Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-0699
Vulnerability from csaf_certbund - Published: 2024-03-24 23:00 - Updated: 2025-06-17 22:00Summary
Linux-Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0699 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0699.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0699 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0699"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47136"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47137"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47138"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47139"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47140"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47141"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47142"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47143"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47144"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47145"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47146"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47147"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47148"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47149"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47150"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47151"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47152"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47153"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47154"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47155"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47156"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47157"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47158"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47159"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47160"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47161"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47162"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47163"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47164"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47165"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47166"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47167"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47168"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47169"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47170"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47171"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47172"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47173"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47174"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47175"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2024-03-24",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47176"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3618"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
"url": "https://access.redhat.com/errata/RHSA-2024:3627"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
"url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
"url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2901-1 vom 2024-08-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019194.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6976-1 vom 2024-08-22",
"url": "https://ubuntu.com/security/notices/USN-6976-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12606 vom 2024-09-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-12606.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6297 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6297"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2024-0011 vom 2024-09-04",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2024-September/001099.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7169778 vom 2024-09-24",
"url": "https://www.ibm.com/support/pages/node/7169778"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4100-1 vom 2024-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4367-1 vom 2024-12-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/020025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0034-1 vom 2025-01-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020071.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0035-1 vom 2025-01-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020070.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2775 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2775.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-1 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-2 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-4 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-3 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-5 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-3 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-1 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-2 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-4 vom 2025-05-13",
"url": "https://ubuntu.com/security/notices/USN-7506-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1574-1 vom 2025-05-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020835.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01633-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
}
],
"source_lang": "en-US",
"title": "Linux-Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe",
"tracking": {
"current_release_date": "2025-06-17T22:00:00.000+00:00",
"generator": {
"date": "2025-06-18T08:45:43.200+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0699",
"initial_release_date": "2024-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-05T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-09-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-04T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat und ORACLE aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-28T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-12T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.11",
"product": {
"name": "Dell NetWorker \u003c19.11",
"product_id": "T035785"
}
},
{
"category": "product_version",
"name": "19.11",
"product": {
"name": "Dell NetWorker 19.11",
"product_id": "T035785-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.11"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.3",
"product_id": "T037795"
}
},
{
"category": "product_version",
"name": "10.1.16.3",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.3",
"product_id": "T037795-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T033646",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47136",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47136"
},
{
"cve": "CVE-2021-47137",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47137"
},
{
"cve": "CVE-2021-47138",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47138"
},
{
"cve": "CVE-2021-47139",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47139"
},
{
"cve": "CVE-2021-47140",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47140"
},
{
"cve": "CVE-2021-47141",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47141"
},
{
"cve": "CVE-2021-47142",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47142"
},
{
"cve": "CVE-2021-47143",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47143"
},
{
"cve": "CVE-2021-47144",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47144"
},
{
"cve": "CVE-2021-47145",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47145"
},
{
"cve": "CVE-2021-47146",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47146"
},
{
"cve": "CVE-2021-47147",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47147"
},
{
"cve": "CVE-2021-47148",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47148"
},
{
"cve": "CVE-2021-47149",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47149"
},
{
"cve": "CVE-2021-47150",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47150"
},
{
"cve": "CVE-2021-47151",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47151"
},
{
"cve": "CVE-2021-47152",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47152"
},
{
"cve": "CVE-2021-47153",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47153"
},
{
"cve": "CVE-2021-47158",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47158"
},
{
"cve": "CVE-2021-47159",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47159"
},
{
"cve": "CVE-2021-47160",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47160"
},
{
"cve": "CVE-2021-47161",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47161"
},
{
"cve": "CVE-2021-47162",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47162"
},
{
"cve": "CVE-2021-47163",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47163"
},
{
"cve": "CVE-2021-47164",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47164"
},
{
"cve": "CVE-2021-47165",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47165"
},
{
"cve": "CVE-2021-47166",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47166"
},
{
"cve": "CVE-2021-47167",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47167"
},
{
"cve": "CVE-2021-47168",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47168"
},
{
"cve": "CVE-2021-47169",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47169"
},
{
"cve": "CVE-2021-47170",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47170"
},
{
"cve": "CVE-2021-47171",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47171"
},
{
"cve": "CVE-2021-47172",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47172"
},
{
"cve": "CVE-2021-47173",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47173"
},
{
"cve": "CVE-2021-47174",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47174"
},
{
"cve": "CVE-2021-47175",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47175"
},
{
"cve": "CVE-2021-47176",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47176"
},
{
"cve": "CVE-2021-47177",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47177"
},
{
"cve": "CVE-2021-47178",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47178"
},
{
"cve": "CVE-2021-47179",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47179"
},
{
"cve": "CVE-2021-47180",
"product_status": {
"known_affected": [
"T014381",
"T002207",
"67646",
"T000126",
"T033646",
"T024663",
"398363",
"T004914",
"T035785",
"T037795"
]
},
"release_date": "2024-03-24T23:00:00.000+00:00",
"title": "CVE-2021-47180"
}
]
}
CVE-2021-47160 (GCVE-0-2021-47160)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net: dsa: mt7530: fix VLAN traffic leaks
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mt7530: fix VLAN traffic leaks
PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but
was not reset when it is disabled, which may cause traffic leaks:
ip link add br0 type bridge vlan_filtering 1
ip link add br1 type bridge vlan_filtering 1
ip link set swp0 master br0
ip link set swp1 master br1
ip link set br0 type bridge vlan_filtering 0
ip link set br1 type bridge vlan_filtering 0
# traffic in br0 and br1 will start leaking to each other
As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the
PCR_MATRIX write from mt7530_port_set_vlan_aware.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
83163f7dca5684816d01c8ccf4857aa74801e7b7 , < ae389812733b1b1e8e07fcc238e41db166b5c78d
(git)
Affected: 83163f7dca5684816d01c8ccf4857aa74801e7b7 , < 4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488 (git) Affected: 83163f7dca5684816d01c8ccf4857aa74801e7b7 , < b91117b66fe875723a4e79ec6263526fffdb44d2 (git) Affected: 83163f7dca5684816d01c8ccf4857aa74801e7b7 , < 82ae35b6c14feae5f216913d5b433e143c756d4e (git) Affected: 83163f7dca5684816d01c8ccf4857aa74801e7b7 , < 474a2ddaa192777522a7499784f1d60691cd831a (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T13:55:35.659497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:48.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mt7530.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae389812733b1b1e8e07fcc238e41db166b5c78d",
"status": "affected",
"version": "83163f7dca5684816d01c8ccf4857aa74801e7b7",
"versionType": "git"
},
{
"lessThan": "4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488",
"status": "affected",
"version": "83163f7dca5684816d01c8ccf4857aa74801e7b7",
"versionType": "git"
},
{
"lessThan": "b91117b66fe875723a4e79ec6263526fffdb44d2",
"status": "affected",
"version": "83163f7dca5684816d01c8ccf4857aa74801e7b7",
"versionType": "git"
},
{
"lessThan": "82ae35b6c14feae5f216913d5b433e143c756d4e",
"status": "affected",
"version": "83163f7dca5684816d01c8ccf4857aa74801e7b7",
"versionType": "git"
},
{
"lessThan": "474a2ddaa192777522a7499784f1d60691cd831a",
"status": "affected",
"version": "83163f7dca5684816d01c8ccf4857aa74801e7b7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mt7530.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mt7530: fix VLAN traffic leaks\n\nPCR_MATRIX field was set to all 1\u0027s when VLAN filtering is enabled, but\nwas not reset when it is disabled, which may cause traffic leaks:\n\n\tip link add br0 type bridge vlan_filtering 1\n\tip link add br1 type bridge vlan_filtering 1\n\tip link set swp0 master br0\n\tip link set swp1 master br1\n\tip link set br0 type bridge vlan_filtering 0\n\tip link set br1 type bridge vlan_filtering 0\n\t# traffic in br0 and br1 will start leaking to each other\n\nAs port_bridge_{add,del} have set up PCR_MATRIX properly, remove the\nPCR_MATRIX write from mt7530_port_set_vlan_aware."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:19.037Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d"
},
{
"url": "https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488"
},
{
"url": "https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2"
},
{
"url": "https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e"
},
{
"url": "https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a"
}
],
"title": "net: dsa: mt7530: fix VLAN traffic leaks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47160",
"datePublished": "2024-03-25T09:16:14.468Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:19.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47152 (GCVE-0-2021-47152)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
mptcp: fix data stream corruption
Summary
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data stream corruption
Maxim reported several issues when forcing a TCP transparent proxy
to use the MPTCP protocol for the inbound connections. He also
provided a clean reproducer.
