "CVE-2022-49402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49402"
    },
    {
      "name": "CVE-2022-49404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49404"
    },
    {
      "name": "CVE-2022-49407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49407"
    },
    {
      "name": "CVE-2022-49409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49409"
    },
    {
      "name": "CVE-2022-49410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49410"
    },
    {
      "name": "CVE-2022-49411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49411"
    },
    {
      "name": "CVE-2022-49412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49412"
    },
    {
      "name": "CVE-2022-49413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49413"
    },
    {
      "name": "CVE-2022-49414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49414"
    },
    {
      "name": "CVE-2022-49416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49416"
    },
    {
      "name": "CVE-2022-49418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49418"
    },
    {
      "name": "CVE-2022-49421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49421"
    },
    {
      "name": "CVE-2022-49422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49422"
    },
    {
      "name": "CVE-2022-49424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49424"
    },
    {
      "name": "CVE-2022-49426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49426"
    },
    {
      "name": "CVE-2022-49427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49427"
    },
    {
      "name": "CVE-2022-49429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49429"
    },
    {
      "name": "CVE-2022-49430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49430"
    },
    {
      "name": "CVE-2022-49431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49431"
    },
    {
      "name": "CVE-2022-49432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49432"
    },
    {
      "name": "CVE-2022-49433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49433"
    },
    {
      "name": "CVE-2022-49434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49434"
    },
    {
      "name": "CVE-2022-49435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49435"
    },
    {
      "name": "CVE-2022-49437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49437"
    },
    {
      "name": "CVE-2022-49438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49438"
    },
    {
      "name": "CVE-2022-49440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49440"
    },
    {
      "name": "CVE-2022-49441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49441"
    },
    {
      "name": "CVE-2022-49442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49442"
    },
    {
      "name": "CVE-2022-49443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49443"
    },
    {
      "name": "CVE-2022-49444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49444"
    },
    {
      "name": "CVE-2022-49445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49445"
    },
    {
      "name": "CVE-2022-49447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49447"
    },
    {
      "name": "CVE-2022-49448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49448"
    },
    {
      "name": "CVE-2022-49449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49449"
    },
    {
      "name": "CVE-2022-49451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49451"
    },
    {
      "name": "CVE-2022-49453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49453"
    },
    {
      "name": "CVE-2022-49455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49455"
    },
    {
      "name": "CVE-2022-49459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49459"
    },
    {
      "name": "CVE-2022-49460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49460"
    },
    {
      "name": "CVE-2022-49462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49462"
    },
    {
      "name": "CVE-2022-49463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49463"
    },
    {
      "name": "CVE-2022-49466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49466"
    },
    {
      "name": "CVE-2022-49467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49467"
    },
    {
      "name": "CVE-2022-49468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49468"
    },
    {
      "name": "CVE-2022-49472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49472"
    },
    {
      "name": "CVE-2022-49473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49473"
    },
    {
      "name": "CVE-2022-49474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49474"
    },
    {
      "name": "CVE-2022-49475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49475"
    },
    {
      "name": "CVE-2022-49477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49477"
    },
    {
      "name": "CVE-2022-49478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49478"
    },
    {
      "name": "CVE-2022-49480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49480"
    },
    {
      "name": "CVE-2022-49481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49481"
    },
    {
      "name": "CVE-2022-49482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49482"
    },
    {
      "name": "CVE-2022-49486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49486"
    },
    {
      "name": "CVE-2022-49487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49487"
    },
    {
      "name": "CVE-2022-49488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49488"
    },
    {
      "name": "CVE-2022-49489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49489"
    },
    {
      "name": "CVE-2022-49491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49491"
    },
    {
      "name": "CVE-2022-49492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49492"
    },
    {
      "name": "CVE-2022-49493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49493"
    },
    {
      "name": "CVE-2022-49494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49494"
    },
    {
      "name": "CVE-2022-49495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49495"
    },
    {
      "name": "CVE-2022-49498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49498"
    },
    {
      "name": "CVE-2022-49501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49501"
    },
    {
      "name": "CVE-2022-49502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49502"
    },
    {
      "name": "CVE-2022-49503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49503"
    },
    {
      "name": "CVE-2022-49504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
    },
    {
      "name": "CVE-2022-49505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49505"
    },
    {
      "name": "CVE-2022-49506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49506"
    },
    {
      "name": "CVE-2022-49507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49507"
    },
    {
      "name": "CVE-2022-49508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49508"
    },
    {
      "name": "CVE-2022-49509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49509"
    },
    {
      "name": "CVE-2022-49512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49512"
    },
    {
      "name": "CVE-2022-49514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49514"
    },
    {
      "name": "CVE-2022-49515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49515"
    },
    {
      "name": "CVE-2022-49517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49517"
    },
    {
      "name": "CVE-2022-49519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49519"
    },
    {
      "name": "CVE-2022-49520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49520"
    },
    {
      "name": "CVE-2022-49521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49521"
    },
    {
      "name": "CVE-2022-49522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49522"
    },
    {
      "name": "CVE-2022-49523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49523"
    },
    {
      "name": "CVE-2022-49524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49524"
    },
    {
      "name": "CVE-2022-49525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49525"
    },
    {
      "name": "CVE-2022-49526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49526"
    },
    {
      "name": "CVE-2022-49527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49527"
    },
    {
      "name": "CVE-2022-49532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49532"
    },
    {
      "name": "CVE-2022-49534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49534"
    },
    {
      "name": "CVE-2022-49535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
    },
    {
      "name": "CVE-2022-49536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49536"
    },
    {
      "name": "CVE-2022-49537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49537"
    },
    {
      "name": "CVE-2022-49541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49541"
    },
    {
      "name": "CVE-2022-49542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49542"
    },
    {
      "name": "CVE-2022-49544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49544"
    },
    {
      "name": "CVE-2022-49545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49545"
    },
    {
      "name": "CVE-2022-49546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49546"
    },
    {
      "name": "CVE-2022-49549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49549"
    },
    {
      "name": "CVE-2022-49551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49551"
    },
    {
      "name": "CVE-2022-49555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49555"
    },
    {
      "name": "CVE-2022-49556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49556"
    },
    {
      "name": "CVE-2022-49559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49559"
    },
    {
      "name": "CVE-2022-49562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
    },
    {
      "name": "CVE-2022-49563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49563"
    },
    {
      "name": "CVE-2022-49564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49564"
    },
    {
      "name": "CVE-2022-49566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49566"
    },
    {
      "name": "CVE-2022-49568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49568"
    },
    {
      "name": "CVE-2022-49569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49569"
    },
    {
      "name": "CVE-2022-49570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49570"
    },
    {
      "name": "CVE-2022-49579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49579"
    },
    {
      "name": "CVE-2022-49581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49581"
    },
    {
      "name": "CVE-2022-49583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49583"
    },
    {
      "name": "CVE-2022-49584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49584"
    },
    {
      "name": "CVE-2022-49591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49591"
    },
    {
      "name": "CVE-2022-49592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49592"
    },
    {
      "name": "CVE-2022-49603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49603"
    },
    {
      "name": "CVE-2022-49605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49605"
    },
    {
      "name": "CVE-2022-49606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49606"
    },
    {
      "name": "CVE-2022-49607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49607"
    },
    {
      "name": "CVE-2022-49609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49609"
    },
    {
      "name": "CVE-2022-49610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
    },
    {
      "name": "CVE-2022-49611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49611"
    },
    {
      "name": "CVE-2022-49613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49613"
    },
    {
      "name": "CVE-2022-49615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49615"
    },
    {
      "name": "CVE-2022-49616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49616"
    },
    {
      "name": "CVE-2022-49617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49617"
    },
    {
      "name": "CVE-2022-49618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49618"
    },
    {
      "name": "CVE-2022-49621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49621"
    },
    {
      "name": "CVE-2022-49623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49623"
    },
    {
      "name": "CVE-2022-49625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49625"
    },
    {
      "name": "CVE-2022-49627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49627"
    },
    {
      "name": "CVE-2022-49628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49628"
    },
    {
      "name": "CVE-2022-49631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49631"
    },
    {
      "name": "CVE-2022-49634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49634"
    },
    {
      "name": "CVE-2022-49640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49640"
    },
    {
      "name": "CVE-2022-49641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49641"
    },
    {
      "name": "CVE-2022-49642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49642"
    },
    {
      "name": "CVE-2022-49643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49643"
    },
    {
      "name": "CVE-2022-49644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49644"
    },
    {
      "name": "CVE-2022-49645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49645"
    },
    {
      "name": "CVE-2022-49646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49646"
    },
    {
      "name": "CVE-2022-49647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49647"
    },
    {
      "name": "CVE-2022-49648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49648"
    },
    {
      "name": "CVE-2022-49649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49649"
    },
    {
      "name": "CVE-2022-49652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49652"
    },
    {
      "name": "CVE-2022-49653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49653"
    },
    {
      "name": "CVE-2022-49656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49656"
    },
    {
      "name": "CVE-2022-49657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49657"
    },
    {
      "name": "CVE-2022-49663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49663"
    },
    {
      "name": "CVE-2022-49665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49665"
    },
    {
      "name": "CVE-2022-49667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49667"
    },
    {
      "name": "CVE-2022-49668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49668"
    },
    {
      "name": "CVE-2022-49670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49670"
    },
    {
      "name": "CVE-2022-49671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49671"
    },
    {
      "name": "CVE-2022-49672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49672"
    },
    {
      "name": "CVE-2022-49673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49673"
    },
    {
      "name": "CVE-2022-49674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49674"
    },
    {
      "name": "CVE-2022-49675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49675"
    },
    {
      "name": "CVE-2022-49676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49676"
    },
    {
      "name": "CVE-2022-49677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49677"
    },
    {
      "name": "CVE-2022-49678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49678"
    },
    {
      "name": "CVE-2022-49679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49679"
    },
    {
      "name": "CVE-2022-49680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49680"
    },
    {
      "name": "CVE-2022-49683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49683"
    },
    {
      "name": "CVE-2022-49685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49685"
    },
    {
      "name": "CVE-2022-49687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49687"
    },
    {
      "name": "CVE-2022-49688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49688"
    },
    {
      "name": "CVE-2022-49693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49693"
    },
    {
      "name": "CVE-2022-49695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49695"
    },
    {
      "name": "CVE-2022-49699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49699"
    },
    {
      "name": "CVE-2022-49700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49700"
    },
    {
      "name": "CVE-2022-49701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49701"
    },
    {
      "name": "CVE-2022-49703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49703"
    },
    {
      "name": "CVE-2022-49704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49704"
    },
    {
      "name": "CVE-2022-49705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49705"
    },
    {
      "name": "CVE-2022-49707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49707"
    },
    {
      "name": "CVE-2022-49708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49708"
    },
    {
      "name": "CVE-2022-49710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49710"
    },
    {
      "name": "CVE-2022-49711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49711"
    },
    {
      "name": "CVE-2022-49712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49712"
    },
    {
      "name": "CVE-2022-49713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49713"
    },
    {
      "name": "CVE-2022-49714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49714"
    },
    {
      "name": "CVE-2022-49715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49715"
    },
    {
      "name": "CVE-2022-49716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49716"
    },
    {
      "name": "CVE-2022-49719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49719"
    },
    {
      "name": "CVE-2022-49720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49720"
    },
    {
      "name": "CVE-2022-49721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49721"
    },
    {
      "name": "CVE-2022-49722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49722"
    },
    {
      "name": "CVE-2022-49723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49723"
    },
    {
      "name": "CVE-2022-49724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49724"
    },
    {
      "name": "CVE-2022-49725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49725"
    },
    {
      "name": "CVE-2022-49726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49726"
    },
    {
      "name": "CVE-2022-49729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49729"
    },
    {
      "name": "CVE-2022-49730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49730"
    },
    {
      "name": "CVE-2022-49731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49731"
    },
    {
      "name": "CVE-2022-49733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49733"
    },
    {
      "name": "CVE-2024-57996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
    },
    {
      "name": "CVE-2024-58014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
    },
    {
      "name": "CVE-2025-21718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
    },
    {
      "name": "CVE-2025-21772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
    },
    {
      "name": "CVE-2025-21780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0252",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": "2025-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:1027-1",
      "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251027-1"
    },
    {
      "published_at": "2025-03-21",
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0983-1",
      "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1"
    }
  ]
}

