Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0499
Vulnerability from csaf_certbund
Published
2024-02-27 23:00
Modified
2024-06-11 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0499 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0499.json" }, { "category": "self", "summary": "WID-SEC-2024-0499 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0499" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022841-CVE-2021-47053-c68d@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022841-CVE-2021-47052-3cca@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47051-cf30@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47050-5ba5@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47049-5cc6@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47039-638f@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47040-8722@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47041-de92@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47042-142d@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47043-cb3c@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47044-2e16@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47045-7363@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47046-3ffe@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47047-4c75@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47048-8586@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022830-CVE-2021-47009-3f56@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47012-73c5@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47014-ffc7@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47015-c2ae@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47017-c3e8@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47018-f631@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47019-9b9a@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47037-d130@gregkh/" }, { "category": "external", "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27", "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47038-bfcf@gregkh/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08", "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-=" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3462 vom 2024-05-29", "url": "https://access.redhat.com/errata/RHSA-2024:3462" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3618" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3627" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06", "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11", "url": "https://access.redhat.com/errata/RHSA-2024:3810" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff", "tracking": { "current_release_date": "2024-06-11T22:00:00.000+00:00", "generator": { "date": "2024-06-12T08:09:45.354+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0499", "initial_release_date": "2024-02-27T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-27T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-12T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-03-24T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-28T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-07T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-05-14T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-15T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-30T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-04T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-06T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "13" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "virtual", "product": { "name": "Dell NetWorker virtual", "product_id": "T034583", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:virtual" } } } ], "category": "product_name", "name": "NetWorker" } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "category": "product_name", "name": "EMC Avamar", "product": { "name": "EMC Avamar", "product_id": "T014381", "product_identification_helper": { "cpe": "cpe:/a:emc:avamar:-" } } } ], "category": "vendor", "name": "EMC" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c5.13", "product": { "name": "Open Source Linux Kernel \u003c5.13", "product_id": "T033141", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:5.13" } } } ], "category": "product_name", "name": "Linux Kernel" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47009", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47009" }, { "cve": "CVE-2021-47012", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47012" }, { "cve": "CVE-2021-47013", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47013" }, { "cve": "CVE-2021-47014", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47014" }, { "cve": "CVE-2021-47015", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47015" }, { "cve": "CVE-2021-47017", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47017" }, { "cve": "CVE-2021-47018", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47018" }, { "cve": "CVE-2021-47019", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47019" }, { "cve": "CVE-2021-47037", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47037" }, { "cve": "CVE-2021-47038", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47038" }, { "cve": "CVE-2021-47039", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47039" }, { "cve": "CVE-2021-47040", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47040" }, { "cve": "CVE-2021-47041", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47041" }, { "cve": "CVE-2021-47042", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47042" }, { "cve": "CVE-2021-47043", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47043" }, { "cve": "CVE-2021-47044", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47044" }, { "cve": "CVE-2021-47045", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47045" }, { "cve": "CVE-2021-47046", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47046" }, { "cve": "CVE-2021-47047", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47047" }, { "cve": "CVE-2021-47048", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47048" }, { "cve": "CVE-2021-47049", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47049" }, { "cve": "CVE-2021-47050", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47050" }, { "cve": "CVE-2021-47051", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47051" }, { "cve": "CVE-2021-47052", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47052" }, { "cve": "CVE-2021-47053", "notes": [ { "category": "description", "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T014381", "T002207", "67646", "T034583", "T004914" ] }, "release_date": "2024-02-27T23:00:00Z", "title": "CVE-2021-47053" } ] }
cve-2021-47049
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Use after free in __vmbus_open()
The "open_info" variable is added to the &vmbus_connection.chn_msg_list,
but the error handling frees "open_info" without removing it from the
list. This will result in a use after free. First remove it from the
list, and then free it.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47049", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-08T18:59:39.474038Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T18:59:54.282Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hv/channel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d5c7b42c9f56ca46b286daa537d181bd7f69214f", "status": "affected", "version": "6f3d791f300618caf82a2be0c27456edd76d5164", "versionType": "git" }, { "lessThan": "f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560", "status": "affected", "version": "6f3d791f300618caf82a2be0c27456edd76d5164", "versionType": "git" }, { "lessThan": "2728f289b3270b0e273292b46c534421a33bbfd5", "status": "affected", "version": "6f3d791f300618caf82a2be0c27456edd76d5164", "versionType": "git" }, { "lessThan": "3e9bf43f7f7a46f21ec071cb47be92d0874c48da", "status": "affected", "version": "6f3d791f300618caf82a2be0c27456edd76d5164", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hv/channel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.14" }, { "lessThan": "4.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Use after free in __vmbus_open()\n\nThe \"open_info\" variable is added to the \u0026vmbus_connection.chn_msg_list,\nbut the error handling frees \"open_info\" without removing it from the\nlist. This will result in a use after free. First remove it from the\nlist, and then free it." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:17.680Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d5c7b42c9f56ca46b286daa537d181bd7f69214f" }, { "url": "https://git.kernel.org/stable/c/f37dd5d1b5d38a79a4f7b8dd7bbb705505f05560" }, { "url": "https://git.kernel.org/stable/c/2728f289b3270b0e273292b46c534421a33bbfd5" }, { "url": "https://git.kernel.org/stable/c/3e9bf43f7f7a46f21ec071cb47be92d0874c48da" } ], "title": "Drivers: hv: vmbus: Use after free in __vmbus_open()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47049", "datePublished": "2024-02-28T08:13:52.168Z", "dateReserved": "2024-02-27T18:42:55.971Z", "dateUpdated": "2024-12-19T07:34:17.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47038
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: avoid deadlock between hci_dev->lock and socket lock
Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a
dependency between socket lock and hci_dev->lock that could lead to
deadlock.
It turns out that hci_conn_get_phy() is not in any way relying on hdev
being immutable during the runtime of this function, neither does it even
look at any of the members of hdev, and as such there is no need to hold
that lock.
This fixes the lockdep splat below:
======================================================
WARNING: possible circular locking dependency detected
5.12.0-rc1-00026-g73d464503354 #10 Not tainted
------------------------------------------------------
bluetoothd/1118 is trying to acquire lock:
ffff8f078383c078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]
but task is already holding lock:
ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:
lock_sock_nested+0x72/0xa0
l2cap_sock_ready_cb+0x18/0x70 [bluetooth]
l2cap_config_rsp+0x27a/0x520 [bluetooth]
l2cap_sig_channel+0x658/0x1330 [bluetooth]
l2cap_recv_frame+0x1ba/0x310 [bluetooth]
hci_rx_work+0x1cc/0x640 [bluetooth]
process_one_work+0x244/0x5f0
worker_thread+0x3c/0x380
kthread+0x13e/0x160
ret_from_fork+0x22/0x30
-> #2 (&chan->lock#2/1){+.+.}-{3:3}:
__mutex_lock+0xa3/0xa10
l2cap_chan_connect+0x33a/0x940 [bluetooth]
l2cap_sock_connect+0x141/0x2a0 [bluetooth]
__sys_connect+0x9b/0xc0
__x64_sys_connect+0x16/0x20
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #1 (&conn->chan_lock){+.+.}-{3:3}:
__mutex_lock+0xa3/0xa10
l2cap_chan_connect+0x322/0x940 [bluetooth]
l2cap_sock_connect+0x141/0x2a0 [bluetooth]
__sys_connect+0x9b/0xc0
__x64_sys_connect+0x16/0x20
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (&hdev->lock){+.+.}-{3:3}:
__lock_acquire+0x147a/0x1a50
lock_acquire+0x277/0x3d0
__mutex_lock+0xa3/0xa10
hci_conn_get_phy+0x1c/0x150 [bluetooth]
l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]
__sys_getsockopt+0xcc/0x200
__x64_sys_getsockopt+0x20/0x30
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Chain exists of:
&hdev->lock --> &chan->lock#2/1 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock(&chan->lock#2/1);
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock(&hdev->lock);
*** DEADLOCK ***
1 lock held by bluetoothd/1118:
#0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]
stack backtrace:
CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10
Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017
Call Trace:
dump_stack+0x7f/0xa1
check_noncircular+0x105/0x120
? __lock_acquire+0x147a/0x1a50
__lock_acquire+0x147a/0x1a50
lock_acquire+0x277/0x3d0
? hci_conn_get_phy+0x1c/0x150 [bluetooth]
? __lock_acquire+0x2e1/0x1a50
? lock_is_held_type+0xb4/0x120
? hci_conn_get_phy+0x1c/0x150 [bluetooth]
__mutex_lock+0xa3/0xa10
? hci_conn_get_phy+0x1c/0x150 [bluetooth]
? lock_acquire+0x277/0x3d0
? mark_held_locks+0x49/0x70
? mark_held_locks+0x49/0x70
? hci_conn_get_phy+0x1c/0x150 [bluetooth]
hci_conn_get_phy+0x
---truncated---
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.488Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:52.490548Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:20.423Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/bluetooth/hci_conn.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7cc0ba67883c6c8d3bddb283f56c167fc837a555", "status": "affected", "version": "eab2404ba798a8efda2a970f44071c3406d94e57", "versionType": "git" }, { "lessThan": "fee71f480bc1dec5f6ae3b0b185ff12a62bceabc", "status": "affected", "version": "eab2404ba798a8efda2a970f44071c3406d94e57", "versionType": "git" }, { "lessThan": "332e69eb3bd90370f2d9f2c2ca7974ff523dea17", "status": "affected", "version": "eab2404ba798a8efda2a970f44071c3406d94e57", "versionType": "git" }, { "lessThan": "17486960d79b900c45e0bb8fbcac0262848582ba", "status": "affected", "version": "eab2404ba798a8efda2a970f44071c3406d94e57", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/bluetooth/hci_conn.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.7" }, { "lessThan": "5.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n lock_sock_nested+0x72/0xa0\n l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n l2cap_config_rsp+0x27a/0x520 [bluetooth]\n l2cap_sig_channel+0x658/0x1330 [bluetooth]\n l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n hci_rx_work+0x1cc/0x640 [bluetooth]\n process_one_work+0x244/0x5f0\n worker_thread+0x3c/0x380\n kthread+0x13e/0x160\n ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n __mutex_lock+0xa3/0xa10\n l2cap_chan_connect+0x33a/0x940 [bluetooth]\n l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n __sys_connect+0x9b/0xc0\n __x64_sys_connect+0x16/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n __mutex_lock+0xa3/0xa10\n l2cap_chan_connect+0x322/0x940 [bluetooth]\n l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n __sys_connect+0x9b/0xc0\n __x64_sys_connect+0x16/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n __lock_acquire+0x147a/0x1a50\n lock_acquire+0x277/0x3d0\n __mutex_lock+0xa3/0xa10\n hci_conn_get_phy+0x1c/0x150 [bluetooth]\n l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n __sys_getsockopt+0xcc/0x200\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n lock(\u0026chan-\u003elock#2/1);\n lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n lock(\u0026hdev-\u003elock);\n\n *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n dump_stack+0x7f/0xa1\n check_noncircular+0x105/0x120\n ? __lock_acquire+0x147a/0x1a50\n __lock_acquire+0x147a/0x1a50\n lock_acquire+0x277/0x3d0\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n ? __lock_acquire+0x2e1/0x1a50\n ? lock_is_held_type+0xb4/0x120\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n __mutex_lock+0xa3/0xa10\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n ? lock_acquire+0x277/0x3d0\n ? mark_held_locks+0x49/0x70\n ? mark_held_locks+0x49/0x70\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n hci_conn_get_phy+0x\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:05.066Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555" }, { "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc" }, { "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17" }, { "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba" } ], "title": "Bluetooth: avoid deadlock between hci_dev-\u003elock and socket lock", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47038", "datePublished": "2024-02-28T08:13:45.310Z", "dateReserved": "2024-02-27T18:42:55.965Z", "dateUpdated": "2024-12-19T07:34:05.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47041
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: fix incorrect locking in state_change sk callback
We are not changing anything in the TCP connection state so
we should not take a write_lock but rather a read lock.