The problem boils down to 'mptcp_frag_can_collapse_to()' assuming
that only MPTCP will use the given page_frag.
If others - e.g. the plain TCP protocol - allocate page fragments,
we can end-up re-using already allocated memory for mptcp_data_frag.
Fix the issue ensuring that the to-be-expanded data fragment is
located at the current page frag end.
v1 -> v2:
- added missing fixes tag (Mat)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
18b683bff89d46ace55f12d00c0440d44d6160c4 , < 3267a061096efc91eda52c2a0c61ba76e46e4b34
(git)
Affected: 18b683bff89d46ace55f12d00c0440d44d6160c4 , < 18e7f0580da15cac1e79d73683ada5a9e70980f8 (git) Affected: 18b683bff89d46ace55f12d00c0440d44d6160c4 , < 29249eac5225429b898f278230a6ca2baa1ae154 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:51.146188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:55.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3267a061096efc91eda52c2a0c61ba76e46e4b34",
"status": "affected",
"version": "18b683bff89d46ace55f12d00c0440d44d6160c4",
"versionType": "git"
},
{
"lessThan": "18e7f0580da15cac1e79d73683ada5a9e70980f8",
"status": "affected",
"version": "18b683bff89d46ace55f12d00c0440d44d6160c4",
"versionType": "git"
},
{
"lessThan": "29249eac5225429b898f278230a6ca2baa1ae154",
"status": "affected",
"version": "18b683bff89d46ace55f12d00c0440d44d6160c4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data stream corruption\n\nMaxim reported several issues when forcing a TCP transparent proxy\nto use the MPTCP protocol for the inbound connections. He also\nprovided a clean reproducer.\n\nThe problem boils down to \u0027mptcp_frag_can_collapse_to()\u0027 assuming\nthat only MPTCP will use the given page_frag.\n\nIf others - e.g. the plain TCP protocol - allocate page fragments,\nwe can end-up re-using already allocated memory for mptcp_data_frag.\n\nFix the issue ensuring that the to-be-expanded data fragment is\nlocated at the current page frag end.\n\nv1 -\u003e v2:\n - added missing fixes tag (Mat)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:14.263Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34"
},
{
"url": "https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8"
},
{
"url": "https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154"
}
],
"title": "mptcp: fix data stream corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47152",
"datePublished": "2024-03-25T09:07:47.235Z",
"dateReserved": "2024-03-04T18:12:48.846Z",
"dateUpdated": "2025-05-04T07:05:14.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47143 (GCVE-0-2021-47143)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
net/smc: remove device from smcd_dev_list after failed device_add()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: remove device from smcd_dev_list after failed device_add()
If the device_add() for a smcd_dev fails, there's no cleanup step that
rolls back the earlier list_add(). The device subsequently gets freed,
and we end up with a corrupted list.
Add some error handling that removes the device from the list.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c6ba7c9ba43de1b57e9a53946e7ff988554c84ed , < 8b2cdc004d21a7255f219706dca64411108f7897
(git)
Affected: c6ba7c9ba43de1b57e9a53946e7ff988554c84ed , < 40588782f1016c655ae1d302892f61d35af96842 (git) Affected: c6ba7c9ba43de1b57e9a53946e7ff988554c84ed , < 444d7be9532dcfda8e0385226c862fd7e986f607 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:57.413915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:14.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ism.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b2cdc004d21a7255f219706dca64411108f7897",
"status": "affected",
"version": "c6ba7c9ba43de1b57e9a53946e7ff988554c84ed",
"versionType": "git"
},
{
"lessThan": "40588782f1016c655ae1d302892f61d35af96842",
"status": "affected",
"version": "c6ba7c9ba43de1b57e9a53946e7ff988554c84ed",
"versionType": "git"
},
{
"lessThan": "444d7be9532dcfda8e0385226c862fd7e986f607",
"status": "affected",
"version": "c6ba7c9ba43de1b57e9a53946e7ff988554c84ed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ism.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: remove device from smcd_dev_list after failed device_add()\n\nIf the device_add() for a smcd_dev fails, there\u0027s no cleanup step that\nrolls back the earlier list_add(). The device subsequently gets freed,\nand we end up with a corrupted list.\n\nAdd some error handling that removes the device from the list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:58.547Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897"
},
{
"url": "https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842"
},
{
"url": "https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607"
}
],
"title": "net/smc: remove device from smcd_dev_list after failed device_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47143",
"datePublished": "2024-03-25T09:07:41.075Z",
"dateReserved": "2024-03-04T18:12:48.844Z",
"dateUpdated": "2025-05-04T07:04:58.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47158 (GCVE-0-2021-47158)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net: dsa: sja1105: add error handling in sja1105_setup()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: sja1105: add error handling in sja1105_setup()
If any of sja1105_static_config_load(), sja1105_clocking_setup() or
sja1105_devlink_setup() fails, we can't just return in the middle of
sja1105_setup() or memory will leak. Add a cleanup path.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
8aa9ebccae87621d997707e4f25e53fddd7e30e4 , < dd8609f203448ca6d58ae71461208b3f6b0329b0
(git)
Affected: 8aa9ebccae87621d997707e4f25e53fddd7e30e4 , < 987e4ab8b8a4fcbf783069e03e7524cd39ffd563 (git) Affected: 8aa9ebccae87621d997707e4f25e53fddd7e30e4 , < cec279a898a3b004411682f212215ccaea1cd0fb (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:47.842191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:55.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/sja1105/sja1105_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dd8609f203448ca6d58ae71461208b3f6b0329b0",
"status": "affected",
"version": "8aa9ebccae87621d997707e4f25e53fddd7e30e4",
"versionType": "git"
},
{
"lessThan": "987e4ab8b8a4fcbf783069e03e7524cd39ffd563",
"status": "affected",
"version": "8aa9ebccae87621d997707e4f25e53fddd7e30e4",
"versionType": "git"
},
{
"lessThan": "cec279a898a3b004411682f212215ccaea1cd0fb",
"status": "affected",
"version": "8aa9ebccae87621d997707e4f25e53fddd7e30e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/sja1105/sja1105_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: add error handling in sja1105_setup()\n\nIf any of sja1105_static_config_load(), sja1105_clocking_setup() or\nsja1105_devlink_setup() fails, we can\u0027t just return in the middle of\nsja1105_setup() or memory will leak. Add a cleanup path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:16.369Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0"
},
{
"url": "https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563"
},
{
"url": "https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb"
}
],
"title": "net: dsa: sja1105: add error handling in sja1105_setup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47158",
"datePublished": "2024-03-25T09:16:13.087Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:16.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47164 (GCVE-0-2021-47164)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net/mlx5e: Fix null deref accessing lag dev
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix null deref accessing lag dev
It could be the lag dev is null so stop processing the event.