CVE-2021-4453 (GCVE-0-2021-4453)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:19 – Updated: 2026-05-11 13:44

Title

drm/amd/pm: fix a potential gpu_metrics_table memory leak

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(), but not freed in int smu_v12_0_fini_smc_tables(). Free it!

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/222cebd995cdf11fe…
https://git.kernel.org/stable/c/257b3bb16634fd936…
https://git.kernel.org/stable/c/aa464957f7e660abd…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 95868b85764aff2dcbf78d3054076df75446ad15 , < 222cebd995cdf11fe0d502749560f65e64990e55 (git) Affected: 95868b85764aff2dcbf78d3054076df75446ad15 , < 257b3bb16634fd936129fe2f57a91594a75b8751 (git) Affected: 95868b85764aff2dcbf78d3054076df75446ad15 , < aa464957f7e660abd554f2546a588f6533720e21 (git)
Linux	Linux	Affected: 5.10 Unaffected: 0 , < 5.10 (semver) Unaffected: 5.10.88 , ≤ 5.10.* (semver) Unaffected: 5.15.11 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4453",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:37:13.399991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:46:38.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/swsmu/smu12/smu_v12_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "222cebd995cdf11fe0d502749560f65e64990e55",
              "status": "affected",
              "version": "95868b85764aff2dcbf78d3054076df75446ad15",
              "versionType": "git"
            },
            {
              "lessThan": "257b3bb16634fd936129fe2f57a91594a75b8751",
              "status": "affected",
              "version": "95868b85764aff2dcbf78d3054076df75446ad15",
              "versionType": "git"
            },
            {
              "lessThan": "aa464957f7e660abd554f2546a588f6533720e21",
              "status": "affected",
              "version": "95868b85764aff2dcbf78d3054076df75446ad15",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/pm/swsmu/smu12/smu_v12_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.88",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.11",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:05.516Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/222cebd995cdf11fe0d502749560f65e64990e55"
        },
        {
          "url": "https://git.kernel.org/stable/c/257b3bb16634fd936129fe2f57a91594a75b8751"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa464957f7e660abd554f2546a588f6533720e21"
        }
      ],
      "title": "drm/amd/pm: fix a potential gpu_metrics_table memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-4453",
    "datePublished": "2025-02-26T02:19:34.893Z",
    "dateReserved": "2025-02-26T02:18:22.518Z",
    "dateUpdated": "2026-05-11T13:44:05.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47631 (GCVE-0-2021-47631)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ARM: davinci: da850-evm: Avoid NULL pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to handle kernel NULL pointer dereference at virtual address 00000020 pgd = (ptrval) [00000020] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1 Hardware name: Generic DT based system PC is at da850_evm_config_emac+0x1c/0x120 LR is at do_one_initcall+0x50/0x1e0 The emac_pdata pointer in soc_info is NULL because davinci_soc_info only gets populated on davinci machines but da850_evm_config_emac() is called on all machines via device_initcall(). Move the rmii_en assignment below the machine check so that it is only dereferenced when running on a supported SoC.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/c06f476e5b74bcabb…
https://git.kernel.org/stable/c/a12b356d45cbb6e8a…
https://git.kernel.org/stable/c/c64e2ed5cc376e137…
https://git.kernel.org/stable/c/89931d4762572aaee…
https://git.kernel.org/stable/c/0a312ec66a03133d2…
https://git.kernel.org/stable/c/0940795c6834fbe77…
https://git.kernel.org/stable/c/c5628533a3ece6423…
https://git.kernel.org/stable/c/83a1cde5c74bfb44b…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: bae105879f2f2404155da6f50b3636193d228a62 , < c06f476e5b74bcabb8c4a2fba55864a37e62843b (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < a12b356d45cbb6e8a1b718d1436b3d6239a862f3 (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < c64e2ed5cc376e137e572babfd2edc38b2cfb61b (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < 89931d4762572aaee6edbe5673d41f8082de110f (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < 0a312ec66a03133d28570f07bc52749ccfef54da (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < 0940795c6834fbe7705acc5c3d4b2f7a5f67527a (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < c5628533a3ece64235d04fe11ec44d2be99e423d (git) Affected: bae105879f2f2404155da6f50b3636193d228a62 , < 83a1cde5c74bfb44b49cb2a940d044bb2380f4ea (git)
Linux	Linux	Affected: 2.6.33 Unaffected: 0 , < 2.6.33 (semver) Unaffected: 4.9.311 , ≤ 4.9.* (semver) Unaffected: 4.14.276 , ≤ 4.14.* (semver) Unaffected: 4.19.239 , ≤ 4.19.* (semver) Unaffected: 5.4.190 , ≤ 5.4.* (semver) Unaffected: 5.10.112 , ≤ 5.10.* (semver) Unaffected: 5.15.35 , ≤ 5.15.* (semver) Unaffected: 5.17.4 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:51:01.274417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:09.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/mach-davinci/board-da850-evm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c06f476e5b74bcabb8c4a2fba55864a37e62843b",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "a12b356d45cbb6e8a1b718d1436b3d6239a862f3",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "c64e2ed5cc376e137e572babfd2edc38b2cfb61b",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "89931d4762572aaee6edbe5673d41f8082de110f",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "0a312ec66a03133d28570f07bc52749ccfef54da",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "0940795c6834fbe7705acc5c3d4b2f7a5f67527a",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "c5628533a3ece64235d04fe11ec44d2be99e423d",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            },
            {
              "lessThan": "83a1cde5c74bfb44b49cb2a940d044bb2380f4ea",
              "status": "affected",
              "version": "bae105879f2f2404155da6f50b3636193d228a62",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm/mach-davinci/board-da850-evm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.311",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.276",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.239",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.190",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.112",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.35",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.4",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: davinci: da850-evm: Avoid NULL pointer dereference\n\nWith newer versions of GCC, there is a panic in da850_evm_config_emac()\nwhen booting multi_v5_defconfig in QEMU under the palmetto-bmc machine:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000020\npgd = (ptrval)\n[00000020] *pgd=00000000\nInternal error: Oops: 5 [#1] PREEMPT ARM\nModules linked in:\nCPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1\nHardware name: Generic DT based system\nPC is at da850_evm_config_emac+0x1c/0x120\nLR is at do_one_initcall+0x50/0x1e0\n\nThe emac_pdata pointer in soc_info is NULL because davinci_soc_info only\ngets populated on davinci machines but da850_evm_config_emac() is called\non all machines via device_initcall().\n\nMove the rmii_en assignment below the machine check so that it is only\ndereferenced when running on a supported SoC."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:07.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c06f476e5b74bcabb8c4a2fba55864a37e62843b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a12b356d45cbb6e8a1b718d1436b3d6239a862f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c64e2ed5cc376e137e572babfd2edc38b2cfb61b"
        },
        {
          "url": "https://git.kernel.org/stable/c/89931d4762572aaee6edbe5673d41f8082de110f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a312ec66a03133d28570f07bc52749ccfef54da"
        },
        {
          "url": "https://git.kernel.org/stable/c/0940795c6834fbe7705acc5c3d4b2f7a5f67527a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5628533a3ece64235d04fe11ec44d2be99e423d"
        },
        {
          "url": "https://git.kernel.org/stable/c/83a1cde5c74bfb44b49cb2a940d044bb2380f4ea"
        }
      ],
      "title": "ARM: davinci: da850-evm: Avoid NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47631",
    "datePublished": "2025-02-26T01:54:07.513Z",
    "dateReserved": "2025-02-26T01:48:21.518Z",
    "dateUpdated": "2026-05-11T13:58:07.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47632 (GCVE-0-2021-47632)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