This caused a deadlock when running nvmet-tcp and nvme-tcp
on the same system, where state_change callbacks on the
host and on the controller side have causal relationship
and made lockdep report on this with blktests:
================================
WARNING: inconsistent lock state
5.12.0-rc3 #1 Tainted: G I
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-R} usage.
nvme/1324 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffff888363151000 (clock-AF_INET){++-?}-{2:2}, at: nvme_tcp_state_change+0x21/0x150 [nvme_tcp]
{IN-SOFTIRQ-W} state was registered at:
__lock_acquire+0x79b/0x18d0
lock_acquire+0x1ca/0x480
_raw_write_lock_bh+0x39/0x80
nvmet_tcp_state_change+0x21/0x170 [nvmet_tcp]
tcp_fin+0x2a8/0x780
tcp_data_queue+0xf94/0x1f20
tcp_rcv_established+0x6ba/0x1f00
tcp_v4_do_rcv+0x502/0x760
tcp_v4_rcv+0x257e/0x3430
ip_protocol_deliver_rcu+0x69/0x6a0
ip_local_deliver_finish+0x1e2/0x2f0
ip_local_deliver+0x1a2/0x420
ip_rcv+0x4fb/0x6b0
__netif_receive_skb_one_core+0x162/0x1b0
process_backlog+0x1ff/0x770
__napi_poll.constprop.0+0xa9/0x5c0
net_rx_action+0x7b3/0xb30
__do_softirq+0x1f0/0x940
do_softirq+0xa1/0xd0
__local_bh_enable_ip+0xd8/0x100
ip_finish_output2+0x6b7/0x18a0
__ip_queue_xmit+0x706/0x1aa0
__tcp_transmit_skb+0x2068/0x2e20
tcp_write_xmit+0xc9e/0x2bb0
__tcp_push_pending_frames+0x92/0x310
inet_shutdown+0x158/0x300
__nvme_tcp_stop_queue+0x36/0x270 [nvme_tcp]
nvme_tcp_stop_queue+0x87/0xb0 [nvme_tcp]
nvme_tcp_teardown_admin_queue+0x69/0xe0 [nvme_tcp]
nvme_do_delete_ctrl+0x100/0x10c [nvme_core]
nvme_sysfs_delete.cold+0x8/0xd [nvme_core]
kernfs_fop_write_iter+0x2c7/0x460
new_sync_write+0x36c/0x610
vfs_write+0x5c0/0x870
ksys_write+0xf9/0x1d0
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
irq event stamp: 10687
hardirqs last enabled at (10687): [<ffffffff9ec376bd>] _raw_spin_unlock_irqrestore+0x2d/0x40
hardirqs last disabled at (10686): [<ffffffff9ec374d8>] _raw_spin_lock_irqsave+0x68/0x90
softirqs last enabled at (10684): [<ffffffff9f000608>] __do_softirq+0x608/0x940
softirqs last disabled at (10649): [<ffffffff9cdedd31>] do_softirq+0xa1/0xd0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(clock-AF_INET);
<Interrupt>
lock(clock-AF_INET);
*** DEADLOCK ***
5 locks held by nvme/1324:
#0: ffff8884a01fe470 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0xf9/0x1d0
#1: ffff8886e435c090 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x216/0x460
#2: ffff888104d90c38 (kn->active#255){++++}-{0:0}, at: kernfs_remove_self+0x22d/0x330
#3: ffff8884634538d0 (&queue->queue_lock){+.+.}-{3:3}, at: nvme_tcp_stop_queue+0x52/0xb0 [nvme_tcp]
#4: ffff888363150d30 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x59/0x300
stack backtrace:
CPU: 26 PID: 1324 Comm: nvme Tainted: G I 5.12.0-rc3 #1
Hardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.10.0 11/12/2020
Call Trace:
dump_stack+0x93/0xc2
mark_lock_irq.cold+0x2c/0xb3
? verify_lock_unused+0x390/0x390
? stack_trace_consume_entry+0x160/0x160
? lock_downgrade+0x100/0x100
? save_trace+0x88/0x5e0
? _raw_spin_unlock_irqrestore+0x2d/0x40
mark_lock+0x530/0x1470
? mark_lock_irq+0x1d10/0x1d10
? enqueue_timer+0x660/0x660
mark_usage+0x215/0x2a0
__lock_acquire+0x79b/0x18d0
? tcp_schedule_loss_probe.part.0+0x38c/0x520
lock_acquire+0x1ca/0x480
? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]
? rcu_read_unlock+0x40/0x40
? tcp_mtu_probe+0x1ae0/0x1ae0
? kmalloc_reserve+0xa0/0xa0
? sysfs_file_ops+0x170/0x170
_raw_read_lock+0x3d/0xa0
? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]
nvme_tcp_state_change+0x21/0x150 [nvme_tcp]
? sysfs_file_ops
---truncated---
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 Version: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T20:52:02.308204Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:31.732Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/999d606a820c36ae9b9e9611360c8b3d8d4bb777" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60ade0d56b06537a28884745059b3801c78e03bc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/06beaa1a9f6e501213195e47c30416032fd2bbd5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/906c538340dde6d891df89fe7dac8eaa724e40da" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b5332a9f3f3d884a1b646ce155e664cc558c1722" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/nvme/target/tcp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "999d606a820c36ae9b9e9611360c8b3d8d4bb777", "status": "affected", "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30", "versionType": "git" }, { "lessThan": "60ade0d56b06537a28884745059b3801c78e03bc", "status": "affected", "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30", "versionType": "git" }, { "lessThan": "06beaa1a9f6e501213195e47c30416032fd2bbd5", "status": "affected", "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30", "versionType": "git" }, { "lessThan": "906c538340dde6d891df89fe7dac8eaa724e40da", "status": "affected", "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30", "versionType": "git" }, { "lessThan": "b5332a9f3f3d884a1b646ce155e664cc558c1722", "status": "affected", "version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/nvme/target/tcp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.0" }, { "lessThan": "5.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.119", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix incorrect locking in state_change sk callback\n\nWe are not changing anything in the TCP connection state so\nwe should not take a write_lock but rather a read lock.\n\nThis caused a deadlock when running nvmet-tcp and nvme-tcp\non the same system, where state_change callbacks on the\nhost and on the controller side have causal relationship\nand made lockdep report on this with blktests:\n\n================================\nWARNING: inconsistent lock state\n5.12.0-rc3 #1 Tainted: G I\n--------------------------------\ninconsistent {IN-SOFTIRQ-W} -\u003e {SOFTIRQ-ON-R} usage.\nnvme/1324 [HC0[0]:SC0[0]:HE1:SE1] takes:\nffff888363151000 (clock-AF_INET){++-?}-{2:2}, at: nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n{IN-SOFTIRQ-W} state was registered at:\n __lock_acquire+0x79b/0x18d0\n lock_acquire+0x1ca/0x480\n _raw_write_lock_bh+0x39/0x80\n nvmet_tcp_state_change+0x21/0x170 [nvmet_tcp]\n tcp_fin+0x2a8/0x780\n tcp_data_queue+0xf94/0x1f20\n tcp_rcv_established+0x6ba/0x1f00\n tcp_v4_do_rcv+0x502/0x760\n tcp_v4_rcv+0x257e/0x3430\n ip_protocol_deliver_rcu+0x69/0x6a0\n ip_local_deliver_finish+0x1e2/0x2f0\n ip_local_deliver+0x1a2/0x420\n ip_rcv+0x4fb/0x6b0\n __netif_receive_skb_one_core+0x162/0x1b0\n process_backlog+0x1ff/0x770\n __napi_poll.constprop.0+0xa9/0x5c0\n net_rx_action+0x7b3/0xb30\n __do_softirq+0x1f0/0x940\n do_softirq+0xa1/0xd0\n __local_bh_enable_ip+0xd8/0x100\n ip_finish_output2+0x6b7/0x18a0\n __ip_queue_xmit+0x706/0x1aa0\n __tcp_transmit_skb+0x2068/0x2e20\n tcp_write_xmit+0xc9e/0x2bb0\n __tcp_push_pending_frames+0x92/0x310\n inet_shutdown+0x158/0x300\n __nvme_tcp_stop_queue+0x36/0x270 [nvme_tcp]\n nvme_tcp_stop_queue+0x87/0xb0 [nvme_tcp]\n nvme_tcp_teardown_admin_queue+0x69/0xe0 [nvme_tcp]\n nvme_do_delete_ctrl+0x100/0x10c [nvme_core]\n nvme_sysfs_delete.cold+0x8/0xd [nvme_core]\n kernfs_fop_write_iter+0x2c7/0x460\n new_sync_write+0x36c/0x610\n vfs_write+0x5c0/0x870\n ksys_write+0xf9/0x1d0\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nirq event stamp: 10687\nhardirqs last enabled at (10687): [\u003cffffffff9ec376bd\u003e] _raw_spin_unlock_irqrestore+0x2d/0x40\nhardirqs last disabled at (10686): [\u003cffffffff9ec374d8\u003e] _raw_spin_lock_irqsave+0x68/0x90\nsoftirqs last enabled at (10684): [\u003cffffffff9f000608\u003e] __do_softirq+0x608/0x940\nsoftirqs last disabled at (10649): [\u003cffffffff9cdedd31\u003e] do_softirq+0xa1/0xd0\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(clock-AF_INET);\n \u003cInterrupt\u003e\n lock(clock-AF_INET);\n\n *** DEADLOCK ***\n\n5 locks held by nvme/1324:\n #0: ffff8884a01fe470 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0xf9/0x1d0\n #1: ffff8886e435c090 (\u0026of-\u003emutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x216/0x460\n #2: ffff888104d90c38 (kn-\u003eactive#255){++++}-{0:0}, at: kernfs_remove_self+0x22d/0x330\n #3: ffff8884634538d0 (\u0026queue-\u003equeue_lock){+.