In bond_enslave() the active/backup slave being set before setting the
upper dev so first event is without an upper dev.
After setting the upper dev with bond_master_upper_dev_link() there is
a second event and in that event we have an upper dev.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7e51891a237f9ea319f53f9beb83afb0077d88e6 , < 2e4b0b95a489259f9d35a3db17023061f8f3d587
(git)
Affected: 7e51891a237f9ea319f53f9beb83afb0077d88e6 , < bdfd3593a8248eea6ecfcbf7b47b56b86515672d (git) Affected: 7e51891a237f9ea319f53f9beb83afb0077d88e6 , < 83026d83186bc48bb41ee4872f339b83f31dfc55 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:24:43.257372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:45.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e4b0b95a489259f9d35a3db17023061f8f3d587",
"status": "affected",
"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6",
"versionType": "git"
},
{
"lessThan": "bdfd3593a8248eea6ecfcbf7b47b56b86515672d",
"status": "affected",
"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6",
"versionType": "git"
},
{
"lessThan": "83026d83186bc48bb41ee4872f339b83f31dfc55",
"status": "affected",
"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:23.324Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"
},
{
"url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"
},
{
"url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"
}
],
"title": "net/mlx5e: Fix null deref accessing lag dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47164",
"datePublished": "2024-03-25T09:16:17.592Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:23.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47146 (GCVE-0-2021-47146)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
mld: fix panic in mld_newpack()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mld: fix panic in mld_newpack()
mld_newpack() doesn't allow to allocate high order page,
only order-0 allocation is allowed.
If headroom size is too large, a kernel panic could occur in skb_put().
Test commands:
ip netns del A
ip netns del B
ip netns add A
ip netns add B
ip link add veth0 type veth peer name veth1
ip link set veth0 netns A
ip link set veth1 netns B
ip netns exec A ip link set lo up
ip netns exec A ip link set veth0 up
ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0
ip netns exec B ip link set lo up
ip netns exec B ip link set veth1 up
ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1
for i in {1..99}
do
let A=$i-1
ip netns exec A ip link add ip6gre$i type ip6gre \
local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100
ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i
ip netns exec A ip link set ip6gre$i up
ip netns exec B ip link add ip6gre$i type ip6gre \
local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100
ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i
ip netns exec B ip link set ip6gre$i up
done
Splat looks like:
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:skb_panic+0x15d/0x15f
Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83
41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89
34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20
RSP: 0018:ffff88810091f820 EFLAGS: 00010282
RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000
RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb
RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031
R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028
R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0
FS: 0000000000000000(0000) GS:ffff888117c00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
skb_put.cold.104+0x22/0x22
ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
? rcu_read_lock_sched_held+0x91/0xc0
mld_newpack+0x398/0x8f0
? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600
? lock_contended+0xc40/0xc40
add_grhead.isra.33+0x280/0x380
add_grec+0x5ca/0xff0
? mld_sendpack+0xf40/0xf40
? lock_downgrade+0x690/0x690
mld_send_initial_cr.part.34+0xb9/0x180
ipv6_mc_dad_complete+0x15d/0x1b0
addrconf_dad_completed+0x8d2/0xbb0
? lock_downgrade+0x690/0x690
? addrconf_rs_timer+0x660/0x660
? addrconf_dad_work+0x73c/0x10e0
addrconf_dad_work+0x73c/0x10e0
Allowing high order page allocation could fix this problem.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1
(git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 17728616a4c85baf0edc975c60ba4e4157684d9a (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 221142038f36d9f28b64e83e954774da4d4ccd17 (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 4b77ad9097067b31237eeeee0bf70f80849680a0 (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 37d697759958d111439080bab7e14d2b0e7b39f5 (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < beb39adb150f8f3b516ddf7c39835a9788704d23 (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < a76fb9ba545289379acf409653ad5f74417be59c (git) Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 020ef930b826d21c5446fdc9db80fd72a791bc21 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:54.361995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:13.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/mcast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "17728616a4c85baf0edc975c60ba4e4157684d9a",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "221142038f36d9f28b64e83e954774da4d4ccd17",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "4b77ad9097067b31237eeeee0bf70f80849680a0",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "37d697759958d111439080bab7e14d2b0e7b39f5",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "beb39adb150f8f3b516ddf7c39835a9788704d23",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "a76fb9ba545289379acf409653ad5f74417be59c",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
},
{
"lessThan": "020ef930b826d21c5446fdc9db80fd72a791bc21",
"status": "affected",
"version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/mcast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmld: fix panic in mld_newpack()\n\nmld_newpack() doesn\u0027t allow to allocate high order page,\nonly order-0 allocation is allowed.\nIf headroom size is too large, a kernel panic could occur in skb_put().\n\nTest commands:\n ip netns del A\n ip netns del B\n ip netns add A\n ip netns add B\n ip link add veth0 type veth peer name veth1\n ip link set veth0 netns A\n ip link set veth1 netns B\n\n ip netns exec A ip link set lo up\n ip netns exec A ip link set veth0 up\n ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0\n ip netns exec B ip link set lo up\n ip netns exec B ip link set veth1 up\n ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1\n for i in {1..99}\n do\n let A=$i-1\n ip netns exec A ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100\n ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i\n ip netns exec A ip link set ip6gre$i up\n\n ip netns exec B ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100\n ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i\n ip netns exec B ip link set ip6gre$i up\n done\n\nSplat looks like:\nkernel BUG at net/core/skbuff.c:110!\ninvalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:skb_panic+0x15d/0x15f\nCode: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83\n41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff \u003c0f\u003e 0b 48 8b 6c 24 20 89\n34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20\nRSP: 0018:ffff88810091f820 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000\nRDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb\nRBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031\nR10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028\nR13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0\nFS: 0000000000000000(0000) GS:ffff888117c00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n skb_put.cold.104+0x22/0x22\n ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? rcu_read_lock_sched_held+0x91/0xc0\n mld_newpack+0x398/0x8f0\n ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600\n ? lock_contended+0xc40/0xc40\n add_grhead.isra.33+0x280/0x380\n add_grec+0x5ca/0xff0\n ? mld_sendpack+0xf40/0xf40\n ? lock_downgrade+0x690/0x690\n mld_send_initial_cr.part.34+0xb9/0x180\n ipv6_mc_dad_complete+0x15d/0x1b0\n addrconf_dad_completed+0x8d2/0xbb0\n ? lock_downgrade+0x690/0x690\n ? addrconf_rs_timer+0x660/0x660\n ? addrconf_dad_work+0x73c/0x10e0\n addrconf_dad_work+0x73c/0x10e0\n\nAllowing high order page allocation could fix this problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:01.944Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1"
},
{
"url": "https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a"
},
{
"url": "https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17"
},
{
"url": "https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0"
},
{
"url": "https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5"
},
{
"url": "https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23"
},
{
"url": "https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c"
},
{
"url": "https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21"
}
],
"title": "mld: fix panic in mld_newpack()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47146",
"datePublished": "2024-03-25T09:07:43.043Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-05-04T07:05:01.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47142 (GCVE-0-2021-47142)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-09-16 08:01
VLAI?