powerpc/set_memory: Avoid spinlock recursion in change_page_attr()

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines") included a spin_lock() to change_page_attr() in order to safely perform the three step operations. But then commit 9f7853d7609d ("powerpc/mm: Fix set_memory_*() against concurrent accesses") modify it to use pte_update() and do the operation safely against concurrent access. In the meantime, Maxime reported some spinlock recursion. [ 15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217 [ 15.357540] lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0 [ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523 [ 15.373350] Workqueue: events do_free_init [ 15.377615] Call Trace: [ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable) [ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4 [ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310 [ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0 [ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8 [ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94 [ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310 [ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134 [ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8 [ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c [ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8 [ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94 [ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8 [ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8 [ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210 [ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c Remove the read / modify / write sequence to make the operation atomic and remove the spin_lock() in change_page_attr(). To do the operation atomically, we can't use pte modification helpers anymore. Because all platforms have different combination of bits, it is not easy to use those bits directly. But all have the _PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare two sets to know which bits are set or cleared. For instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you know which bit gets cleared and which bit get set when changing exec permission.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/6def4eaf0391f24be…
https://git.kernel.org/stable/c/96917107e67846f1d…
https://git.kernel.org/stable/c/6ebe5ca2cbe438a68…
https://git.kernel.org/stable/c/a4c182ecf33584b9b…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1f9ad21c3b384a8f16d8c46845a48a01d281a603 , < 6def4eaf0391f24be541633a954c0e4876858b1e (git) Affected: 1f9ad21c3b384a8f16d8c46845a48a01d281a603 , < 96917107e67846f1d959ed03be281048efad14c5 (git) Affected: 1f9ad21c3b384a8f16d8c46845a48a01d281a603 , < 6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a (git) Affected: 1f9ad21c3b384a8f16d8c46845a48a01d281a603 , < a4c182ecf33584b9b2d1aa9dad073014a504c01f (git)
Linux	Linux	Affected: 5.14 Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.34 , ≤ 5.15.* (semver) Unaffected: 5.16.20 , ≤ 5.16.* (semver) Unaffected: 5.17.3 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47632",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:50:57.835061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:08.911Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/pageattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6def4eaf0391f24be541633a954c0e4876858b1e",
              "status": "affected",
              "version": "1f9ad21c3b384a8f16d8c46845a48a01d281a603",
              "versionType": "git"
            },
            {
              "lessThan": "96917107e67846f1d959ed03be281048efad14c5",
              "status": "affected",
              "version": "1f9ad21c3b384a8f16d8c46845a48a01d281a603",
              "versionType": "git"
            },
            {
              "lessThan": "6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
              "status": "affected",
              "version": "1f9ad21c3b384a8f16d8c46845a48a01d281a603",
              "versionType": "git"
            },
            {
              "lessThan": "a4c182ecf33584b9b2d1aa9dad073014a504c01f",
              "status": "affected",
              "version": "1f9ad21c3b384a8f16d8c46845a48a01d281a603",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/mm/pageattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.34",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.20",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/set_memory: Avoid spinlock recursion in change_page_attr()\n\nCommit 1f9ad21c3b38 (\"powerpc/mm: Implement set_memory() routines\")\nincluded a spin_lock() to change_page_attr() in order to\nsafely perform the three step operations. But then\ncommit 9f7853d7609d (\"powerpc/mm: Fix set_memory_*() against\nconcurrent accesses\") modify it to use pte_update() and do\nthe operation safely against concurrent access.\n\nIn the meantime, Maxime reported some spinlock recursion.\n\n[   15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217\n[   15.357540]  lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0\n[   15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523\n[   15.373350] Workqueue: events do_free_init\n[   15.377615] Call Trace:\n[   15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)\n[   15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4\n[   15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310\n[   15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0\n[   15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8\n[   15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94\n[   15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310\n[   15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134\n[   15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8\n[   15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c\n[   15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8\n[   15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94\n[   15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8\n[   15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8\n[   15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210\n[   15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c\n\nRemove the read / modify / write sequence to make the operation atomic\nand remove the spin_lock() in change_page_attr().\n\nTo do the operation atomically, we can\u0027t use pte modification helpers\nanymore. Because all platforms have different combination of bits, it\nis not easy to use those bits directly. But all have the\n_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare\ntwo sets to know which bits are set or cleared.\n\nFor instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you\nknow which bit gets cleared and which bit get set when changing exec\npermission."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:09.012Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f"
        }
      ],
      "title": "powerpc/set_memory: Avoid spinlock recursion in change_page_attr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47632",
    "datePublished": "2025-02-26T01:54:08.162Z",
    "dateReserved": "2025-02-26T01:48:21.518Z",
    "dateUpdated": "2026-05-11T13:58:09.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47633 (GCVE-0-2021-47633)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111

Summary

In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound. pd = &chinfo[pier].pd_curves[idx]; There are many OOB writes using pd later in the code. So I added a sanity check for idx. Checks for other loops involving AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not used outside the loops. The patch is NOT tested with real device. The following is the fuzzing report BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] Write of size 1 at addr ffff8880174a4d60 by task modprobe/214 CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1 Call Trace: dump_stack+0x76/0xa0 print_address_description.constprop.0+0x16/0x200 ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] __kasan_report.cold+0x37/0x7c ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] kasan_report+0xe/0x20 ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k] ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k] ath5k_eeprom_init+0x2513/0x6290 [ath5k] ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k] ? usleep_range+0xb8/0x100 ? apic_timer_interrupt+0xa/0x20 ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k] ath5k_hw_init+0xb60/0x1970 [ath5k] ath5k_init_ah+0x6fe/0x2530 [ath5k] ? kasprintf+0xa6/0xe0 ? ath5k_stop+0x140/0x140 [ath5k] ? _dev_notice+0xf6/0xf6 ? apic_timer_interrupt+0xa/0x20 ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k] ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] ? mutex_lock+0x89/0xd0 ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k] local_pci_probe+0xd3/0x160 pci_device_probe+0x23f/0x3e0 ? pci_device_remove+0x280/0x280 ? pci_device_remove+0x280/0x280 really_probe+0x209/0x5d0

Severity

No CVSS data available.