+.}-{3:3}, at: nvme_tcp_stop_queue+0x52/0xb0 [nvme_tcp]\n #4: ffff888363150d30 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x59/0x300\n\nstack backtrace:\nCPU: 26 PID: 1324 Comm: nvme Tainted: G I 5.12.0-rc3 #1\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.10.0 11/12/2020\nCall Trace:\n dump_stack+0x93/0xc2\n mark_lock_irq.cold+0x2c/0xb3\n ? verify_lock_unused+0x390/0x390\n ? stack_trace_consume_entry+0x160/0x160\n ? lock_downgrade+0x100/0x100\n ? save_trace+0x88/0x5e0\n ? _raw_spin_unlock_irqrestore+0x2d/0x40\n mark_lock+0x530/0x1470\n ? mark_lock_irq+0x1d10/0x1d10\n ? enqueue_timer+0x660/0x660\n mark_usage+0x215/0x2a0\n __lock_acquire+0x79b/0x18d0\n ? tcp_schedule_loss_probe.part.0+0x38c/0x520\n lock_acquire+0x1ca/0x480\n ? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n ? rcu_read_unlock+0x40/0x40\n ? tcp_mtu_probe+0x1ae0/0x1ae0\n ? kmalloc_reserve+0xa0/0xa0\n ? sysfs_file_ops+0x170/0x170\n _raw_read_lock+0x3d/0xa0\n ? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n ? sysfs_file_ops\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:08.466Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/999d606a820c36ae9b9e9611360c8b3d8d4bb777" }, { "url": "https://git.kernel.org/stable/c/60ade0d56b06537a28884745059b3801c78e03bc" }, { "url": "https://git.kernel.org/stable/c/06beaa1a9f6e501213195e47c30416032fd2bbd5" }, { "url": "https://git.kernel.org/stable/c/906c538340dde6d891df89fe7dac8eaa724e40da" }, { "url": "https://git.kernel.org/stable/c/b5332a9f3f3d884a1b646ce155e664cc558c1722" } ], "title": "nvmet-tcp: fix incorrect locking in state_change sk callback", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47041", "datePublished": "2024-02-28T08:13:47.182Z", "dateReserved": "2024-02-27T18:42:55.968Z", "dateUpdated": "2024-12-19T07:34:08.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47048
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
When handling op->addr, it is using the buffer "tmpbuf" which has been
freed. This will trigger a use-after-free KASAN warning. Let's use
temporary variables to store op->addr.val and op->cmd.opcode to fix
this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:41.551730Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:55.958Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-zynqmp-gqspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1231279389b5e638bc3b66b9741c94077aed4b5a", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "d67e0d6bd92ebbb0294e7062bbf5cdc773764e62", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "23269ac9f123eca3aea7682d3345c02e71ed696c", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-zynqmp-gqspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op\n\nWhen handling op-\u003eaddr, it is using the buffer \"tmpbuf\" which has been\nfreed. This will trigger a use-after-free KASAN warning. Let\u0027s use\ntemporary variables to store op-\u003eaddr.val and op-\u003ecmd.opcode to fix\nthis issue." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:16.512Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1231279389b5e638bc3b66b9741c94077aed4b5a" }, { "url": "https://git.kernel.org/stable/c/d67e0d6bd92ebbb0294e7062bbf5cdc773764e62" }, { "url": "https://git.kernel.org/stable/c/23269ac9f123eca3aea7682d3345c02e71ed696c" }, { "url": "https://git.kernel.org/stable/c/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58" } ], "title": "spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47048", "datePublished": "2024-02-28T08:13:51.551Z", "dateReserved": "2024-02-27T18:42:55.970Z", "dateUpdated": "2024-12-19T07:34:16.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47015
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix RX consumer index logic in the error path.
In bnxt_rx_pkt(), the RX buffers are expected to complete in order.
If the RX consumer index indicates an out of order buffer completion,
it means we are hitting a hardware bug and the driver will abort all
remaining RX packets and reset the RX ring. The RX consumer index
that we pass to bnxt_discard_rx() is not correct. We should be
passing the current index (tmp_raw_cons) instead of the old index
(raw_cons). This bug can cause us to be at the wrong index when
trying to abort the next RX packet. It can crash like this:
#0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007
#1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232
#2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e
#3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978
#4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0
#5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e
#6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24
#7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e
#8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12
#9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5
[exception RIP: bnxt_rx_pkt+237]
RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213
RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000
RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000
RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d
R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0
R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: a1b0e4e684e9c300b9e759b46cb7a0147e61ddff Version: a1b0e4e684e9c300b9e759b46cb7a0147e61ddff Version: a1b0e4e684e9c300b9e759b46cb7a0147e61ddff Version: a1b0e4e684e9c300b9e759b46cb7a0147e61ddff Version: a1b0e4e684e9c300b9e759b46cb7a0147e61ddff |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T19:16:01.961678Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:23.299Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/bnxt/bnxt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847", "status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "versionType": "git" }, { "lessThan": "4fcaad2b7dac3f16704f8118c7e481024ddbd3ed", "status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "versionType": "git" }, { "lessThan": "e187ef83c04a5d23e68d39cfdff1a1931e29890c", "status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "versionType": "git" }, { "lessThan": "3fbc5bc651d688fbea2a59cdc91520a2f5334d0a", "status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "versionType": "git" }, { "lessThan": "bbd6f0a948139970f4a615dff189d9a503681a39", "status": "affected", "version": "a1b0e4e684e9c300b9e759b46cb7a0147e61ddff", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/bnxt/bnxt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.1" }, { "lessThan": "5.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.119", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RX consumer index logic in the error path.\n\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n\n #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n [exception RIP: bnxt_rx_pkt+237]\n RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\n RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\n RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\n RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\n R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\n R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:38.296Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b1523e4ba293b2a32d9fabaf70c1dcaa6e3e2847" }, { "url": "https://git.kernel.org/stable/c/4fcaad2b7dac3f16704f8118c7e481024ddbd3ed" }, { "url": "https://git.kernel.org/stable/c/e187ef83c04a5d23e68d39cfdff1a1931e29890c" }, { "url": "https://git.kernel.org/stable/c/3fbc5bc651d688fbea2a59cdc91520a2f5334d0a" }, { "url": "https://git.kernel.org/stable/c/bbd6f0a948139970f4a615dff189d9a503681a39" } ], "title": "bnxt_en: Fix RX consumer index logic in the error path.", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47015", "datePublished": "2024-02-28T08:13:32.135Z", "dateReserved": "2024-02-27T18:42:55.953Z", "dateUpdated": "2024-12-19T07:33:38.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47018
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/64: Fix the definition of the fixmap area
At the time being, the fixmap area is defined at the top of
the address space or just below KASAN.
This definition is not valid for PPC64.
For PPC64, use the top of the I/O space.