EPSS
Title
drm/amdgpu: Fix a use-after-free
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix a use-after-free
looks like we forget to set ttm->sg to NULL.
Hit panic below
[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI
[ 1235.989074] Call Trace:
[ 1235.991751] sg_free_table+0x17/0x20
[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]
[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]
[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]
[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]
[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]
[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]
[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]
[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]
[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]
[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 0707c3fea8102d211631ba515ef2159707561b0d
(git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 3293cf3513d69f00c14d43e2020826d45ea0e46a (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 952ab3f9f48eb0e8050596d41951cf516be6b122 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < a849e218556f932576c0fb1c5a88714b61709a17 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7398c2aab4da960761ec182d04d6d5abbb4a226e (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < f98cdf084405333ee2f5be548a91b2d168e49276 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < d4ea141fd4b40636a8326df5a377d9c5cf9b3faa (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:00.553933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0707c3fea8102d211631ba515ef2159707561b0d",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "3293cf3513d69f00c14d43e2020826d45ea0e46a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "952ab3f9f48eb0e8050596d41951cf516be6b122",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "a849e218556f932576c0fb1c5a88714b61709a17",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "7398c2aab4da960761ec182d04d6d5abbb4a226e",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "f98cdf084405333ee2f5be548a91b2d168e49276",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "d4ea141fd4b40636a8326df5a377d9c5cf9b3faa",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "1e5c37385097c35911b0f8a0c67ffd10ee1af9a2",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix a use-after-free\n\nlooks like we forget to set ttm-\u003esg to NULL.\nHit panic below\n\n[ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 1235.989074] Call Trace:\n[ 1235.991751] sg_free_table+0x17/0x20\n[ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu]\n[ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu]\n[ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm]\n[ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm]\n[ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm]\n[ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm]\n[ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu]\n[ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu]\n[ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu]\n[ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:01:53.491Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d"
},
{
"url": "https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a"
},
{
"url": "https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122"
},
{
"url": "https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17"
},
{
"url": "https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e"
},
{
"url": "https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276"
},
{
"url": "https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa"
},
{
"url": "https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2"
}
],
"title": "drm/amdgpu: Fix a use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47142",
"datePublished": "2024-03-25T09:07:40.374Z",
"dateReserved": "2024-03-04T18:12:48.842Z",
"dateUpdated": "2025-09-16T08:01:53.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47173 (GCVE-0-2021-47173)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
misc/uss720: fix memory leak in uss720_probe
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc/uss720: fix memory leak in uss720_probe
uss720_probe forgets to decrease the refcount of usbdev in uss720_probe.
Fix this by decreasing the refcount of usbdev by usb_put_dev.
BUG: memory leak
unreferenced object 0xffff888101113800 (size 2048):
comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s)
hex dump (first 32 bytes):
ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........
00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................
backtrace:
[<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline]
[<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline]
[<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582
[<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]
[<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
[<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]
[<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591
[<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275
[<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421
[<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292
[<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < 5f46b2410db2c8f26b8bb91b40deebf4ec184391
(git)
Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < 7889c70e6173ef358f3cd7578db127a489035a42 (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364 (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < 386918878ce4cd676e4607233866e03c9399a46a (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < 36b5ff1db1a4ef4fdbc2bae364344279f033ad88 (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < 5394ae9d8c7961dd93807fdf1b12a1dde96b0a55 (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < a3c3face38cb49932c62adcc1289914f1c742096 (git) Affected: 0f36163d3abefbda1b21a330b3fdf3c2dc076d94 , < dcb4b8ad6a448532d8b681b5d1a7036210b622de (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:08:15.214025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:08:23.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/misc/uss720.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f46b2410db2c8f26b8bb91b40deebf4ec184391",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "7889c70e6173ef358f3cd7578db127a489035a42",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "386918878ce4cd676e4607233866e03c9399a46a",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "36b5ff1db1a4ef4fdbc2bae364344279f033ad88",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "5394ae9d8c7961dd93807fdf1b12a1dde96b0a55",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "a3c3face38cb49932c62adcc1289914f1c742096",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
},
{
"lessThan": "dcb4b8ad6a448532d8b681b5d1a7036210b622de",
"status": "affected",
"version": "0f36163d3abefbda1b21a330b3fdf3c2dc076d94",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/misc/uss720.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.14"
},
{
"lessThan": "2.6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/uss720: fix memory leak in uss720_probe\n\nuss720_probe forgets to decrease the refcount of usbdev in uss720_probe.\nFix this by decreasing the refcount of usbdev by usb_put_dev.\n\nBUG: memory leak\nunreferenced object 0xffff888101113800 (size 2048):\n comm \"kworker/0:1\", pid 7, jiffies 4294956777 (age 28.870s)\n hex dump (first 32 bytes):\n ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........\n 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................\n backtrace:\n [\u003cffffffff82b8e822\u003e] kmalloc include/linux/slab.h:554 [inline]\n [\u003cffffffff82b8e822\u003e] kzalloc include/linux/slab.h:684 [inline]\n [\u003cffffffff82b8e822\u003e] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582\n [\u003cffffffff82b98441\u003e] hub_port_connect drivers/usb/core/hub.c:5129 [inline]\n [\u003cffffffff82b98441\u003e] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]\n [\u003cffffffff82b98441\u003e] port_event drivers/usb/core/hub.c:5509 [inline]\n [\u003cffffffff82b98441\u003e] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591\n [\u003cffffffff81259229\u003e] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275\n [\u003cffffffff81259b19\u003e] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421\n [\u003cffffffff81261228\u003e] kthread+0x178/0x1b0 kernel/kthread.c:292\n [\u003cffffffff8100227f\u003e] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:38.264Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391"
},
{
"url": "https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42"
},
{
"url": "https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364"
},
{
"url": "https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a"
},
{
"url": "https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88"
},
{
"url": "https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55"
},
{
"url": "https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096"
},
{
"url": "https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de"
}
],
"title": "misc/uss720: fix memory leak in uss720_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47173",
"datePublished": "2024-03-25T09:16:24.466Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:38.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47178 (GCVE-0-2021-47178)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
scsi: target: core: Avoid smp_processor_id() in preemptible code
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Avoid smp_processor_id() in preemptible code
The BUG message "BUG: using smp_processor_id() in preemptible [00000000]
code" was observed for TCMU devices with kernel config DEBUG_PREEMPT.