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/f4de974019a0adf34…
https://git.kernel.org/stable/c/ed3dfdaa8b5f0579e…
https://git.kernel.org/stable/c/25efc5d03455c3839…
https://git.kernel.org/stable/c/c4e2f577271e158d8…
https://git.kernel.org/stable/c/9d7d83d0399e23d66…
https://git.kernel.org/stable/c/be2f81024e7981565…
https://git.kernel.org/stable/c/fc8f7752a82f4accb…
https://git.kernel.org/stable/c/cbd96d6cad6625feb…
https://git.kernel.org/stable/c/564d4eceb97eaf381…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < f4de974019a0adf34d0e7de6b86252f1bd266b06 (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84 (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < 25efc5d03455c3839249bc77fce5e29ecb54677e (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < c4e2f577271e158d87a916afb4e87415a88ce856 (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < 9d7d83d0399e23d66fd431b553842a84ac10398f (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < be2f81024e7981565d90a4c9ca3067d11b6bca7f (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < fc8f7752a82f4accb99c0f1a868906ba1eb7b86f (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < cbd96d6cad6625feba9c8d101ed4977d53e82f8e (git) Affected: 8e218fb24faef0bfe95bc91b3c05261e20439527 , < 564d4eceb97eaf381dd6ef6470b06377bb50c95a (git)
Linux	Linux	Affected: 2.6.30 Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.9.311 , ≤ 4.9.* (semver) Unaffected: 4.14.276 , ≤ 4.14.* (semver) Unaffected: 4.19.238 , ≤ 4.19.* (semver) Unaffected: 5.4.189 , ≤ 5.4.* (semver) Unaffected: 5.10.111 , ≤ 5.10.* (semver) Unaffected: 5.15.34 , ≤ 5.15.* (semver) Unaffected: 5.16.20 , ≤ 5.16.* (semver) Unaffected: 5.17.3 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath5k/eeprom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f4de974019a0adf34d0e7de6b86252f1bd266b06",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "25efc5d03455c3839249bc77fce5e29ecb54677e",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "c4e2f577271e158d87a916afb4e87415a88ce856",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "9d7d83d0399e23d66fd431b553842a84ac10398f",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "be2f81024e7981565d90a4c9ca3067d11b6bca7f",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "fc8f7752a82f4accb99c0f1a868906ba1eb7b86f",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "cbd96d6cad6625feba9c8d101ed4977d53e82f8e",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            },
            {
              "lessThan": "564d4eceb97eaf381dd6ef6470b06377bb50c95a",
              "status": "affected",
              "version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath5k/eeprom.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.311",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.276",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.238",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.111",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.34",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.20",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.3",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = \u0026chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:10.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84"
        },
        {
          "url": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f"
        },
        {
          "url": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a"
        }
      ],
      "title": "ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47633",
    "datePublished": "2025-02-26T01:54:08.651Z",
    "dateReserved": "2025-02-26T01:48:21.518Z",
    "dateUpdated": "2026-05-11T13:58:10.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47635 (GCVE-0-2021-47635)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ubifs: Fix to add refcount once page is set private

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_private flag, we should increment the refcount in that page, also main flows like pageout(), migrate_page() will assume there is one additional page reference count if page_has_private() returns true. Otherwise, we may get a BUG in page migration: page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8 index:0xe2 pfn:0x14c12 aops:ubifs_file_address_operations [ubifs] ino:8f1 dentry name:"f30e" flags: 0x1fffff80002405(locked|uptodate|owner_priv_1|private|node=0| zone=1|lastcpupid=0x1fffff) page dumped because: VM_BUG_ON_PAGE(page_count(page) != 0) ------------[ cut here ]------------ kernel BUG at include/linux/page_ref.h:184! invalid opcode: 0000 [#1] SMP CPU: 3 PID: 38 Comm: kcompactd0 Not tainted 5.15.0-rc5 RIP: 0010:migrate_page_move_mapping+0xac3/0xe70 Call Trace: ubifs_migrate_page+0x22/0xc0 [ubifs] move_to_new_page+0xb4/0x600 migrate_pages+0x1523/0x1cc0 compact_zone+0x8c5/0x14b0 kcompactd+0x2bc/0x560 kthread+0x18c/0x1e0 ret_from_fork+0x1f/0x30 Before the time, we should make clean a concept, what does refcount means in page gotten from grab_cache_page_write_begin(). There are 2 situations: Situation 1: refcount is 3, page is created by __page_cache_alloc. TYPE_A - the write process is using this page TYPE_B - page is assigned to one certain mapping by calling __add_to_page_cache_locked() TYPE_C - page is added into pagevec list corresponding current cpu by calling lru_cache_add() Situation 2: refcount is 2, page is gotten from the mapping's tree TYPE_B - page has been assigned to one certain mapping TYPE_A - the write process is using this page (by calling page_cache_get_speculative()) Filesystem releases one refcount by calling put_page() in xxx_write_end(), the released refcount corresponds to TYPE_A (write task is using it). If there are any processes using a page, page migration process will skip the page by judging whether expected_page_refs() equals to page refcount. The BUG is caused by following process: PA(cpu 0) kcompactd(cpu 1) compact_zone ubifs_write_begin page_a = grab_cache_page_write_begin add_to_page_cache_lru lru_cache_add pagevec_add // put page into cpu 0's pagevec (refcnf = 3, for page creation process) ubifs_write_end SetPagePrivate(page_a) // doesn't increase page count ! unlock_page(page_a) put_page(page_a) // refcnt = 2 [...] PB(cpu 0) filemap_read filemap_get_pages add_to_page_cache_lru lru_cache_add __pagevec_lru_add // traverse all pages in cpu 0's pagevec __pagevec_lru_add_fn SetPageLRU(page_a) isolate_migratepages isolate_migratepages_block get_page_unless_zero(page_a) // refcnt = 3 list_add(page_a, from_list) migrate_pages(from_list) __unmap_and_move move_to_new_page ubifs_migrate_page(page_a) migrate_page_move_mapping expected_page_refs get 3 (migration[1] + mapping[1] + private[1]) release_pages put_page_testzero(page_a) // refcnt = 3 page_ref_freeze // refcnt = 0 page_ref_dec_and_test(0 - 1 = -1) page_ref_unfreeze VM_BUG_ON_PAGE(-1 != 0, page) UBIFS doesn't increase the page refcount after setting private flag, which leads to page migration task believes the page is not used by any other processes, so the page is migrated. This causes concurrent accessing on page refcount between put_page() called by other process(eg. read process calls lru_cache_add) and page_ref_unfreeze() called by mi ---truncated---