Because of circular dependencies, it is not possible to include
asm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size
AREA at the top of the I/O space for fixmap and ensure during
build that the size is big enough.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a84df7c80bdac598d6ac9268ae578da6928883e8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47018", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:58:06.446174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:29.939Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/book3s/64/pgtable.h", "arch/powerpc/include/asm/fixmap.h", "arch/powerpc/include/asm/nohash/64/pgtable.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd", "status": "affected", "version": "265c3491c4bc8d40587996d6ee2f447a7ccfb4f3", "versionType": "git" }, { "lessThan": "abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f", "status": "affected", "version": "265c3491c4bc8d40587996d6ee2f447a7ccfb4f3", "versionType": "git" }, { "lessThan": "a84df7c80bdac598d6ac9268ae578da6928883e8", "status": "affected", "version": "265c3491c4bc8d40587996d6ee2f447a7ccfb4f3", "versionType": "git" }, { "lessThan": "9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c", "status": "affected", "version": "265c3491c4bc8d40587996d6ee2f447a7ccfb4f3", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/book3s/64/pgtable.h", "arch/powerpc/include/asm/fixmap.h", "arch/powerpc/include/asm/nohash/64/pgtable.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Fix the definition of the fixmap area\n\nAt the time being, the fixmap area is defined at the top of\nthe address space or just below KASAN.\n\nThis definition is not valid for PPC64.\n\nFor PPC64, use the top of the I/O space.\n\nBecause of circular dependencies, it is not possible to include\nasm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size\nAREA at the top of the I/O space for fixmap and ensure during\nbuild that the size is big enough." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:41.662Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4b9fb2c9039a206d37f215936a4d5bee7b1bf9cd" }, { "url": "https://git.kernel.org/stable/c/abb07dc5e8b61ab7b1dde20dd73aa01a3aeb183f" }, { "url": "https://git.kernel.org/stable/c/a84df7c80bdac598d6ac9268ae578da6928883e8" }, { "url": "https://git.kernel.org/stable/c/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c" } ], "title": "powerpc/64: Fix the definition of the fixmap area", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47018", "datePublished": "2024-02-28T08:13:33.362Z", "dateReserved": "2024-02-27T18:42:55.954Z", "dateUpdated": "2024-12-19T07:33:41.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47042
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Free local data after use
Fixes the following memory leak in dc_link_construct():
unreferenced object 0xffffa03e81471400 (size 1024):
comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000bdf5c4a>] kmem_cache_alloc_trace+0x30a/0x4a0
[<00000000e7c59f0e>] link_create+0xce/0xac0 [amdgpu]
[<000000002fb6c072>] dc_create+0x370/0x720 [amdgpu]
[<000000000094d1f3>] amdgpu_dm_init+0x18e/0x17a0 [amdgpu]
[<00000000bec048fd>] dm_hw_init+0x12/0x20 [amdgpu]
[<00000000a2bb7cf6>] amdgpu_device_init+0x1463/0x1e60 [amdgpu]
[<0000000032d3bb13>] amdgpu_driver_load_kms+0x5b/0x330 [amdgpu]
[<00000000a27834f9>] amdgpu_pci_probe+0x192/0x280 [amdgpu]
[<00000000fec7d291>] local_pci_probe+0x47/0xa0
[<0000000055dbbfa7>] pci_device_probe+0xe3/0x180
[<00000000815da970>] really_probe+0x1c4/0x4e0
[<00000000b4b6974b>] driver_probe_device+0x62/0x150
[<000000000f9ecc61>] device_driver_attach+0x58/0x60
[<000000000f65c843>] __driver_attach+0xd6/0x150
[<000000002f5e3683>] bus_for_each_dev+0x6a/0xc0
[<00000000a1cfc897>] driver_attach+0x1e/0x20
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/296443139f893b554dddd56a99ba8471ab5802d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47042", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:44.782253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:48.903Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/core/dc_link.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "296443139f893b554dddd56a99ba8471ab5802d4", "status": "affected", "version": "3a00c04212d1cfe1426338b78f4ead623508c874", "versionType": "git" }, { "lessThan": "616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1", "status": "affected", "version": "3a00c04212d1cfe1426338b78f4ead623508c874", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/core/dc_link.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Free local data after use\n\nFixes the following memory leak in dc_link_construct():\n\nunreferenced object 0xffffa03e81471400 (size 1024):\ncomm \"amd_module_load\", pid 2486, jiffies 4294946026 (age 10.544s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[\u003c000000000bdf5c4a\u003e] kmem_cache_alloc_trace+0x30a/0x4a0\n[\u003c00000000e7c59f0e\u003e] link_create+0xce/0xac0 [amdgpu]\n[\u003c000000002fb6c072\u003e] dc_create+0x370/0x720 [amdgpu]\n[\u003c000000000094d1f3\u003e] amdgpu_dm_init+0x18e/0x17a0 [amdgpu]\n[\u003c00000000bec048fd\u003e] dm_hw_init+0x12/0x20 [amdgpu]\n[\u003c00000000a2bb7cf6\u003e] amdgpu_device_init+0x1463/0x1e60 [amdgpu]\n[\u003c0000000032d3bb13\u003e] amdgpu_driver_load_kms+0x5b/0x330 [amdgpu]\n[\u003c00000000a27834f9\u003e] amdgpu_pci_probe+0x192/0x280 [amdgpu]\n[\u003c00000000fec7d291\u003e] local_pci_probe+0x47/0xa0\n[\u003c0000000055dbbfa7\u003e] pci_device_probe+0xe3/0x180\n[\u003c00000000815da970\u003e] really_probe+0x1c4/0x4e0\n[\u003c00000000b4b6974b\u003e] driver_probe_device+0x62/0x150\n[\u003c000000000f9ecc61\u003e] device_driver_attach+0x58/0x60\n[\u003c000000000f65c843\u003e] __driver_attach+0xd6/0x150\n[\u003c000000002f5e3683\u003e] bus_for_each_dev+0x6a/0xc0\n[\u003c00000000a1cfc897\u003e] driver_attach+0x1e/0x20" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:09.631Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/296443139f893b554dddd56a99ba8471ab5802d4" }, { "url": "https://git.kernel.org/stable/c/616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1" } ], "title": "drm/amd/display: Free local data after use", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47042", "datePublished": "2024-02-28T08:13:47.809Z", "dateReserved": "2024-02-27T18:42:55.969Z", "dateUpdated": "2024-12-19T07:34:09.631Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47045
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
It is possible to call lpfc_issue_els_plogi() passing a did for which no
matching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a
null pointer to a lpfc_nodelist structure resulting in a null pointer
dereference.
Fix by returning an error status if no valid ndlp is found. Fix up comments
regarding ndlp reference counting.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47045", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T18:15:44.582355Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:28.365Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/scsi/lpfc/lpfc_els.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a09677de458d500b00701f6036baa423d9995408", "status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "versionType": "git" }, { "lessThan": "9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7", "status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "versionType": "git" }, { "lessThan": "8dd1c125f7f838abad009b64bff5f0a11afe3cb6", "status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/scsi/lpfc/lpfc_els.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()\n\nIt is possible to call lpfc_issue_els_plogi() passing a did for which no\nmatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a\nnull pointer to a lpfc_nodelist structure resulting in a null pointer\ndereference.\n\nFix by returning an error status if no valid ndlp is found. Fix up comments\nregarding ndlp reference counting." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:13.069Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408" }, { "url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7" }, { "url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6" } ], "title": "scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47045", "datePublished": "2024-02-28T08:13:49.708Z", "dateReserved": "2024-02-27T18:42:55.970Z", "dateUpdated": "2024-12-19T07:34:13.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47053
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: sun8i-ss - Fix memory leak of pad
It appears there are several failure return paths that don't seem
to be free'ing pad. Fix these.
Addresses-Coverity: ("Resource leak")
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T20:51:36.580190Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:29.294Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.873Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2c67a9333da9d0a3b87310e0d116b7c9070c7b00" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c633e025bd04f54d7b33331cfcdb71354b08ce59" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d3d702084d125689edb2b9395c707e09b471352e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2c67a9333da9d0a3b87310e0d116b7c9070c7b00", "status": "affected", "version": "d9b45418a91773b7672e4c60037a28074b495c6d", "versionType": "git" }, { "lessThan": "c633e025bd04f54d7b33331cfcdb71354b08ce59", "status": "affected", "version": "d9b45418a91773b7672e4c60037a28074b495c6d", "versionType": "git" }, { "lessThan": "d3d702084d125689edb2b9395c707e09b471352e", "status": "affected", "version": "d9b45418a91773b7672e4c60037a28074b495c6d", "versionType": "git" }, { "lessThan": "50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a", "status": "affected", "version": "d9b45418a91773b7672e4c60037a28074b495c6d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - Fix memory leak of pad\n\nIt appears there are several failure return paths that don\u0027t seem\nto be free\u0027ing pad. Fix these.\n\nAddresses-Coverity: (\"Resource leak\")" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:22.368Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2c67a9333da9d0a3b87310e0d116b7c9070c7b00" }, { "url": "https://git.kernel.org/stable/c/c633e025bd04f54d7b33331cfcdb71354b08ce59" }, { "url": "https://git.kernel.org/stable/c/d3d702084d125689edb2b9395c707e09b471352e" }, { "url": "https://git.kernel.org/stable/c/50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a" } ], "title": "crypto: sun8i-ss - Fix memory leak of pad", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47053", "datePublished": "2024-02-28T08:13:54.711Z", "dateReserved": "2024-02-27T18:42:55.973Z", "dateUpdated": "2024-12-19T07:34:22.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47051
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
pm_runtime_get_sync will increment pm usage counter even it failed.
Forgetting to putting operation will result in reference leak here.
Fix it by replacing it with pm_runtime_resume_and_get to keep usage
counter balanced.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 944c01a889d97dc08e1b71f4ed868f4023fd6034 Version: 944c01a889d97dc08e1b71f4ed868f4023fd6034 Version: 944c01a889d97dc08e1b71f4ed868f4023fd6034 Version: 944c01a889d97dc08e1b71f4ed868f4023fd6034 Version: 944c01a889d97dc08e1b71f4ed868f4023fd6034 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4a01ad002d2e03c399af536562693752af7c81b1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ce02e58ddf8658a4c3bed2296f32a5873b3f7cce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b8207bfc539cd07d15e753ff2d179c5b61c673b1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6a2b5cee0d31ab6cc51030c441135b0e31217282" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a03675497970a93fcf25d81d9d92a59c2d7377a7" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47051", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:35.223883Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:53.652Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-fsl-lpspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4a01ad002d2e03c399af536562693752af7c81b1", "status": "affected", "version": "944c01a889d97dc08e1b71f4ed868f4023fd6034", "versionType": "git" }, { "lessThan": "ce02e58ddf8658a4c3bed2296f32a5873b3f7cce", "status": "affected", "version": "944c01a889d97dc08e1b71f4ed868f4023fd6034", "versionType": "git" }, { "lessThan": "b8207bfc539cd07d15e753ff2d179c5b61c673b1", "status": "affected", "version": "944c01a889d97dc08e1b71f4ed868f4023fd6034", "versionType": "git" }, { "lessThan": "6a2b5cee0d31ab6cc51030c441135b0e31217282", "status": "affected", "version": "944c01a889d97dc08e1b71f4ed868f4023fd6034", "versionType": "git" }, { "lessThan": "a03675497970a93fcf25d81d9d92a59c2d7377a7", "status": "affected", "version": "944c01a889d97dc08e1b71f4ed868f4023fd6034", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-fsl-lpspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.2" }, { "lessThan": "5.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.119", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()\n\npm_runtime_get_sync will increment pm usage counter even it failed.\nForgetting to putting operation will result in reference leak here.\nFix it by replacing it with pm_runtime_resume_and_get to keep usage\ncounter balanced." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:19.972Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4a01ad002d2e03c399af536562693752af7c81b1" }, { "url": "https://git.kernel.org/stable/c/ce02e58ddf8658a4c3bed2296f32a5873b3f7cce" }, { "url": "https://git.kernel.org/stable/c/b8207bfc539cd07d15e753ff2d179c5b61c673b1" }, { "url": "https://git.kernel.org/stable/c/6a2b5cee0d31ab6cc51030c441135b0e31217282" }, { "url": "https://git.kernel.org/stable/c/a03675497970a93fcf25d81d9d92a59c2d7377a7" } ], "title": "spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47051", "datePublished": "2024-02-28T08:13:53.461Z", "dateReserved": "2024-02-27T18:42:55.971Z", "dateUpdated": "2024-12-19T07:34:19.972Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47046
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix off by one in hdmi_14_process_transaction()
The hdcp_i2c_offsets[] array did not have an entry for
HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one
read overflow. I added an entry and copied the 0x0 value for the offset
from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.