The message was observed when blktests block/005 was run on TCMU devices
with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7
("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the
symptom. The commit modified work queue to handle commands and changed
'current->nr_cpu_allowed' at smp_processor_id() call.
The message was also observed at system shutdown when TCMU devices were not
cleaned up [2]. The function smp_processor_id() was called in SCSI host
work queue for abort handling, and triggered the BUG message. This symptom
was observed regardless of the commit 1130b499b4a7 ("scsi: target:
tcm_loop: Use LIO wq cmd submission helper").
To avoid the preemptible code check at smp_processor_id(), get CPU ID with
raw_smp_processor_id() instead. The CPU ID is used for performance
improvement then thread move to other CPU will not affect the code.
[1]
[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38
[ 57.369473] check_preemption_disabled: 85 callbacks suppressed
[ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511
[ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510
[ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506
[ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]
[ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34
[ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018
[ 57.369617] Call Trace:
[ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507
[ 57.369628] dump_stack+0x6d/0x89
[ 57.369642] check_preemption_disabled+0xc8/0xd0
[ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]
[ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod]
[ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod]
[ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop]
[ 57.369744] scsi_queue_rq+0x38e/0xc40
[ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0
[ 57.369779] blk_mq_try_issue_directly+0x43/0x90
[ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0
[ 57.369812] submit_bio_noacct+0x46e/0x4e0
[ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0
[ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60
[ 57.369880] generic_file_read_iter+0x89/0x160
[ 57.369898] blkdev_read_iter+0x44/0x60
[ 57.369906] new_sync_read+0x102/0x170
[ 57.369929] vfs_read+0xd4/0x160
[ 57.369941] __x64_sys_pread64+0x6e/0xa0
[ 57.369946] ? lockdep_hardirqs_on+0x79/0x100
[ 57.369958] do_syscall_64+0x3a/0x70
[ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 57.369973] RIP: 0033:0x7f7ed4c1399f
[ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b
[ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011
[ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f
[ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009
[ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001
[ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70
[ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568
[ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34
[ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018
[ 57.370039] Call Trace:
[ 57.370045] dump_stack+0x6d/0x89
[ 57.370056] ch
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
008b936bbde3e87a611b3828a0d5d2a4f99026a0 , < a222d2794c53f8165de20aa91b39e35e4b72bce9
(git)
Affected: 1526d9f10c6184031e42afad0adbdde1213e8ad1 , < a20b6eaf4f35046a429cde57bee7eb5f13d6857f (git) Affected: 1526d9f10c6184031e42afad0adbdde1213e8ad1 , < 70ca3c57ff914113f681e657634f7fbfa68e1ad1 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:21.876109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:47.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a222d2794c53f8165de20aa91b39e35e4b72bce9",
"status": "affected",
"version": "008b936bbde3e87a611b3828a0d5d2a4f99026a0",
"versionType": "git"
},
{
"lessThan": "a20b6eaf4f35046a429cde57bee7eb5f13d6857f",
"status": "affected",
"version": "1526d9f10c6184031e42afad0adbdde1213e8ad1",
"versionType": "git"
},
{
"lessThan": "70ca3c57ff914113f681e657634f7fbfa68e1ad1",
"status": "affected",
"version": "1526d9f10c6184031e42afad0adbdde1213e8ad1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[ 57.369473] check_preemption_disabled: 85 callbacks suppressed\n[ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.369617] Call Trace:\n[ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[ 57.369628] dump_stack+0x6d/0x89\n[ 57.369642] check_preemption_disabled+0xc8/0xd0\n[ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod]\n[ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[ 57.369744] scsi_queue_rq+0x38e/0xc40\n[ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0\n[ 57.369779] blk_mq_try_issue_directly+0x43/0x90\n[ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0\n[ 57.369812] submit_bio_noacct+0x46e/0x4e0\n[ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0\n[ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60\n[ 57.369880] generic_file_read_iter+0x89/0x160\n[ 57.369898] blkdev_read_iter+0x44/0x60\n[ 57.369906] new_sync_read+0x102/0x170\n[ 57.369929] vfs_read+0xd4/0x160\n[ 57.369941] __x64_sys_pread64+0x6e/0xa0\n[ 57.369946] ? lockdep_hardirqs_on+0x79/0x100\n[ 57.369958] do_syscall_64+0x3a/0x70\n[ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 57.369973] RIP: 0033:0x7f7ed4c1399f\n[ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.370039] Call Trace:\n[ 57.370045] dump_stack+0x6d/0x89\n[ 57.370056] ch\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:48.692Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
},
{
"url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
},
{
"url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
}
],
"title": "scsi: target: core: Avoid smp_processor_id() in preemptible code",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47178",
"datePublished": "2024-03-25T09:16:28.024Z",
"dateReserved": "2024-03-25T09:12:14.112Z",
"dateUpdated": "2025-05-04T07:05:48.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47140 (GCVE-0-2021-47140)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
iommu/amd: Clear DMA ops when switching domain
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Clear DMA ops when switching domain
Since commit 08a27c1c3ecf ("iommu: Add support to change default domain
of an iommu group") a user can switch a device between IOMMU and direct
DMA through sysfs. This doesn't work for AMD IOMMU at the moment because
dev->dma_ops is not cleared when switching from a DMA to an identity
IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an
identity domain, causing an oops:
# echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind
# echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type
# echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind
...
BUG: kernel NULL pointer dereference, address: 0000000000000028
...