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/c34ae24a2590fee96…
https://git.kernel.org/stable/c/4f75bab98565afd4f…
https://git.kernel.org/stable/c/5aaa2c0f0052b02c4…
https://git.kernel.org/stable/c/fbeb2139eed65e929…
https://git.kernel.org/stable/c/3b67db8a6ca83e6ff…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < c34ae24a2590fee96a3a7735ba2fa6cc52306221 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 4f75bab98565afd4f905059c56ec4caba88a7eec (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 5aaa2c0f0052b02c4a982993d4c5bb68fb7cbe22 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < fbeb2139eed65e929ce806c6468e6601ade01b1b (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 3b67db8a6ca83e6ff90b756d3da0c966f61cd37b (git)
Linux	Linux	Affected: 2.6.27 Unaffected: 0 , < 2.6.27 (semver) Unaffected: 5.10.110 , ≤ 5.10.* (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c34ae24a2590fee96a3a7735ba2fa6cc52306221",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "4f75bab98565afd4f905059c56ec4caba88a7eec",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "5aaa2c0f0052b02c4a982993d4c5bb68fb7cbe22",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "fbeb2139eed65e929ce806c6468e6601ade01b1b",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "3b67db8a6ca83e6ff90b756d3da0c966f61cd37b",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix to add refcount once page is set private\n\nMM defined the rule [1] very clearly that once page was set with PG_private\nflag, we should increment the refcount in that page, also main flows like\npageout(), migrate_page() will assume there is one additional page\nreference count if page_has_private() returns true. Otherwise, we may\nget a BUG in page migration:\n\n  page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8\n  index:0xe2 pfn:0x14c12\n  aops:ubifs_file_address_operations [ubifs] ino:8f1 dentry name:\"f30e\"\n  flags: 0x1fffff80002405(locked|uptodate|owner_priv_1|private|node=0|\n  zone=1|lastcpupid=0x1fffff)\n  page dumped because: VM_BUG_ON_PAGE(page_count(page) != 0)\n  ------------[ cut here ]------------\n  kernel BUG at include/linux/page_ref.h:184!\n  invalid opcode: 0000 [#1] SMP\n  CPU: 3 PID: 38 Comm: kcompactd0 Not tainted 5.15.0-rc5\n  RIP: 0010:migrate_page_move_mapping+0xac3/0xe70\n  Call Trace:\n    ubifs_migrate_page+0x22/0xc0 [ubifs]\n    move_to_new_page+0xb4/0x600\n    migrate_pages+0x1523/0x1cc0\n    compact_zone+0x8c5/0x14b0\n    kcompactd+0x2bc/0x560\n    kthread+0x18c/0x1e0\n    ret_from_fork+0x1f/0x30\n\nBefore the time, we should make clean a concept, what does refcount means\nin page gotten from grab_cache_page_write_begin(). There are 2 situations:\nSituation 1: refcount is 3, page is created by __page_cache_alloc.\n  TYPE_A - the write process is using this page\n  TYPE_B - page is assigned to one certain mapping by calling\n\t   __add_to_page_cache_locked()\n  TYPE_C - page is added into pagevec list corresponding current cpu by\n\t   calling lru_cache_add()\nSituation 2: refcount is 2, page is gotten from the mapping\u0027s tree\n  TYPE_B - page has been assigned to one certain mapping\n  TYPE_A - the write process is using this page (by calling\n\t   page_cache_get_speculative())\nFilesystem releases one refcount by calling put_page() in xxx_write_end(),\nthe released refcount corresponds to TYPE_A (write task is using it). If\nthere are any processes using a page, page migration process will skip the\npage by judging whether expected_page_refs() equals to page refcount.\n\nThe BUG is caused by following process:\n    PA(cpu 0)                           kcompactd(cpu 1)\n\t\t\t\tcompact_zone\nubifs_write_begin\n  page_a = grab_cache_page_write_begin\n    add_to_page_cache_lru\n      lru_cache_add\n        pagevec_add // put page into cpu 0\u0027s pagevec\n  (refcnf = 3, for page creation process)\nubifs_write_end\n  SetPagePrivate(page_a) // doesn\u0027t increase page count !\n  unlock_page(page_a)\n  put_page(page_a)  // refcnt = 2\n\t\t\t\t[...]\n\n    PB(cpu 0)\nfilemap_read\n  filemap_get_pages\n    add_to_page_cache_lru\n      lru_cache_add\n        __pagevec_lru_add // traverse all pages in cpu 0\u0027s pagevec\n\t  __pagevec_lru_add_fn\n\t    SetPageLRU(page_a)\n\t\t\t\tisolate_migratepages\n                                  isolate_migratepages_block\n\t\t\t\t    get_page_unless_zero(page_a)\n\t\t\t\t    // refcnt = 3\n                                      list_add(page_a, from_list)\n\t\t\t\tmigrate_pages(from_list)\n\t\t\t\t  __unmap_and_move\n\t\t\t\t    move_to_new_page\n\t\t\t\t      ubifs_migrate_page(page_a)\n\t\t\t\t        migrate_page_move_mapping\n\t\t\t\t\t  expected_page_refs get 3\n                                  (migration[1] + mapping[1] + private[1])\n\t release_pages\n\t   put_page_testzero(page_a) // refcnt = 3\n                                          page_ref_freeze  // refcnt = 0\n\t     page_ref_dec_and_test(0 - 1 = -1)\n                                          page_ref_unfreeze\n                                            VM_BUG_ON_PAGE(-1 != 0, page)\n\nUBIFS doesn\u0027t increase the page refcount after setting private flag, which\nleads to page migration task believes the page is not used by any other\nprocesses, so the page is migrated. This causes concurrent accessing on\npage refcount between put_page() called by other process(eg. read process\ncalls lru_cache_add) and page_ref_unfreeze() called by mi\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:12.461Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c34ae24a2590fee96a3a7735ba2fa6cc52306221"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f75bab98565afd4f905059c56ec4caba88a7eec"
        },
        {
          "url": "https://git.kernel.org/stable/c/5aaa2c0f0052b02c4a982993d4c5bb68fb7cbe22"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbeb2139eed65e929ce806c6468e6601ade01b1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b67db8a6ca83e6ff90b756d3da0c966f61cd37b"
        }
      ],
      "title": "ubifs: Fix to add refcount once page is set private",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47635",
    "datePublished": "2025-02-26T01:54:09.701Z",
    "dateReserved": "2025-02-26T01:48:21.518Z",
    "dateUpdated": "2026-05-11T13:58:12.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47636 (GCVE-0-2021-47636)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds in following process: ubifs_wbuf_write_nolock(): aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096 if (aligned_len <= wbuf->avail) ... // Not satisfy if (wbuf->used) { ubifs_leb_write() // Fill some data in avail wbuf len -= wbuf->avail; // len is still not 8-bytes aligned aligned_len -= wbuf->avail; } n = aligned_len >> c->max_write_shift; if (n) { n <<= c->max_write_shift; err = ubifs_leb_write(c, wbuf->lnum, buf + written, wbuf->offs, n); // n > len, read out of bounds less than 8(n-len) bytes } , which can be catched by KASAN: ========================================================= BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0 Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128 Workqueue: writeback wb_workfn (flush-ubifs_0_0) Call Trace: kasan_report.cold+0x81/0x165 nand_write_page_swecc+0xa9/0x160 ubifs_leb_write+0xf2/0x1b0 [ubifs] ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs] write_head+0xdc/0x1c0 [ubifs] ubifs_jnl_write_inode+0x627/0x960 [ubifs] wb_workfn+0x8af/0xb80 Function ubifs_wbuf_write_nolock() accepts that parameter 'len' is not 8 bytes aligned, the 'len' represents the true length of buf (which is allocated in 'ubifs_jnl_xxx', eg. ubifs_jnl_write_inode), so ubifs_wbuf_write_nolock() must handle the length read from 'buf' carefully to write leb safely. Fetch a reproducer in [Link].