I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX
entries. This doesn't change the code, but it's just a belt and
suspenders approach to try future proof the code.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47046", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T20:31:21.379702Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:14.997Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.795Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "403c4528e5887af3deb9838cb77a557631d1e138", "status": "affected", "version": "4c283fdac08abf3211533f70623c90a34f41d08d", "versionType": "git" }, { "lessThan": "6a58310d5d1e5b02d0fc9b393ba540c9367bced5", "status": "affected", "version": "4c283fdac08abf3211533f70623c90a34f41d08d", "versionType": "git" }, { "lessThan": "080bd41d6478a64edf96704fddcda52b1fd5fed7", "status": "affected", "version": "4c283fdac08abf3211533f70623c90a34f41d08d", "versionType": "git" }, { "lessThan": "8e6fafd5a22e7a2eb216f5510db7aab54cc545c1", "status": "affected", "version": "4c283fdac08abf3211533f70623c90a34f41d08d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\n\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\n\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn\u0027t change the code, but it\u0027s just a belt and\nsuspenders approach to try future proof the code." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:14.214Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138" }, { "url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5" }, { "url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7" }, { "url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1" } ], "title": "drm/amd/display: Fix off by one in hdmi_14_process_transaction()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47046", "datePublished": "2024-02-28T08:13:50.320Z", "dateReserved": "2024-02-27T18:42:55.970Z", "dateUpdated": "2024-12-19T07:34:14.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47014
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ct: fix wild memory access when clearing fragments
while testing re-assembly/re-fragmentation using act_ct, it's possible to
observe a crash like the following one:
KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]
CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424
Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017
RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0
Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48
RSP: 0018:ffff888c31449db8 EFLAGS: 00010203
RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960
RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e
RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350
R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000
R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160
FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
inet_frag_destroy+0xa9/0x150
call_timer_fn+0x2d/0x180
run_timer_softirq+0x4fe/0xe70
__do_softirq+0x197/0x5a0
irq_exit_rcu+0x1de/0x200
sysvec_apic_timer_interrupt+0x6b/0x80
</IRQ>
when act_ct temporarily stores an IP fragment, restoring the skb qdisc cb
results in putting random data in FRAG_CB(), and this causes those "wild"
memory accesses later, when the rbtree is purged. Never overwrite the skb
cb in case tcf_ct_handle_fragments() returns -EINPROGRESS.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:38.521Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0648941f4c8bbf8b4b6c0b270889ae7aa769b921" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f77bd544a6bbe69aa50d9ed09f13494cf36ff806" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47014", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:58:12.683000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:31.142Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/act_ct.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0648941f4c8bbf8b4b6c0b270889ae7aa769b921", "status": "affected", "version": "ae372cb1750f6c95370f92fe5f5620e0954663ba", "versionType": "git" }, { "lessThan": "f77bd544a6bbe69aa50d9ed09f13494cf36ff806", "status": "affected", "version": "ae372cb1750f6c95370f92fe5f5620e0954663ba", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/act_ct.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: fix wild memory access when clearing fragments\n\nwhile testing re-assembly/re-fragmentation using act_ct, it\u0027s possible to\nobserve a crash like the following one:\n\n KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]\n CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424\n Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\n RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0\n Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 \u003c42\u003e 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48\n RSP: 0018:ffff888c31449db8 EFLAGS: 00010203\n RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960\n RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e\n RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350\n R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000\n R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160\n FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n inet_frag_destroy+0xa9/0x150\n call_timer_fn+0x2d/0x180\n run_timer_softirq+0x4fe/0xe70\n __do_softirq+0x197/0x5a0\n irq_exit_rcu+0x1de/0x200\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n\nwhen act_ct temporarily stores an IP fragment, restoring the skb qdisc cb\nresults in putting random data in FRAG_CB(), and this causes those \"wild\"\nmemory accesses later, when the rbtree is purged. Never overwrite the skb\ncb in case tcf_ct_handle_fragments() returns -EINPROGRESS." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:37.174Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0648941f4c8bbf8b4b6c0b270889ae7aa769b921" }, { "url": "https://git.kernel.org/stable/c/f77bd544a6bbe69aa50d9ed09f13494cf36ff806" } ], "title": "net/sched: act_ct: fix wild memory access when clearing fragments", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47014", "datePublished": "2024-02-28T08:13:31.513Z", "dateReserved": "2024-02-27T18:42:55.953Z", "dateUpdated": "2024-12-19T07:33:37.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47047
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
The spi controller supports 44-bit address space on AXI in DMA mode,
so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.
In addition, if dma_map_single fails, it should return immediately
instead of continuing doing the DMA operation which bases on invalid
address.
This fixes the following crash which occurs in reading a big block
from flash:
[ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)
[ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped
[ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0
[ 123.792536] Mem abort info:
[ 123.795313] ESR = 0x96000145
[ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits
[ 123.803655] SET = 0, FnV = 0
[ 123.806693] EA = 0, S1PTW = 0
[ 123.809818] Data abort info:
[ 123.812683] ISV = 0, ISS = 0x00000145
[ 123.816503] CM = 1, WnR = 1
[ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000
[ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000
[ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47047", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T19:57:19.610244Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:11.460Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5980a3b9c933408bc22b0e349b78c3ebd7cbf880" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c26c026eb496261dbc0adbf606cc81989cd2038c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bad5a23cf2b477fa78b85fd392736dae09a1e818" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/126bdb606fd2802454e6048caef1be3e25dd121e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-zynqmp-gqspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5980a3b9c933408bc22b0e349b78c3ebd7cbf880", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "c26c026eb496261dbc0adbf606cc81989cd2038c", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "bad5a23cf2b477fa78b85fd392736dae09a1e818", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" }, { "lessThan": "126bdb606fd2802454e6048caef1be3e25dd121e", "status": "affected", "version": "1c26372e5aa9e53391a1f8fe0dc7cd93a7e5ba9e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-zynqmp-gqspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails\n\nThe spi controller supports 44-bit address space on AXI in DMA mode,\nso set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.\nIn addition, if dma_map_single fails, it should return immediately\ninstead of continuing doing the DMA operation which bases on invalid\naddress.\n\nThis fixes the following crash which occurs in reading a big block\nfrom flash:\n\n[ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)\n[ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped\n[ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0\n[ 123.792536] Mem abort info:\n[ 123.795313] ESR = 0x96000145\n[ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 123.803655] SET = 0, FnV = 0\n[ 123.806693] EA = 0, S1PTW = 0\n[ 123.809818] Data abort info:\n[ 123.812683] ISV = 0, ISS = 0x00000145\n[ 123.816503] CM = 1, WnR = 1\n[ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000\n[ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000\n[ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:15.406Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5980a3b9c933408bc22b0e349b78c3ebd7cbf880" }, { "url": "https://git.kernel.org/stable/c/c26c026eb496261dbc0adbf606cc81989cd2038c" }, { "url": "https://git.kernel.org/stable/c/bad5a23cf2b477fa78b85fd392736dae09a1e818" }, { "url": "https://git.kernel.org/stable/c/126bdb606fd2802454e6048caef1be3e25dd121e" } ], "title": "spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47047", "datePublished": "2024-02-28T08:13:50.931Z", "dateReserved": "2024-02-27T18:42:55.970Z", "dateUpdated": "2024-12-19T07:34:15.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47013
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).
If some error happens in emac_tx_fill_tpd(), the skb will be freed via
dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().
But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).
As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,
thus my patch assigns skb->len to 'len' before the possible free and
use 'len' instead of skb->len later.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf Version: b9b17debc69d27cd55e21ee51a5ba7fc50a426cf |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47013", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T19:56:27.719807Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:43.156Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/qualcomm/emac/emac-mac.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c7f75d11fe72913d2619f97b2334b083cd7bb955", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "dc1b438a35773d030be0ee80d9c635c3e558a322", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "16d8c44be52e3650917736d45f5904384a9da834", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "55fcdd1258faaecca74b91b88cc0921f9edd775d", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "9dc373f74097edd0e35f3393d6248eda8d1ba99d", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "8c06f34785068b87e2b560534c77c163d6c6dca7", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "e407495ba6788a67d1bd41714158c079e340879b", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" }, { "lessThan": "6d72e7c767acbbdd44ebc7d89c6690b405b32b57", "status": "affected", "version": "b9b17debc69d27cd55e21ee51a5ba7fc50a426cf", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/qualcomm/emac/emac-mac.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.9" }, { "lessThan": "4.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.269", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.233", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.191", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.119", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb-\u003elen by netdev_sent_queue(,skb-\u003elen).\n\nAs i observed that emac_tx_fill_tpd() haven\u0027t modified the value of skb-\u003elen,\nthus my patch assigns skb-\u003elen to \u0027len\u0027 before the possible free and\nuse \u0027len\u0027 instead of skb-\u003elen later." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:36.032Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c7f75d11fe72913d2619f97b2334b083cd7bb955" }, { "url": "https://git.kernel.org/stable/c/dc1b438a35773d030be0ee80d9c635c3e558a322" }, { "url": "https://git.kernel.org/stable/c/16d8c44be52e3650917736d45f5904384a9da834" }, { "url": "https://git.kernel.org/stable/c/55fcdd1258faaecca74b91b88cc0921f9edd775d" }, { "url": "https://git.kernel.org/stable/c/9dc373f74097edd0e35f3393d6248eda8d1ba99d" }, { "url": "https://git.kernel.org/stable/c/8c06f34785068b87e2b560534c77c163d6c6dca7" }, { "url": "https://git.kernel.org/stable/c/e407495ba6788a67d1bd41714158c079e340879b" }, { "url": "https://git.kernel.org/stable/c/6d72e7c767acbbdd44ebc7d89c6690b405b32b57" } ], "title": "net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47013", "datePublished": "2024-02-28T08:13:30.905Z", "dateReserved": "2024-02-27T18:42:55.953Z", "dateUpdated": "2024-12-19T07:33:36.032Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47043
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: venus: core: Fix some resource leaks in the error path of 'venus_probe()'
If an error occurs after a successful 'of_icc_get()' call, it must be
undone.
Use 'devm_of_icc_get()' instead of 'of_icc_get()' to avoid the leak.