Call Trace:
iommu_dma_alloc
e1000e_setup_tx_resources
e1000e_open
Since iommu_change_dev_def_domain() calls probe_finalize() again, clear
the dma_ops there like Vt-d does.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:23:40.850053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:55:13.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3f2cf46291a693eab21adb94171b0128c2a9ec1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6177a6556f853785867e2ec6d5b7f4906f0d809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f3f2cf46291a693eab21adb94171b0128c2a9ec1",
"status": "affected",
"version": "08a27c1c3ecf5e1da193ce5f8fc97c3be16e75f0",
"versionType": "git"
},
{
"lessThan": "d6177a6556f853785867e2ec6d5b7f4906f0d809",
"status": "affected",
"version": "08a27c1c3ecf5e1da193ce5f8fc97c3be16e75f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/amd/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Clear DMA ops when switching domain\n\nSince commit 08a27c1c3ecf (\"iommu: Add support to change default domain\nof an iommu group\") a user can switch a device between IOMMU and direct\nDMA through sysfs. This doesn\u0027t work for AMD IOMMU at the moment because\ndev-\u003edma_ops is not cleared when switching from a DMA to an identity\nIOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an\nidentity domain, causing an oops:\n\n # echo 0000:00:05.0 \u003e /sys/sys/bus/pci/drivers/e1000e/unbind\n # echo identity \u003e /sys/bus/pci/devices/0000:00:05.0/iommu_group/type\n # echo 0000:00:05.0 \u003e /sys/sys/bus/pci/drivers/e1000e/bind\n ...\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n ...\n Call Trace:\n iommu_dma_alloc\n e1000e_setup_tx_resources\n e1000e_open\n\nSince iommu_change_dev_def_domain() calls probe_finalize() again, clear\nthe dma_ops there like Vt-d does."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:55.158Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f3f2cf46291a693eab21adb94171b0128c2a9ec1"
},
{
"url": "https://git.kernel.org/stable/c/d6177a6556f853785867e2ec6d5b7f4906f0d809"
}
],
"title": "iommu/amd: Clear DMA ops when switching domain",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47140",
"datePublished": "2024-03-25T09:07:38.949Z",
"dateReserved": "2024-03-04T18:12:48.842Z",
"dateUpdated": "2025-05-04T07:04:55.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47168 (GCVE-0-2021-47168)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
NFS: fix an incorrect limit in filelayout_decode_layout()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: fix an incorrect limit in filelayout_decode_layout()
The "sizeof(struct nfs_fh)" is two bytes too large and could lead to
memory corruption. It should be NFS_MAXFHSIZE because that's the size
of the ->data[] buffer.
I reversed the size of the arguments to put the variable on the left.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
16b374ca439fb406e46e071f75428f5b033056f8 , < 9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040
(git)
Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1 (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < f299522eda1566cbfbae4b15c82970fc41b03714 (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < 945ebef997227ca8c20bad7f8a8358c8ee57a84a (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < e411df81cd862ef3d5b878120b2a2fef0ca9cdb1 (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < 9b367fe770b1b80d7bf64ed0d177544a44405f6e (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < d34fb628f6ef522f996205a9e578216bbee09e84 (git) Affected: 16b374ca439fb406e46e071f75428f5b033056f8 , < 769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:34.857777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:52.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/filelayout/filelayout.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "f299522eda1566cbfbae4b15c82970fc41b03714",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "945ebef997227ca8c20bad7f8a8358c8ee57a84a",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "e411df81cd862ef3d5b878120b2a2fef0ca9cdb1",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "9b367fe770b1b80d7bf64ed0d177544a44405f6e",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "d34fb628f6ef522f996205a9e578216bbee09e84",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
},
{
"lessThan": "769b01ea68b6c49dc3cde6adf7e53927dacbd3a8",
"status": "affected",
"version": "16b374ca439fb406e46e071f75428f5b033056f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/filelayout/filelayout.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix an incorrect limit in filelayout_decode_layout()\n\nThe \"sizeof(struct nfs_fh)\" is two bytes too large and could lead to\nmemory corruption. It should be NFS_MAXFHSIZE because that\u0027s the size\nof the -\u003edata[] buffer.\n\nI reversed the size of the arguments to put the variable on the left."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:27.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040"
},
{
"url": "https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1"
},
{
"url": "https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714"
},
{
"url": "https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a"
},
{
"url": "https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1"
},
{
"url": "https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e"
},
{
"url": "https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84"
},
{
"url": "https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8"
}
],
"title": "NFS: fix an incorrect limit in filelayout_decode_layout()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47168",
"datePublished": "2024-03-25T09:16:20.778Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:27.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47170 (GCVE-0-2021-47170)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-12-18 11:35
VLAI?
EPSS
Title
USB: usbfs: Don't WARN about excessively large memory allocations
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: usbfs: Don't WARN about excessively large memory allocations
Syzbot found that the kernel generates a WARNing if the user tries to
submit a bulk transfer through usbfs with a buffer that is way too
large. This isn't a bug in the kernel; it's merely an invalid request
from the user and the usbfs code does handle it correctly.
In theory the same thing can happen with async transfers, or with the
packet descriptor table for isochronous transfers.