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/5343575aa11c5d704…
https://git.kernel.org/stable/c/b80ccbec0e4804436…
https://git.kernel.org/stable/c/07a209fadee7b53b4…
https://git.kernel.org/stable/c/a7054aaf1909cf404…
https://git.kernel.org/stable/c/e09fa5318d51f522e…
https://git.kernel.org/stable/c/3b7fb89135a20587d…
https://git.kernel.org/stable/c/4f2262a334641e05f…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 5343575aa11c5d7044107d59d43f84aec01312b0 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < b80ccbec0e4804436c382d7dd60e943c386ed83a (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 07a209fadee7b53b46858538e1177597273862e4 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < a7054aaf1909cf40489c0ec1b728fdcf79c751a6 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < e09fa5318d51f522e1af4fbaf8f74999355980c8 (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 3b7fb89135a20587d57f8877c02e25003e9edbdf (git) Affected: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d , < 4f2262a334641e05f645364d5ade1f565c85f20b (git)
Linux	Linux	Affected: 2.6.27 Unaffected: 0 , < 2.6.27 (semver) Unaffected: 4.19.238 , ≤ 4.19.* (semver) Unaffected: 5.4.189 , ≤ 5.4.* (semver) Unaffected: 5.10.110 , ≤ 5.10.* (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:50:54.449259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:08.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5343575aa11c5d7044107d59d43f84aec01312b0",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "b80ccbec0e4804436c382d7dd60e943c386ed83a",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "07a209fadee7b53b46858538e1177597273862e4",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "a7054aaf1909cf40489c0ec1b728fdcf79c751a6",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "e09fa5318d51f522e1af4fbaf8f74999355980c8",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "3b7fb89135a20587d57f8877c02e25003e9edbdf",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            },
            {
              "lessThan": "4f2262a334641e05f645364d5ade1f565c85f20b",
              "status": "affected",
              "version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.238",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()\n\nFunction ubifs_wbuf_write_nolock() may access buf out of bounds in\nfollowing process:\n\nubifs_wbuf_write_nolock():\n  aligned_len = ALIGN(len, 8);   // Assume len = 4089, aligned_len = 4096\n  if (aligned_len \u003c= wbuf-\u003eavail) ... // Not satisfy\n  if (wbuf-\u003eused) {\n    ubifs_leb_write()  // Fill some data in avail wbuf\n    len -= wbuf-\u003eavail;   // len is still not 8-bytes aligned\n    aligned_len -= wbuf-\u003eavail;\n  }\n  n = aligned_len \u003e\u003e c-\u003emax_write_shift;\n  if (n) {\n    n \u003c\u003c= c-\u003emax_write_shift;\n    err = ubifs_leb_write(c, wbuf-\u003elnum, buf + written,\n                          wbuf-\u003eoffs, n);\n    // n \u003e len, read out of bounds less than 8(n-len) bytes\n  }\n\n, which can be catched by KASAN:\n  =========================================================\n  BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0\n  Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128\n  Workqueue: writeback wb_workfn (flush-ubifs_0_0)\n  Call Trace:\n    kasan_report.cold+0x81/0x165\n    nand_write_page_swecc+0xa9/0x160\n    ubifs_leb_write+0xf2/0x1b0 [ubifs]\n    ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]\n    write_head+0xdc/0x1c0 [ubifs]\n    ubifs_jnl_write_inode+0x627/0x960 [ubifs]\n    wb_workfn+0x8af/0xb80\n\nFunction ubifs_wbuf_write_nolock() accepts that parameter \u0027len\u0027 is not 8\nbytes aligned, the \u0027len\u0027 represents the true length of buf (which is\nallocated in \u0027ubifs_jnl_xxx\u0027, eg. ubifs_jnl_write_inode), so\nubifs_wbuf_write_nolock() must handle the length read from \u0027buf\u0027 carefully\nto write leb safely.\n\nFetch a reproducer in [Link]."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:13.687Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a"
        },
        {
          "url": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b"
        }
      ],
      "title": "ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47636",
    "datePublished": "2025-02-26T01:54:10.206Z",
    "dateReserved": "2025-02-26T01:48:21.519Z",
    "dateUpdated": "2026-05-11T13:58:13.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47637 (GCVE-0-2021-47637)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ubifs: Fix deadlock in concurrent rename whiteout and inode writeback

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: [ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132 [ 77.028820] Call Trace: [ 77.029027] schedule+0x8c/0x1b0 [ 77.029067] mutex_lock+0x50/0x60 [ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs] [ 77.029117] __writeback_single_inode+0x43c/0x570 [ 77.029128] writeback_sb_inodes+0x259/0x740 [ 77.029148] wb_writeback+0x107/0x4d0 [ 77.029163] wb_workfn+0x162/0x7b0 [ 92.390442] task:aa state:D stack: 0 pid: 1506 [ 92.390448] Call Trace: [ 92.390458] schedule+0x8c/0x1b0 [ 92.390461] wb_wait_for_completion+0x82/0xd0 [ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110 [ 92.390472] writeback_inodes_sb_nr+0x14/0x20 [ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs] [ 92.390503] do_rename.cold+0x7f/0x187 [ubifs] [ 92.390549] ubifs_rename+0x8b/0x180 [ubifs] [ 92.390571] vfs_rename+0xdb2/0x1170 [ 92.390580] do_renameat2+0x554/0x770 , are caused by concurrent rename whiteout and inode writeback processes: rename_whiteout(Thread 1) wb_workfn(Thread2) ubifs_rename do_rename lock_4_inodes (Hold ui_mutex) ubifs_budget_space make_free_space shrink_liability __writeback_inodes_sb_nr bdi_split_work_to_wbs (Queue new wb work) wb_do_writeback(wb work) __writeback_single_inode ubifs_write_inode LOCK(ui_mutex) ↑ wb_wait_for_completion (Wait wb work) <-- deadlock! Reproducer (Detail program in [Link]): 1. SYS_renameat2("/mp/dir/file", "/mp/dir/whiteout", RENAME_WHITEOUT) 2. Consume out of space before kernel(mdelay) doing budget for whiteout Fix it by doing whiteout space budget before locking ubifs inodes. BTW, it also fixes wrong goto tag 'out_release' in whiteout budget error handling path(It should at least recover dir i_size and unlock 4 ubifs inodes).

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - Improper Locking

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/9dddc8211430fb851…
https://git.kernel.org/stable/c/37bdf1ad592555ecd…
https://git.kernel.org/stable/c/83e42a78428fc354f…
https://git.kernel.org/stable/c/c58af8564a7b08757…
https://git.kernel.org/stable/c/70e9090acc32348ce…
https://git.kernel.org/stable/c/8b278c8dcfb565cb6…
https://git.kernel.org/stable/c/afd427048047e8efd…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 9dddc8211430fb851ddf0b168e3a00c6f66cc185 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 37bdf1ad592555ecda1d55b89f6e393e4c0589d1 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 83e42a78428fc354f5e2049935b84c8d8d29b787 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < c58af8564a7b08757173009030b74baf4b2b762b (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 70e9090acc32348cedc5def0cd6d5c126efc97b9 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 8b278c8dcfb565cb65eceb62a38cbf7a7c326db5 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < afd427048047e8efdedab30e8888044e2be5aa9c (git)
Linux	Linux	Affected: 4.9 Unaffected: 0 , < 4.9 (semver) Unaffected: 4.19.238 , ≤ 4.19.* (semver) Unaffected: 5.4.189 , ≤ 5.4.* (semver) Unaffected: 5.10.110 , ≤ 5.10.* (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:50:51.071622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-667",
                "description": "CWE-667 Improper Locking",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:08.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9dddc8211430fb851ddf0b168e3a00c6f66cc185",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "37bdf1ad592555ecda1d55b89f6e393e4c0589d1",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "83e42a78428fc354f5e2049935b84c8d8d29b787",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "c58af8564a7b08757173009030b74baf4b2b762b",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "70e9090acc32348cedc5def0cd6d5c126efc97b9",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "8b278c8dcfb565cb65eceb62a38cbf7a7c326db5",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "afd427048047e8efdedab30e8888044e2be5aa9c",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.238",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix deadlock in concurrent rename whiteout and inode writeback\n\nFollowing hung tasks:\n[   77.028764] task:kworker/u8:4    state:D stack:    0 pid:  132\n[   77.028820] Call Trace:\n[   77.029027]  schedule+0x8c/0x1b0\n[   77.029067]  mutex_lock+0x50/0x60\n[   77.029074]  ubifs_write_inode+0x68/0x1f0 [ubifs]\n[   77.029117]  __writeback_single_inode+0x43c/0x570\n[   77.029128]  writeback_sb_inodes+0x259/0x740\n[   77.029148]  wb_writeback+0x107/0x4d0\n[   77.029163]  wb_workfn+0x162/0x7b0\n\n[   92.390442] task:aa              state:D stack:    0 pid: 1506\n[   92.390448] Call Trace:\n[   92.390458]  schedule+0x8c/0x1b0\n[   92.390461]  wb_wait_for_completion+0x82/0xd0\n[   92.390469]  __writeback_inodes_sb_nr+0xb2/0x110\n[   92.390472]  writeback_inodes_sb_nr+0x14/0x20\n[   92.390476]  ubifs_budget_space+0x705/0xdd0 [ubifs]\n[   92.390503]  do_rename.cold+0x7f/0x187 [ubifs]\n[   92.390549]  ubifs_rename+0x8b/0x180 [ubifs]\n[   92.390571]  vfs_rename+0xdb2/0x1170\n[   92.390580]  do_renameat2+0x554/0x770\n\n, are caused by concurrent rename whiteout and inode writeback processes:\n\trename_whiteout(Thread 1)\t        wb_workfn(Thread2)\nubifs_rename\n  do_rename\n    lock_4_inodes (Hold ui_mutex)\n    ubifs_budget_space\n      make_free_space\n        shrink_liability\n\t  __writeback_inodes_sb_nr\n\t    bdi_split_work_to_wbs (Queue new wb work)\n\t\t\t\t\t      wb_do_writeback(wb work)\n\t\t\t\t\t\t__writeback_single_inode\n\t\t\t\t\t          ubifs_write_inode\n\t\t\t\t\t            LOCK(ui_mutex)\n\t\t\t\t\t\t\t   \u2191\n\t      wb_wait_for_completion (Wait wb work) \u003c-- deadlock!\n\nReproducer (Detail program in [Link]):\n  1. SYS_renameat2(\"/mp/dir/file\", \"/mp/dir/whiteout\", RENAME_WHITEOUT)\n  2. Consume out of space before kernel(mdelay) doing budget for whiteout\n\nFix it by doing whiteout space budget before locking ubifs inodes.\nBTW, it also fixes wrong goto tag \u0027out_release\u0027 in whiteout budget\nerror handling path(It should at least recover dir i_size and unlock\n4 ubifs inodes)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:14.868Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185"
        },
        {
          "url": "https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787"
        },
        {
          "url": "https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b"
        },
        {
          "url": "https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5"
        },
        {
          "url": "https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c"
        }
      ],
      "title": "ubifs: Fix deadlock in concurrent rename whiteout and inode writeback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47637",
    "datePublished": "2025-02-26T01:54:10.709Z",
    "dateReserved": "2025-02-26T01:48:21.519Z",
    "dateUpdated": "2026-05-11T13:58:14.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47638 (GCVE-0-2021-47638)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