Update the remove function accordingly and axe the now unneeded
'icc_put()' calls.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47043", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-21T16:26:36.295106Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-21T16:26:45.050Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00b68a7478343afdf83f30c43e64db5296057030" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/940d01eceb3a7866fbfca136a55a5625fc75a565" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/711acdf0228dc71601247f28b56f13e850e395c8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a465c5391a856a0c1e9554964d660676c35d1b2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/media/platform/qcom/venus/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "00b68a7478343afdf83f30c43e64db5296057030", "status": "affected", "version": "32f0a6ddc8c98a1aade2bf3d07c79d5d2c6ceb9a", "versionType": "git" }, { "lessThan": "940d01eceb3a7866fbfca136a55a5625fc75a565", "status": "affected", "version": "32f0a6ddc8c98a1aade2bf3d07c79d5d2c6ceb9a", "versionType": "git" }, { "lessThan": "711acdf0228dc71601247f28b56f13e850e395c8", "status": "affected", "version": "32f0a6ddc8c98a1aade2bf3d07c79d5d2c6ceb9a", "versionType": "git" }, { "lessThan": "5a465c5391a856a0c1e9554964d660676c35d1b2", "status": "affected", "version": "32f0a6ddc8c98a1aade2bf3d07c79d5d2c6ceb9a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/media/platform/qcom/venus/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: core: Fix some resource leaks in the error path of \u0027venus_probe()\u0027\n\nIf an error occurs after a successful \u0027of_icc_get()\u0027 call, it must be\nundone.\n\nUse \u0027devm_of_icc_get()\u0027 instead of \u0027of_icc_get()\u0027 to avoid the leak.\nUpdate the remove function accordingly and axe the now unneeded\n\u0027icc_put()\u0027 calls." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:10.760Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/00b68a7478343afdf83f30c43e64db5296057030" }, { "url": "https://git.kernel.org/stable/c/940d01eceb3a7866fbfca136a55a5625fc75a565" }, { "url": "https://git.kernel.org/stable/c/711acdf0228dc71601247f28b56f13e850e395c8" }, { "url": "https://git.kernel.org/stable/c/5a465c5391a856a0c1e9554964d660676c35d1b2" } ], "title": "media: venus: core: Fix some resource leaks in the error path of \u0027venus_probe()\u0027", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47043", "datePublished": "2024-02-28T08:13:48.440Z", "dateReserved": "2024-02-27T18:42:55.969Z", "dateUpdated": "2024-12-19T07:34:10.760Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47012
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix a use after free in siw_alloc_mr
Our code analyzer reported a UAF.
In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of
siw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed via
kfree(mem) if xa_alloc_cyclic() failed. Here, mr->mem still point to a
freed object. After, the execution continue up to the err_out branch of
siw_alloc_mr, and the freed mr->mem is used in siw_mr_drop_mem(mr).
My patch moves "mr->mem = mem" behind the if (xa_alloc_cyclic(..)<0) {}
section, to avoid the uaf.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 2251334dcac9eb337575d8767e2a6a7e81848f7f Version: 2251334dcac9eb337575d8767e2a6a7e81848f7f Version: 2251334dcac9eb337575d8767e2a6a7e81848f7f Version: 2251334dcac9eb337575d8767e2a6a7e81848f7f Version: 2251334dcac9eb337575d8767e2a6a7e81848f7f |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T20:34:17.324799Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:27.028Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/30b9e92d0b5e5d5dc1101ab856c17009537cbca4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/608a4b90ece039940e9425ee2b39c8beff27e00c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e22b88e02c194f6c80867abfef5cc09383461f4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ad9ce7188432650469a6c7625bf479f5ed0b6155" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3093ee182f01689b89e9f8797b321603e5de4f63" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/sw/siw/siw_mem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "30b9e92d0b5e5d5dc1101ab856c17009537cbca4", "status": "affected", "version": "2251334dcac9eb337575d8767e2a6a7e81848f7f", "versionType": "git" }, { "lessThan": "608a4b90ece039940e9425ee2b39c8beff27e00c", "status": "affected", "version": "2251334dcac9eb337575d8767e2a6a7e81848f7f", "versionType": "git" }, { "lessThan": "3e22b88e02c194f6c80867abfef5cc09383461f4", "status": "affected", "version": "2251334dcac9eb337575d8767e2a6a7e81848f7f", "versionType": "git" }, { "lessThan": "ad9ce7188432650469a6c7625bf479f5ed0b6155", "status": "affected", "version": "2251334dcac9eb337575d8767e2a6a7e81848f7f", "versionType": "git" }, { "lessThan": "3093ee182f01689b89e9f8797b321603e5de4f63", "status": "affected", "version": "2251334dcac9eb337575d8767e2a6a7e81848f7f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/sw/siw/siw_mem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.3" }, { "lessThan": "5.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.119", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix a use after free in siw_alloc_mr\n\nOur code analyzer reported a UAF.\n\nIn siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of\nsiw_mr_add_mem(), mem is assigned to mr-\u003emem and then mem is freed via\nkfree(mem) if xa_alloc_cyclic() failed. Here, mr-\u003emem still point to a\nfreed object. After, the execution continue up to the err_out branch of\nsiw_alloc_mr, and the freed mr-\u003emem is used in siw_mr_drop_mem(mr).\n\nMy patch moves \"mr-\u003emem = mem\" behind the if (xa_alloc_cyclic(..)\u003c0) {}\nsection, to avoid the uaf." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:34.913Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/30b9e92d0b5e5d5dc1101ab856c17009537cbca4" }, { "url": "https://git.kernel.org/stable/c/608a4b90ece039940e9425ee2b39c8beff27e00c" }, { "url": "https://git.kernel.org/stable/c/3e22b88e02c194f6c80867abfef5cc09383461f4" }, { "url": "https://git.kernel.org/stable/c/ad9ce7188432650469a6c7625bf479f5ed0b6155" }, { "url": "https://git.kernel.org/stable/c/3093ee182f01689b89e9f8797b321603e5de4f63" } ], "title": "RDMA/siw: Fix a use after free in siw_alloc_mr", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47012", "datePublished": "2024-02-28T08:13:30.284Z", "dateReserved": "2024-02-27T18:42:55.953Z", "dateUpdated": "2024-12-19T07:33:34.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47009
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix memory leak on object td
Two error return paths are neglecting to free allocated object td,
causing a memory leak. Fix this by returning via the error return
path that securely kfree's td.
Fixes clang scan-build warning:
security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential
memory leak [unix.Malloc]
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47009", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-21T16:28:43.194952Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-21T16:28:52.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "security/keys/trusted-keys/trusted_tpm1.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8", "status": "affected", "version": "9d83cc1a1e7f494aedee2aa108e801d11525fccf", "versionType": "git" }, { "lessThan": "1c4031014106aff48e1e686e40101c31eab5d44c", "status": "affected", "version": "8cfc8d62942105e5df4a20a15b24da077a6b24ef", "versionType": "git" }, { "lessThan": "3e24fbd37e72e8a67b74991970fecc82d14f57af", "status": "affected", "version": "5df16caada3fba3b21cb09b85cdedf99507f4ec1", "versionType": "git" }, { "lessThan": "83a775d5f9bfda95b1c295f95a3a041a40c7f321", "status": "affected", "version": "5df16caada3fba3b21cb09b85cdedf99507f4ec1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "security/keys/trusted-keys/trusted_tpm1.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.38", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.22", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix memory leak on object td\n\nTwo error return paths are neglecting to free allocated object td,\ncausing a memory leak. Fix this by returning via the error return\npath that securely kfree\u0027s td.\n\nFixes clang scan-build warning:\nsecurity/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential\nmemory leak [unix.Malloc]" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:31.469Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8" }, { "url": "https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c" }, { "url": "https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af" }, { "url": "https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321" } ], "title": "KEYS: trusted: Fix memory leak on object td", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47009", "datePublished": "2024-02-28T08:13:28.439Z", "dateReserved": "2024-02-27T18:42:55.952Z", "dateUpdated": "2024-12-19T07:33:31.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47019
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7921: fix possible invalid register access
Disable the interrupt and synchronze for the pending irq handlers to ensure
the irq tasklet is not being scheduled after the suspend to avoid the
possible invalid register access acts when the host pcie controller is
suspended.
[17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs
[17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00
[17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs
[17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc
[17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs
...