To prevent the MM subsystem from complaining about these bad
allocation requests, add the __GFP_NOWARN flag to the kmalloc calls
for these buffers.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
add1aaeabe6b08ed26381a2a06e505b2f09c3ba5 , < 2ab21d6e1411999b5fb43434f421f00bf50002eb
(git)
Affected: add1aaeabe6b08ed26381a2a06e505b2f09c3ba5 , < 2c835fede13e03f2743a333e4370b5ed2db91e83 (git) Affected: add1aaeabe6b08ed26381a2a06e505b2f09c3ba5 , < 8d83f109e920d2776991fa142bb904d985dca2ed (git) Affected: add1aaeabe6b08ed26381a2a06e505b2f09c3ba5 , < 9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098 (git) Affected: add1aaeabe6b08ed26381a2a06e505b2f09c3ba5 , < 4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:31.690189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:51.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/devio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ab21d6e1411999b5fb43434f421f00bf50002eb",
"status": "affected",
"version": "add1aaeabe6b08ed26381a2a06e505b2f09c3ba5",
"versionType": "git"
},
{
"lessThan": "2c835fede13e03f2743a333e4370b5ed2db91e83",
"status": "affected",
"version": "add1aaeabe6b08ed26381a2a06e505b2f09c3ba5",
"versionType": "git"
},
{
"lessThan": "8d83f109e920d2776991fa142bb904d985dca2ed",
"status": "affected",
"version": "add1aaeabe6b08ed26381a2a06e505b2f09c3ba5",
"versionType": "git"
},
{
"lessThan": "9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098",
"status": "affected",
"version": "add1aaeabe6b08ed26381a2a06e505b2f09c3ba5",
"versionType": "git"
},
{
"lessThan": "4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de",
"status": "affected",
"version": "add1aaeabe6b08ed26381a2a06e505b2f09c3ba5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/devio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbfs: Don\u0027t WARN about excessively large memory allocations\n\nSyzbot found that the kernel generates a WARNing if the user tries to\nsubmit a bulk transfer through usbfs with a buffer that is way too\nlarge. This isn\u0027t a bug in the kernel; it\u0027s merely an invalid request\nfrom the user and the usbfs code does handle it correctly.\n\nIn theory the same thing can happen with async transfers, or with the\npacket descriptor table for isochronous transfers.\n\nTo prevent the MM subsystem from complaining about these bad\nallocation requests, add the __GFP_NOWARN flag to the kmalloc calls\nfor these buffers."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:35:47.627Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb"
},
{
"url": "https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83"
},
{
"url": "https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed"
},
{
"url": "https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098"
},
{
"url": "https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de"
}
],
"title": "USB: usbfs: Don\u0027t WARN about excessively large memory allocations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47170",
"datePublished": "2024-03-25T09:16:22.313Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-12-18T11:35:47.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47175 (GCVE-0-2021-47175)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net/sched: fq_pie: fix OOB access in the traffic path
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fq_pie: fix OOB access in the traffic path
the following script:
# tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2
# tc qdisc add dev eth0 clsact
# tc filter add dev eth0 egress matchall action skbedit priority 0x10002
# ping 192.0.2.2 -I eth0 -c2 -w1 -q
produces the following splat:
BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]
Read of size 4 at addr ffff888171306924 by task ping/942
CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441
Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
Call Trace:
dump_stack+0x92/0xc1
print_address_description.constprop.7+0x1a/0x150
kasan_report.cold.13+0x7f/0x111
fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]
__dev_queue_xmit+0x1034/0x2b10
ip_finish_output2+0xc62/0x2120
__ip_finish_output+0x553/0xea0
ip_output+0x1ca/0x4d0
ip_send_skb+0x37/0xa0
raw_sendmsg+0x1c4b/0x2d00
sock_sendmsg+0xdb/0x110
__sys_sendto+0x1d7/0x2b0
__x64_sys_sendto+0xdd/0x1b0
do_syscall_64+0x3c/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe69735c3eb
Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89
RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb
RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003
RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260
R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0
Allocated by task 917:
kasan_save_stack+0x19/0x40
__kasan_kmalloc+0x7f/0xa0
__kmalloc_node+0x139/0x280
fq_pie_init+0x555/0x8e8 [sch_fq_pie]
qdisc_create+0x407/0x11b0
tc_modify_qdisc+0x3c2/0x17e0
rtnetlink_rcv_msg+0x346/0x8e0
netlink_rcv_skb+0x120/0x380
netlink_unicast+0x439/0x630
netlink_sendmsg+0x719/0xbf0
sock_sendmsg+0xe2/0x110
____sys_sendmsg+0x5ba/0x890
___sys_sendmsg+0xe9/0x160
__sys_sendmsg+0xd3/0x170
do_syscall_64+0x3c/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff888171306800
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 36 bytes to the right of
256-byte region [ffff888171306800, ffff888171306900)
The buggy address belongs to the page:
page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306
head:00000000bcfb624e order:1 compound_mapcount:0
flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
>ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a
valid flow: it's an address beyond the allocated memory.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
ec97ecf1ebe485a17cd8395a5f35e6b80b57665a , < e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c
(git)
Affected: ec97ecf1ebe485a17cd8395a5f35e6b80b57665a , < 7a1bdec12e43e29cc34a4394590337069d8812ce (git) Affected: ec97ecf1ebe485a17cd8395a5f35e6b80b57665a , < e70f7a11876a1a788ceadf75e9e5f7af2c868680 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:24:58.134002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:58.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "7a1bdec12e43e29cc34a4394590337069d8812ce",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
},
{
"lessThan": "e70f7a11876a1a788ceadf75e9e5f7af2c868680",
"status": "affected",
"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_fq_pie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: fix OOB access in the traffic path\n\nthe following script:\n\n # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2\n # tc qdisc add dev eth0 clsact\n # tc filter add dev eth0 egress matchall action skbedit priority 0x10002\n # ping 192.0.2.2 -I eth0 -c2 -w1 -q\n\nproduces the following splat:\n\n BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n Read of size 4 at addr ffff888171306924 by task ping/942\n\n CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n __dev_queue_xmit+0x1034/0x2b10\n ip_finish_output2+0xc62/0x2120\n __ip_finish_output+0x553/0xea0\n ip_output+0x1ca/0x4d0\n ip_send_skb+0x37/0xa0\n raw_sendmsg+0x1c4b/0x2d00\n sock_sendmsg+0xdb/0x110\n __sys_sendto+0x1d7/0x2b0\n __x64_sys_sendto+0xdd/0x1b0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fe69735c3eb\n Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89\n RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb\n RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003\n RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260\n R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0\n\n Allocated by task 917:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc+0x7f/0xa0\n __kmalloc_node+0x139/0x280\n fq_pie_init+0x555/0x8e8 [sch_fq_pie]\n qdisc_create+0x407/0x11b0\n tc_modify_qdisc+0x3c2/0x17e0\n rtnetlink_rcv_msg+0x346/0x8e0\n netlink_rcv_skb+0x120/0x380\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n The buggy address belongs to the object at ffff888171306800\n which belongs to the cache kmalloc-256 of size 256\n The buggy address is located 36 bytes to the right of\n 256-byte region [ffff888171306800, ffff888171306900)\n The buggy address belongs to the page:\n page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306\n head:00000000bcfb624e order:1 compound_mapcount:0\n flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc\n \u003effff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nfix fq_pie traffic path to avoid selecting \u0027q-\u003eflows + q-\u003eflows_cnt\u0027 as a\nvalid flow: it\u0027s an address beyond the allocated memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:40.350Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c"
},
{
"url": "https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce"
},
{
"url": "https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680"
}
],
"title": "net/sched: fq_pie: fix OOB access in the traffic path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47175",
"datePublished": "2024-03-25T09:16:25.995Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:40.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47163 (GCVE-0-2021-47163)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
tipc: wait and exit until all work queues are done
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: wait and exit until all work queues are done
On some host, a crash could be triggered simply by repeating these
commands several times:
# modprobe tipc
# tipc bearer enable media udp name UDP1 localip 127.0.0.1
# rmmod tipc
[] BUG: unable to handle kernel paging request at ffffffffc096bb00
[] Workqueue: events 0xffffffffc096bb00
[] Call Trace:
[] ? process_one_work+0x1a7/0x360
[] ? worker_thread+0x30/0x390
[] ? create_worker+0x1a0/0x1a0
[] ? kthread+0x116/0x130
[] ? kthread_flush_work_fn+0x10/0x10
[] ? ret_from_fork+0x35/0x40
When removing the TIPC module, the UDP tunnel sock will be delayed to
release in a work queue as sock_release() can't be done in rtnl_lock().