ubifs: rename_whiteout: Fix double free for whiteout_ui->data

Summary

In the Linux kernel, the following vulnerability has been resolved: ubifs: rename_whiteout: Fix double free for whiteout_ui->data 'whiteout_ui->data' will be freed twice if space budget fail for rename whiteout operation as following process: rename_whiteout dev = kmalloc whiteout_ui->data = dev kfree(whiteout_ui->data) // Free first time iput(whiteout) ubifs_free_inode kfree(ui->data) // Double free! KASAN reports: ================================================================== BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70 Call Trace: kfree+0x117/0x490 ubifs_free_inode+0x4f/0x70 [ubifs] i_callback+0x30/0x60 rcu_do_batch+0x366/0xac0 __do_softirq+0x133/0x57f Allocated by task 1506: kmem_cache_alloc_trace+0x3c2/0x7a0 do_rename+0x9b7/0x1150 [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 Freed by task 1506: kfree+0x117/0x490 do_rename.cold+0x53/0x8a [ubifs] ubifs_rename+0x106/0x1f0 [ubifs] do_syscall_64+0x35/0x80 The buggy address belongs to the object at ffff88810238bed8 which belongs to the cache kmalloc-8 of size 8 ================================================================== Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode() -> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it (because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release', and the nlink of whiteout inode is 0).

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-415 - Double Free

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6…
https://git.kernel.org/stable/c/2b3236ecf96db7af5…
https://git.kernel.org/stable/c/14276d38c89a17036…
https://git.kernel.org/stable/c/a90e2dbe66d2647ff…
https://git.kernel.org/stable/c/2ad07009c459e56eb…
https://git.kernel.org/stable/c/b9a937f096e608b33…
https://git.kernel.org/stable/c/6d7a158a7363c1f66…
https://git.kernel.org/stable/c/40a8f0d5e7b3999f0…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 8b3c7be16f3f4dfd6e15ac651484e59d3fa36274 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 2b3236ecf96db7af5836e1366ce39ace8ce832fa (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 14276d38c89a170363e90b6ac0a53c3cf61b87fc (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < a90e2dbe66d2647ff95a0442ad2e86482d977fd8 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 2ad07009c459e56ebdcc089d850d664660fdb742 (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < b9a937f096e608b3368c1abc920d4d640ba2c94f (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 6d7a158a7363c1f6604aa47ae1a280a5c65123dd (git) Affected: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 , < 40a8f0d5e7b3999f096570edab71c345da812e3e (git)
Linux	Linux	Affected: 4.9 Unaffected: 0 , < 4.9 (semver) Unaffected: 4.14.276 , ≤ 4.14.* (semver) Unaffected: 4.19.238 , ≤ 4.19.* (semver) Unaffected: 5.4.189 , ≤ 5.4.* (semver) Unaffected: 5.10.110 , ≤ 5.10.* (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:50:47.905064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:08.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8b3c7be16f3f4dfd6e15ac651484e59d3fa36274",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "2b3236ecf96db7af5836e1366ce39ace8ce832fa",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "14276d38c89a170363e90b6ac0a53c3cf61b87fc",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "a90e2dbe66d2647ff95a0442ad2e86482d977fd8",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "2ad07009c459e56ebdcc089d850d664660fdb742",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "b9a937f096e608b3368c1abc920d4d640ba2c94f",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "6d7a158a7363c1f6604aa47ae1a280a5c65123dd",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            },
            {
              "lessThan": "40a8f0d5e7b3999f096570edab71c345da812e3e",
              "status": "affected",
              "version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ubifs/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.276",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.238",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: rename_whiteout: Fix double free for whiteout_ui-\u003edata\n\n\u0027whiteout_ui-\u003edata\u0027 will be freed twice if space budget fail for\nrename whiteout operation as following process:\n\nrename_whiteout\n  dev = kmalloc\n  whiteout_ui-\u003edata = dev\n  kfree(whiteout_ui-\u003edata)  // Free first time\n  iput(whiteout)\n    ubifs_free_inode\n      kfree(ui-\u003edata)\t    // Double free!\n\nKASAN reports:\n==================================================================\nBUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70\nCall Trace:\n  kfree+0x117/0x490\n  ubifs_free_inode+0x4f/0x70 [ubifs]\n  i_callback+0x30/0x60\n  rcu_do_batch+0x366/0xac0\n  __do_softirq+0x133/0x57f\n\nAllocated by task 1506:\n  kmem_cache_alloc_trace+0x3c2/0x7a0\n  do_rename+0x9b7/0x1150 [ubifs]\n  ubifs_rename+0x106/0x1f0 [ubifs]\n  do_syscall_64+0x35/0x80\n\nFreed by task 1506:\n  kfree+0x117/0x490\n  do_rename.cold+0x53/0x8a [ubifs]\n  ubifs_rename+0x106/0x1f0 [ubifs]\n  do_syscall_64+0x35/0x80\n\nThe buggy address belongs to the object at ffff88810238bed8 which\nbelongs to the cache kmalloc-8 of size 8\n==================================================================\n\nLet ubifs_free_inode() free \u0027whiteout_ui-\u003edata\u0027. BTW, delete unused\nassignment \u0027whiteout_ui-\u003edata_len = 0\u0027, process \u0027ubifs_evict_inode()\n-\u003e ubifs_jnl_delete_inode() -\u003e ubifs_jnl_write_inode()\u0027 doesn\u0027t need it\n(because \u0027inc_nlink(whiteout)\u0027 won\u0027t be excuted by \u0027goto out_release\u0027,\n and the nlink of whiteout inode is 0)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:15.992Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e"
        }
      ],
      "title": "ubifs: rename_whiteout: Fix double free for whiteout_ui-\u003edata",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47638",
    "datePublished": "2025-02-26T01:54:11.178Z",
    "dateReserved": "2025-02-26T01:48:21.519Z",
    "dateUpdated": "2026-05-11T13:58:15.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47639 (GCVE-0-2021-47639)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap operation. Most notably, the TDP MMU doesn't zap invalid roots in mmu_notifier callbacks. This leads to use-after-free and other issues if the mmu_notifier runs to completion while an invalid root zapper yields as KVM fails to honor the requirement that there must be _no_ references to the page after the mmu_notifier returns. The bug is most easily reproduced by hacking KVM to cause a collision between set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug exists between kvm_mmu_notifier_invalidate_range_start() and memslot updates as well. Invalidating a root ensures pages aren't accessible by the guest, and KVM won't read or write page data itself, but KVM will trigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing a zap of an invalid root _after_ the mmu_notifier returns is fatal. WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm] RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm] Call Trace: <TASK> kvm_set_pfn_dirty+0xa8/0xe0 [kvm] __handle_changed_spte+0x2ab/0x5e0 [kvm] __handle_changed_spte+0x2ab/0x5e0 [kvm] __handle_changed_spte+0x2ab/0x5e0 [kvm] zap_gfn_range+0x1f3/0x310 [kvm] kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm] kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm] set_nx_huge_pages+0xb4/0x190 [kvm] param_attr_store+0x70/0x100 module_attr_store+0x19/0x30 kernfs_fop_write_iter+0x119/0x1b0 new_sync_write+0x11c/0x1b0 vfs_write+0x1cc/0x270 ksys_write+0x5f/0xe0 do_syscall_64+0x38/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae </TASK>