17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300
[17933.620666] Call trace:
[17933.623127] mt76_mmio_rr+0x28/0xf0 [mt76]
[17933.627234] mt7921_rr+0x38/0x44 [mt7921e]
[17933.631339] mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]
[17933.636309] tasklet_action_common+0x12c/0x16c
[17933.640754] tasklet_action+0x24/0x2c
[17933.644418] __do_softirq+0x16c/0x344
[17933.648082] irq_exit+0xa8/0xac
[17933.651224] scheduler_ipi+0xd4/0x148
[17933.654890] handle_IPI+0x164/0x2d4
[17933.658379] gic_handle_irq+0x140/0x178
[17933.662216] el1_irq+0xb8/0x180
[17933.665361] cpuidle_enter_state+0xf8/0x204
[17933.669544] cpuidle_enter+0x38/0x4c
[17933.673122] do_idle+0x1a4/0x2a8
[17933.676352] cpu_startup_entry+0x24/0x28
[17933.680276] rest_init+0xd4/0xe0
[17933.683508] arch_call_rest_init+0x10/0x18
[17933.687606] start_kernel+0x340/0x3b4
[17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)
[17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---
[17933.767846] Kernel panic - not syncing: Fatal exception in interrupt
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47019", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T22:18:10.131822Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:14.618Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b13cbc536990ff609afa878b6211cd6f6265ba60" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe3fccde8870764ba3e60610774bd7bc9f8faeff" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/mediatek/mt76/mt7921/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b13cbc536990ff609afa878b6211cd6f6265ba60", "status": "affected", "version": "ffa1bf97425bd511b105ce769976e20a845a71e9", "versionType": "git" }, { "lessThan": "fe3fccde8870764ba3e60610774bd7bc9f8faeff", "status": "affected", "version": "ffa1bf97425bd511b105ce769976e20a845a71e9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/mediatek/mt76/mt7921/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix possible invalid register access\n\nDisable the interrupt and synchronze for the pending irq handlers to ensure\nthe irq tasklet is not being scheduled after the suspend to avoid the\npossible invalid register access acts when the host pcie controller is\nsuspended.\n\n[17932.910534] mt7921e 0000:01:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 21375 usecs\n[17932.910590] pcieport 0000:00:00.0: calling pci_pm_suspend+0x0/0x22c @ 18565, parent: pci0000:00\n[17932.910602] pcieport 0000:00:00.0: pci_pm_suspend+0x0/0x22c returned 0 after 8 usecs\n[17932.910671] mtk-pcie 11230000.pcie: calling platform_pm_suspend+0x0/0x60 @ 22783, parent: soc\n[17932.910674] mtk-pcie 11230000.pcie: platform_pm_suspend+0x0/0x60 returned 0 after 0 usecs\n\n...\n\n17933.615352] x1 : 00000000000d4200 x0 : ffffff8269ca2300\n[17933.620666] Call trace:\n[17933.623127] mt76_mmio_rr+0x28/0xf0 [mt76]\n[17933.627234] mt7921_rr+0x38/0x44 [mt7921e]\n[17933.631339] mt7921_irq_tasklet+0x54/0x1d8 [mt7921e]\n[17933.636309] tasklet_action_common+0x12c/0x16c\n[17933.640754] tasklet_action+0x24/0x2c\n[17933.644418] __do_softirq+0x16c/0x344\n[17933.648082] irq_exit+0xa8/0xac\n[17933.651224] scheduler_ipi+0xd4/0x148\n[17933.654890] handle_IPI+0x164/0x2d4\n[17933.658379] gic_handle_irq+0x140/0x178\n[17933.662216] el1_irq+0xb8/0x180\n[17933.665361] cpuidle_enter_state+0xf8/0x204\n[17933.669544] cpuidle_enter+0x38/0x4c\n[17933.673122] do_idle+0x1a4/0x2a8\n[17933.676352] cpu_startup_entry+0x24/0x28\n[17933.680276] rest_init+0xd4/0xe0\n[17933.683508] arch_call_rest_init+0x10/0x18\n[17933.687606] start_kernel+0x340/0x3b4\n[17933.691279] Code: aa0003f5 d503201f f953eaa8 8b344108 (b9400113)\n[17933.697373] ---[ end trace a24b8e26ffbda3c5 ]---\n[17933.767846] Kernel panic - not syncing: Fatal exception in interrupt" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:42.758Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b13cbc536990ff609afa878b6211cd6f6265ba60" }, { "url": "https://git.kernel.org/stable/c/fe3fccde8870764ba3e60610774bd7bc9f8faeff" } ], "title": "mt76: mt7921: fix possible invalid register access", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47019", "datePublished": "2024-02-28T08:13:33.984Z", "dateReserved": "2024-02-27T18:42:55.954Z", "dateUpdated": "2024-12-19T07:33:42.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47044
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Fix shift-out-of-bounds in load_balance()
Syzbot reported a handful of occurrences where an sd->nr_balance_failed can
grow to much higher values than one would expect.
A successful load_balance() resets it to 0; a failed one increments
it. Once it gets to sd->cache_nice_tries + 3, this *should* trigger an
active balance, which will either set it to sd->cache_nice_tries+1 or reset
it to 0. However, in case the to-be-active-balanced task is not allowed to
run on env->dst_cpu, then the increment is done without any further
modification.
This could then be repeated ad nauseam, and would explain the absurdly high
values reported by syzbot (86, 149). VincentG noted there is value in
letting sd->cache_nice_tries grow, so the shift itself should be
fixed. That means preventing:
"""
If the value of the right operand is negative or is greater than or equal
to the width of the promoted left operand, the behavior is undefined.
"""
Thus we need to cap the shift exponent to
BITS_PER_TYPE(typeof(lefthand)) - 1.
I had a look around for other similar cases via coccinelle:
@expr@
position pos;
expression E1;
expression E2;
@@
(
E1 >> E2@pos
|
E1 >> E2@pos
)
@cst depends on expr@
position pos;
expression expr.E1;
constant cst;
@@
(
E1 >> cst@pos
|
E1 << cst@pos
)
@script:python depends on !cst@
pos << expr.pos;
exp << expr.E2;
@@
# Dirty hack to ignore constexpr
if exp.upper() != exp:
coccilib.report.print_report(pos[0], "Possible UB shift here")
The only other match in kernel/sched is rq_clock_thermal() which employs
sched_thermal_decay_shift, and that exponent is already capped to 10, so
that one is fine.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47044", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T18:44:53.488673Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T16:53:41.863Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/80862cbf76c2646f709a57c4517aefe0b094c774" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2f3eab368e313dba35fc2f51ede778bf7b030b54" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/805cea93e66ca7deaaf6ad3b67224ce47c104c2f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/39a2a6eb5c9b66ea7c8055026303b3aa681b49a5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/sched/fair.c", "kernel/sched/sched.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "80862cbf76c2646f709a57c4517aefe0b094c774", "status": "affected", "version": "5a7f555904671c0737819fe4d19bd6143de3f6c0", "versionType": "git" }, { "lessThan": "2f3eab368e313dba35fc2f51ede778bf7b030b54", "status": "affected", "version": "5a7f555904671c0737819fe4d19bd6143de3f6c0", "versionType": "git" }, { "lessThan": "805cea93e66ca7deaaf6ad3b67224ce47c104c2f", "status": "affected", "version": "5a7f555904671c0737819fe4d19bd6143de3f6c0", "versionType": "git" }, { "lessThan": "39a2a6eb5c9b66ea7c8055026303b3aa681b49a5", "status": "affected", "version": "5a7f555904671c0737819fe4d19bd6143de3f6c0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/sched/fair.c", "kernel/sched/sched.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix shift-out-of-bounds in load_balance()\n\nSyzbot reported a handful of occurrences where an sd-\u003enr_balance_failed can\ngrow to much higher values than one would expect.\n\nA successful load_balance() resets it to 0; a failed one increments\nit. Once it gets to sd-\u003ecache_nice_tries + 3, this *should* trigger an\nactive balance, which will either set it to sd-\u003ecache_nice_tries+1 or reset\nit to 0. However, in case the to-be-active-balanced task is not allowed to\nrun on env-\u003edst_cpu, then the increment is done without any further\nmodification.\n\nThis could then be repeated ad nauseam, and would explain the absurdly high\nvalues reported by syzbot (86, 149). VincentG noted there is value in\nletting sd-\u003ecache_nice_tries grow, so the shift itself should be\nfixed. That means preventing:\n\n \"\"\"\n If the value of the right operand is negative or is greater than or equal\n to the width of the promoted left operand, the behavior is undefined.\n \"\"\"\n\nThus we need to cap the shift exponent to\n BITS_PER_TYPE(typeof(lefthand)) - 1.\n\nI had a look around for other similar cases via coccinelle:\n\n @expr@\n position pos;\n expression E1;\n expression E2;\n @@\n (\n E1 \u003e\u003e E2@pos\n |\n E1 \u003e\u003e E2@pos\n )\n\n @cst depends on expr@\n position pos;\n expression expr.E1;\n constant cst;\n @@\n (\n E1 \u003e\u003e cst@pos\n |\n E1 \u003c\u003c cst@pos\n )\n\n @script:python depends on !cst@\n pos \u003c\u003c expr.pos;\n exp \u003c\u003c expr.E2;\n @@\n # Dirty hack to ignore constexpr\n if exp.upper() != exp:\n coccilib.report.print_report(pos[0], \"Possible UB shift here\")\n\nThe only other match in kernel/sched is rq_clock_thermal() which employs\nsched_thermal_decay_shift, and that exponent is already capped to 10, so\nthat one is fine." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:11.894Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/80862cbf76c2646f709a57c4517aefe0b094c774" }, { "url": "https://git.kernel.org/stable/c/2f3eab368e313dba35fc2f51ede778bf7b030b54" }, { "url": "https://git.kernel.org/stable/c/805cea93e66ca7deaaf6ad3b67224ce47c104c2f" }, { "url": "https://git.kernel.org/stable/c/39a2a6eb5c9b66ea7c8055026303b3aa681b49a5" } ], "title": "sched/fair: Fix shift-out-of-bounds in load_balance()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47044", "datePublished": "2024-02-28T08:13:49.087Z", "dateReserved": "2024-02-27T18:42:55.969Z", "dateUpdated": "2024-12-19T07:34:11.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47052
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: sa2ul - Fix memory leak of rxd
There are two error return paths that are not freeing rxd and causing
memory leaks. Fix these.
Addresses-Coverity: ("Resource leak")
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47052", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-11T16:41:06.445130Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:39.230Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0e596b3734649041ed77edc86a23c0442bbe062b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dfd6443bf49ac17adf882ca46c40c506a0284bd6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b7bd0657c2036add71981d88a7fae50188150b6e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/854b7737199848a91f6adfa0a03cf6f0c46c86e8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/crypto/sa2ul.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0e596b3734649041ed77edc86a23c0442bbe062b", "status": "affected", "version": "00c9211f60db2dead16856f81a3e6ab86b31f275", "versionType": "git" }, { "lessThan": "dfd6443bf49ac17adf882ca46c40c506a0284bd6", "status": "affected", "version": "00c9211f60db2dead16856f81a3e6ab86b31f275", "versionType": "git" }, { "lessThan": "b7bd0657c2036add71981d88a7fae50188150b6e", "status": "affected", "version": "00c9211f60db2dead16856f81a3e6ab86b31f275", "versionType": "git" }, { "lessThan": "854b7737199848a91f6adfa0a03cf6f0c46c86e8", "status": "affected", "version": "00c9211f60db2dead16856f81a3e6ab86b31f275", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/crypto/sa2ul.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sa2ul - Fix memory leak of rxd\n\nThere are two error return paths that are not freeing rxd and causing\nmemory leaks. Fix these.\n\nAddresses-Coverity: (\"Resource leak\")" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:21.250Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0e596b3734649041ed77edc86a23c0442bbe062b" }, { "url": "https://git.kernel.org/stable/c/dfd6443bf49ac17adf882ca46c40c506a0284bd6" }, { "url": "https://git.kernel.org/stable/c/b7bd0657c2036add71981d88a7fae50188150b6e" }, { "url": "https://git.kernel.org/stable/c/854b7737199848a91f6adfa0a03cf6f0c46c86e8" } ], "title": "crypto: sa2ul - Fix memory leak of rxd", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47052", "datePublished": "2024-02-28T08:13:54.083Z", "dateReserved": "2024-02-27T18:42:55.972Z", "dateUpdated": "2024-12-19T07:34:21.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47017
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath10k: Fix a use after free in ath10k_htc_send_bundle
In ath10k_htc_send_bundle, the bundle_skb could be freed by
dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later
by bundle_skb->len.