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/af47248407c0c5ae5…
https://git.kernel.org/stable/c/0c8a8da182d4333d9…
https://git.kernel.org/stable/c/8cf6f98ab1d16d5e6…
https://git.kernel.org/stable/c/d62007edf01f5c11f…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: b7cccd397f310739fb85383033e95580f99927e0 , < af47248407c0c5ae52a752af1ab5ce5b0db91502 (git) Affected: b7cccd397f310739fb85383033e95580f99927e0 , < 0c8a8da182d4333d9bbb9131d765145568c847b2 (git) Affected: b7cccd397f310739fb85383033e95580f99927e0 , < 8cf6f98ab1d16d5e607635a0c21c4231eb15367e (git) Affected: b7cccd397f310739fb85383033e95580f99927e0 , < d62007edf01f5c11f75d0f4b1e538fc52a5b1982 (git)
Linux	Linux	Affected: 5.13 Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T18:17:52.744634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:22:35.903Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/tdp_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "af47248407c0c5ae52a752af1ab5ce5b0db91502",
              "status": "affected",
              "version": "b7cccd397f310739fb85383033e95580f99927e0",
              "versionType": "git"
            },
            {
              "lessThan": "0c8a8da182d4333d9bbb9131d765145568c847b2",
              "status": "affected",
              "version": "b7cccd397f310739fb85383033e95580f99927e0",
              "versionType": "git"
            },
            {
              "lessThan": "8cf6f98ab1d16d5e607635a0c21c4231eb15367e",
              "status": "affected",
              "version": "b7cccd397f310739fb85383033e95580f99927e0",
              "versionType": "git"
            },
            {
              "lessThan": "d62007edf01f5c11f75d0f4b1e538fc52a5b1982",
              "status": "affected",
              "version": "b7cccd397f310739fb85383033e95580f99927e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/mmu/tdp_mmu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU\n\nZap both valid and invalid roots when zapping/unmapping a gfn range, as\nKVM must ensure it holds no references to the freed page after returning\nfrom the unmap operation.  Most notably, the TDP MMU doesn\u0027t zap invalid\nroots in mmu_notifier callbacks.  This leads to use-after-free and other\nissues if the mmu_notifier runs to completion while an invalid root\nzapper yields as KVM fails to honor the requirement that there must be\n_no_ references to the page after the mmu_notifier returns.\n\nThe bug is most easily reproduced by hacking KVM to cause a collision\nbetween set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug\nexists between kvm_mmu_notifier_invalidate_range_start() and memslot\nupdates as well.  Invalidating a root ensures pages aren\u0027t accessible by\nthe guest, and KVM won\u0027t read or write page data itself, but KVM will\ntrigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing\na zap of an invalid root _after_ the mmu_notifier returns is fatal.\n\n  WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm]\n  RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm]\n  Call Trace:\n   \u003cTASK\u003e\n   kvm_set_pfn_dirty+0xa8/0xe0 [kvm]\n   __handle_changed_spte+0x2ab/0x5e0 [kvm]\n   __handle_changed_spte+0x2ab/0x5e0 [kvm]\n   __handle_changed_spte+0x2ab/0x5e0 [kvm]\n   zap_gfn_range+0x1f3/0x310 [kvm]\n   kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm]\n   kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm]\n   set_nx_huge_pages+0xb4/0x190 [kvm]\n   param_attr_store+0x70/0x100\n   module_attr_store+0x19/0x30\n   kernfs_fop_write_iter+0x119/0x1b0\n   new_sync_write+0x11c/0x1b0\n   vfs_write+0x1cc/0x270\n   ksys_write+0x5f/0xe0\n   do_syscall_64+0x38/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n   \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:17.222Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/af47248407c0c5ae52a752af1ab5ce5b0db91502"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c8a8da182d4333d9bbb9131d765145568c847b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cf6f98ab1d16d5e607635a0c21c4231eb15367e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d62007edf01f5c11f75d0f4b1e538fc52a5b1982"
        }
      ],
      "title": "KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47639",
    "datePublished": "2025-02-26T01:54:11.651Z",
    "dateReserved": "2025-02-26T01:48:21.519Z",
    "dateUpdated": "2026-05-11T13:58:17.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47641 (GCVE-0-2021-47641)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:54 – Updated: 2026-05-11 13:58

Title

video: fbdev: cirrusfb: check pixclock to avoid divide by zero

Summary

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2 RIP: 0010:cirrusfb_check_var+0x6f1/0x1260 Call Trace: fb_set_var+0x398/0xf90 do_fb_ioctl+0x4b8/0x6f0 fb_ioctl+0xeb/0x130 __x64_sys_ioctl+0x19d/0x220 do_syscall_64+0x3a/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-369 - Divide By Zero

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/c656d04247a2654ed…
https://git.kernel.org/stable/c/1d3fb46439ad4e8f0…
https://git.kernel.org/stable/c/40b13e3d85744210d…
https://git.kernel.org/stable/c/53a2088a396cfa1da…
https://git.kernel.org/stable/c/8c7e2141fb89c620a…
https://git.kernel.org/stable/c/6fe23ff94e7840097…
https://git.kernel.org/stable/c/45800c42ef000f417…
https://git.kernel.org/stable/c/e498b504f8c81b07e…
https://git.kernel.org/stable/c/5c6f402bdcf9e7239…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c656d04247a2654ede5cead2ecbf83431dad5261 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 40b13e3d85744210db13457785646634e2d056bd (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 53a2088a396cfa1da92690a1da289634cd73bf0d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c7e2141fb89c620ab4e41512e262fbf25b8260d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6fe23ff94e7840097202e85c148688940b37c9b1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 45800c42ef000f417270bcfc08630e42486fca99 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e498b504f8c81b07efab9febf8503448de4dc9cf (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5c6f402bdcf9e7239c6bc7087eda71ac99b31379 (git)
Linux	Linux	Affected: 2.6.12 Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.9.311 , ≤ 4.9.* (semver) Unaffected: 4.14.276 , ≤ 4.14.* (semver) Unaffected: 4.19.238 , ≤ 4.19.* (semver) Unaffected: 5.4.189 , ≤ 5.4.* (semver) Unaffected: 5.10.110 , ≤ 5.10.* (semver) Unaffected: 5.15.33 , ≤ 5.15.* (semver) Unaffected: 5.16.19 , ≤ 5.16.* (semver) Unaffected: 5.17.2 , ≤ 5.17.* (semver) Unaffected: 5.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:50:40.514584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-369",
                "description": "CWE-369 Divide By Zero",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:08.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/cirrusfb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c656d04247a2654ede5cead2ecbf83431dad5261",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "40b13e3d85744210db13457785646634e2d056bd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "53a2088a396cfa1da92690a1da289634cd73bf0d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c7e2141fb89c620ab4e41512e262fbf25b8260d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6fe23ff94e7840097202e85c148688940b37c9b1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "45800c42ef000f417270bcfc08630e42486fca99",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e498b504f8c81b07efab9febf8503448de4dc9cf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5c6f402bdcf9e7239c6bc7087eda71ac99b31379",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/cirrusfb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.311",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.276",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.238",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.189",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.110",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.33",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: cirrusfb: check pixclock to avoid divide by zero\n\nDo a sanity check on pixclock value to avoid divide by zero.\n\nIf the pixclock value is zero, the cirrusfb driver will round up\npixclock to get the derived frequency as close to maxclock as\npossible.\n\nSyzkaller reported a divide error in cirrusfb_check_pixclock.\n\ndivide error: 0000 [#1] SMP KASAN PTI\nCPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2\nRIP: 0010:cirrusfb_check_var+0x6f1/0x1260\n\nCall Trace:\n fb_set_var+0x398/0xf90\n do_fb_ioctl+0x4b8/0x6f0\n fb_ioctl+0xeb/0x130\n __x64_sys_ioctl+0x19d/0x220\n do_syscall_64+0x3a/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:58:19.521Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135"
        },
        {
          "url": "https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99"
        },
        {
          "url": "https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379"
        }
      ],
      "title": "video: fbdev: cirrusfb: check pixclock to avoid divide by zero",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47641",
    "datePublished": "2025-02-26T01:54:12.680Z",
    "dateReserved": "2025-02-26T01:48:21.519Z",
    "dateUpdated": "2026-05-11T13:58:19.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-0252

Solutions

CVE-2021-4453 (GCVE-0-2021-4453)

CVE-2021-47631 (GCVE-0-2021-47631)

CVE-2021-47632 (GCVE-0-2021-47632)

CVE-2021-47633 (GCVE-0-2021-47633)

CVE-2021-47635 (GCVE-0-2021-47635)

CVE-2021-47636 (GCVE-0-2021-47636)

CVE-2021-47637 (GCVE-0-2021-47637)

CVE-2021-47638 (GCVE-0-2021-47638)

CVE-2021-47639 (GCVE-0-2021-47639)

CVE-2021-47641 (GCVE-0-2021-47641)

Tags

Sightings

Nomenclature