As skb_len = bundle_skb->len, my patch replaces bundle_skb->len to
skb_len after the bundle_skb was freed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47017", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:58:09.590731Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:30.771Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/ath/ath10k/htc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8bb054fb336f4250002fff4e0b075221c05c3c65", "status": "affected", "version": "c8334512f3dd1b94844baca629f9bedca4271593", "versionType": "git" }, { "lessThan": "3b1ac40c6012140828caa79e592a438a18ebf71b", "status": "affected", "version": "c8334512f3dd1b94844baca629f9bedca4271593", "versionType": "git" }, { "lessThan": "5e413c0831ff4700d1739db3fa3ae9f859744676", "status": "affected", "version": "c8334512f3dd1b94844baca629f9bedca4271593", "versionType": "git" }, { "lessThan": "8392df5d7e0b6a7d21440da1fc259f9938f4dec3", "status": "affected", "version": "c8334512f3dd1b94844baca629f9bedca4271593", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/ath/ath10k/htc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: Fix a use after free in ath10k_htc_send_bundle\n\nIn ath10k_htc_send_bundle, the bundle_skb could be freed by\ndev_kfree_skb_any(bundle_skb). But the bundle_skb is used later\nby bundle_skb-\u003elen.\n\nAs skb_len = bundle_skb-\u003elen, my patch replaces bundle_skb-\u003elen to\nskb_len after the bundle_skb was freed." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:33:40.524Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8bb054fb336f4250002fff4e0b075221c05c3c65" }, { "url": "https://git.kernel.org/stable/c/3b1ac40c6012140828caa79e592a438a18ebf71b" }, { "url": "https://git.kernel.org/stable/c/5e413c0831ff4700d1739db3fa3ae9f859744676" }, { "url": "https://git.kernel.org/stable/c/8392df5d7e0b6a7d21440da1fc259f9938f4dec3" } ], "title": "ath10k: Fix a use after free in ath10k_htc_send_bundle", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47017", "datePublished": "2024-02-28T08:13:32.739Z", "dateReserved": "2024-02-27T18:42:55.954Z", "dateUpdated": "2024-12-19T07:33:40.524Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47037
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: q6afe-clocks: fix reprobing of the driver
Q6afe-clocks driver can get reprobed. For example if the APR services
are restarted after the firmware crash. However currently Q6afe-clocks
driver will oops because hw.init will get cleared during first _probe
call. Rewrite the driver to fill the clock data at runtime rather than
using big static array of clocks.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47037", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T19:56:54.280030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:46.463Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:38.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/soc/qcom/qdsp6/q6afe-clocks.c", "sound/soc/qcom/qdsp6/q6afe.c", "sound/soc/qcom/qdsp6/q6afe.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6893df3753beafa5f7351228a9dd8157a57d7492", "status": "affected", "version": "520a1c396d1966b64884d8e0176a580150d5a09e", "versionType": "git" }, { "lessThan": "62413972f5266568848a36fd15160397b211fa74", "status": "affected", "version": "520a1c396d1966b64884d8e0176a580150d5a09e", "versionType": "git" }, { "lessThan": "96fadf7e8ff49fdb74754801228942b67c3eeebd", "status": "affected", "version": "520a1c396d1966b64884d8e0176a580150d5a09e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/soc/qcom/qdsp6/q6afe-clocks.c", "sound/soc/qcom/qdsp6/q6afe.c", "sound/soc/qcom/qdsp6/q6afe.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: q6afe-clocks: fix reprobing of the driver\n\nQ6afe-clocks driver can get reprobed. For example if the APR services\nare restarted after the firmware crash. However currently Q6afe-clocks\ndriver will oops because hw.init will get cleared during first _probe\ncall. Rewrite the driver to fill the clock data at runtime rather than\nusing big static array of clocks." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:03.943Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492" }, { "url": "https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74" }, { "url": "https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd" } ], "title": "ASoC: q6afe-clocks: fix reprobing of the driver", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47037", "datePublished": "2024-02-28T08:13:44.683Z", "dateReserved": "2024-02-27T18:42:55.965Z", "dateUpdated": "2024-12-19T07:34:03.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47039
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ataflop: potential out of bounds in do_format()
The function uses "type" as an array index:
q = unit[drive].disk[type]->queue;
Unfortunately the bounds check on "type" isn't done until later in the
function. Fix this by moving the bounds check to the start.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47039", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-28T19:19:31.846169Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:17.074Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.421Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/07f86aa8f4fe077be1b018cc177eb8c6573e5671" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a3a8bbca28b899806844c00d49ed1b7ccb50957" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1ffec389a6431782a8a28805830b6fae9bf00af1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/block/ataflop.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "07f86aa8f4fe077be1b018cc177eb8c6573e5671", "status": "affected", "version": "bf9c0538e485b591a2ee02d9adb8a99db4be5a2a", "versionType": "git" }, { "lessThan": "2a3a8bbca28b899806844c00d49ed1b7ccb50957", "status": "affected", "version": "bf9c0538e485b591a2ee02d9adb8a99db4be5a2a", "versionType": "git" }, { "lessThan": "1ffec389a6431782a8a28805830b6fae9bf00af1", "status": "affected", "version": "bf9c0538e485b591a2ee02d9adb8a99db4be5a2a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/block/ataflop.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nataflop: potential out of bounds in do_format()\n\nThe function uses \"type\" as an array index:\n\n\tq = unit[drive].disk[type]-\u003equeue;\n\nUnfortunately the bounds check on \"type\" isn\u0027t done until later in the\nfunction. Fix this by moving the bounds check to the start." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:06.211Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/07f86aa8f4fe077be1b018cc177eb8c6573e5671" }, { "url": "https://git.kernel.org/stable/c/2a3a8bbca28b899806844c00d49ed1b7ccb50957" }, { "url": "https://git.kernel.org/stable/c/1ffec389a6431782a8a28805830b6fae9bf00af1" } ], "title": "ataflop: potential out of bounds in do_format()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47039", "datePublished": "2024-02-28T08:13:45.937Z", "dateReserved": "2024-02-27T18:42:55.968Z", "dateUpdated": "2024-12-19T07:34:06.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47050
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
The platform_get_resource_byname() can return NULL which would be
immediately dereferenced by resource_size(). Instead dereference it
after validating the resource.
Addresses-Coverity: Dereference null return value
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/71bcc1b4a1743534d8abdcb57ff912e6bc390438" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e16acc3a37f09e18835dc5d8014942c2ef6ca957" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a74cb41af7dbe019e4096171f8bc641c7ce910ad" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/59e27d7c94aa02da039b000d33c304c179395801" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47050", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:38.397126Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:54.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/memory/renesas-rpc-if.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "71bcc1b4a1743534d8abdcb57ff912e6bc390438", "status": "affected", "version": "ca7d8b980b67f133317525c4273e144116ee1ae5", "versionType": "git" }, { "lessThan": "e16acc3a37f09e18835dc5d8014942c2ef6ca957", "status": "affected", "version": "ca7d8b980b67f133317525c4273e144116ee1ae5", "versionType": "git" }, { "lessThan": "a74cb41af7dbe019e4096171f8bc641c7ce910ad", "status": "affected", "version": "ca7d8b980b67f133317525c4273e144116ee1ae5", "versionType": "git" }, { "lessThan": "59e27d7c94aa02da039b000d33c304c179395801", "status": "affected", "version": "ca7d8b980b67f133317525c4273e144116ee1ae5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/memory/renesas-rpc-if.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.9" }, { "lessThan": "5.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: renesas-rpc-if: fix possible NULL pointer dereference of resource\n\nThe platform_get_resource_byname() can return NULL which would be\nimmediately dereferenced by resource_size(). Instead dereference it\nafter validating the resource.\n\nAddresses-Coverity: Dereference null return value" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:18.859Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/71bcc1b4a1743534d8abdcb57ff912e6bc390438" }, { "url": "https://git.kernel.org/stable/c/e16acc3a37f09e18835dc5d8014942c2ef6ca957" }, { "url": "https://git.kernel.org/stable/c/a74cb41af7dbe019e4096171f8bc641c7ce910ad" }, { "url": "https://git.kernel.org/stable/c/59e27d7c94aa02da039b000d33c304c179395801" } ], "title": "memory: renesas-rpc-if: fix possible NULL pointer dereference of resource", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47050", "datePublished": "2024-02-28T08:13:52.801Z", "dateReserved": "2024-02-27T18:42:55.971Z", "dateUpdated": "2024-12-19T07:34:18.859Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47040
Vulnerability from cvelistv5
Published
2024-02-28 08:13
Modified
2024-12-19 07:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix overflows checks in provide buffers
Colin reported before possible overflow and sign extension problems in
io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing
useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension").
Do that with help of check_<op>_overflow helpers. And fix struct
io_provide_buf::len type, as it doesn't make much sense to keep it
signed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:24:39.700Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47040", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:57:48.348526Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:49.892Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cbbc13b115b8f18e0a714d89f87fbdc499acfe2d", "status": "affected", "version": "efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff", "versionType": "git" }, { "lessThan": "51bf90901952aaac564bbdb36b2b503050c53dd9", "status": "affected", "version": "efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff", "versionType": "git" }, { "lessThan": "84b8c266c4bfe9ed5128e13253c388deb74b1b03", "status": "affected", "version": "efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff", "versionType": "git" }, { "lessThan": "38134ada0ceea3e848fe993263c0ff6207fd46e7", "status": "affected", "version": "efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.37", "versionType": "semver" }, { "lessThanOrEqual": "5.11.*", "status": "unaffected", "version": "5.11.21", "versionType": "semver" }, { "lessThanOrEqual": "5.12.*", "status": "unaffected", "version": "5.12.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix overflows checks in provide buffers\n\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce (\"io_uring: fix provide_buffers sign extension\").\n\nDo that with help of check_\u003cop\u003e_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn\u0027t make much sense to keep it\nsigned." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:34:07.345Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d" }, { "url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9" }, { "url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03" }, { "url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7" } ], "title": "io_uring: fix overflows checks in provide buffers", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47040", "datePublished": "2024-02-28T08:13:46.557Z", "dateReserved": "2024-02-27T18:42:55.968Z", "dateUpdated": "2024-12-19T07:34:07.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.