If the work queue is schedule to run after the TIPC module is removed,
kernel will crash as the work queue function cleanup_beareri() code no
longer exists when trying to invoke it.
To fix it, this patch introduce a member wq_count in tipc_net to track
the numbers of work queues in schedule, and wait and exit until all
work queues are done in tipc_exit_net().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d0f91938bede204a343473792529e0db7d599836 , < d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa
(git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 5195ec5e365a2a9331bfeb585b613a6e94f98dba (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 04c26faa51d1e2fe71cf13c45791f5174c37f986 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:41:39.688056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:00.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/core.c",
"net/tipc/core.h",
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "5195ec5e365a2a9331bfeb585b613a6e94f98dba",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "04c26faa51d1e2fe71cf13c45791f5174c37f986",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/core.c",
"net/tipc/core.h",
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can\u0027t be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:22.258Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
},
{
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
}
],
"title": "tipc: wait and exit until all work queues are done",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47163",
"datePublished": "2024-03-25T09:16:16.676Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:22.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47172 (GCVE-0-2021-47172)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Channel numbering must start at 0 and then not have any holes, or
it is possible to overflow the available storage. Note this bug was
introduced as part of a fix to ensure we didn't rely on the ordering
of child nodes. So we need to support arbitrary ordering but they all
need to be there somewhere.
Note I hit this when using qemu to test the rest of this series.
Arguably this isn't the best fix, but it is probably the most minimal
option for backporting etc.
Alexandru's sign-off is here because he carried this patch in a larger
set that Jonathan then applied.
Severity ?
5.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
5408cbc6337300d6f1a87c797273c535ed96305a , < f49149964d2423fb618fb6b755bb1eaa431cca2c
(git)
Affected: d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4 , < f70122825076117787b91e7f219e21c09f11a5b9 (git) Affected: d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4 , < 26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc (git) Affected: d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4 , < f2a772c51206b0c3f262e4f6a3812c89a650191b (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T17:18:44.850824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:29:32.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7124.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f49149964d2423fb618fb6b755bb1eaa431cca2c",
"status": "affected",
"version": "5408cbc6337300d6f1a87c797273c535ed96305a",
"versionType": "git"
},
{
"lessThan": "f70122825076117787b91e7f219e21c09f11a5b9",
"status": "affected",
"version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4",
"versionType": "git"
},
{
"lessThan": "26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc",
"status": "affected",
"version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4",
"versionType": "git"
},
{
"lessThan": "f2a772c51206b0c3f262e4f6a3812c89a650191b",
"status": "affected",
"version": "d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7124.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: Fix potential overflow due to non sequential channel numbers\n\nChannel numbering must start at 0 and then not have any holes, or\nit is possible to overflow the available storage. Note this bug was\nintroduced as part of a fix to ensure we didn\u0027t rely on the ordering\nof child nodes. So we need to support arbitrary ordering but they all\nneed to be there somewhere.\n\nNote I hit this when using qemu to test the rest of this series.\nArguably this isn\u0027t the best fix, but it is probably the most minimal\noption for backporting etc.\n\nAlexandru\u0027s sign-off is here because he carried this patch in a larger\nset that Jonathan then applied."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:37.206Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c"
},
{
"url": "https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9"
},
{
"url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc"
},
{
"url": "https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b"
}
],
"title": "iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47172",
"datePublished": "2024-03-25T09:16:23.741Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:37.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47153 (GCVE-0-2021-47153)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
i2c: i801: Don't generate an interrupt on bus reset
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Don't generate an interrupt on bus reset
Now that the i2c-i801 driver supports interrupts, setting the KILL bit
in a attempt to recover from a timed out transaction triggers an
interrupt. Unfortunately, the interrupt handler (i801_isr) is not
prepared for this situation and will try to process the interrupt as
if it was signaling the end of a successful transaction. In the case
of a block transaction, this can result in an out-of-range memory
access.
This condition was reproduced several times by syzbot:
https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e
https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e
https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e
https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb
https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a
https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79
So disable interrupts while trying to reset the bus. Interrupts will
be enabled again for the following transaction.
Severity ?
6 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
636752bcb5177a301d0266270661581de8624828 , < f9469082126cebb7337db3992d143f5e4edfe629
(git)
Affected: 636752bcb5177a301d0266270661581de8624828 , < 09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < dfa8929e117b0228a7765f5c3f5988a4a028f3c6 (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < c70e1ba2e7e65255a0ce004f531dd90dada97a8c (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 04cc05e3716ae31b17ecdab7bc55c8170def1b8b (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < b523feb7e8e44652f92f3babb953a976e7ccbbef (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < 1f583d3813f204449037cd2acbfc09168171362a (git) Affected: 636752bcb5177a301d0266270661581de8624828 , < e4d8716c3dcec47f1557024add24e1f3c09eb24b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:20:15.941507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:55:32.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f9469082126cebb7337db3992d143f5e4edfe629",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "dfa8929e117b0228a7765f5c3f5988a4a028f3c6",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "c70e1ba2e7e65255a0ce004f531dd90dada97a8c",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "04cc05e3716ae31b17ecdab7bc55c8170def1b8b",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "b523feb7e8e44652f92f3babb953a976e7ccbbef",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "1f583d3813f204449037cd2acbfc09168171362a",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
},
{
"lessThan": "e4d8716c3dcec47f1557024add24e1f3c09eb24b",
"status": "affected",
"version": "636752bcb5177a301d0266270661581de8624828",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Don\u0027t generate an interrupt on bus reset\n\nNow that the i2c-i801 driver supports interrupts, setting the KILL bit\nin a attempt to recover from a timed out transaction triggers an\ninterrupt. Unfortunately, the interrupt handler (i801_isr) is not\nprepared for this situation and will try to process the interrupt as\nif it was signaling the end of a successful transaction. In the case\nof a block transaction, this can result in an out-of-range memory\naccess.\n\nThis condition was reproduced several times by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e\nhttps://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e\nhttps://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e\nhttps://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb\nhttps://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a\nhttps://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79\n\nSo disable interrupts while trying to reset the bus. Interrupts will\nbe enabled again for the following transaction."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:15.278Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629"
},
{
"url": "https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3"
},
{
"url": "https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6"
},
{
"url": "https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c"
},
{
"url": "https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b"
},
{
"url": "https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef"
},
{
"url": "https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a"
},
{
"url": "https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b"
}
],
"title": "i2c: i801: Don\u0027t generate an interrupt on bus reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47153",
"datePublished": "2024-03-25T09:07:47.873Z",
"dateReserved": "2024-03-04T18:12:48.846Z",
"dateUpdated": "2025-05-04T07:05:15.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47136 (GCVE-0-2021-47136)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 12:41
VLAI?
EPSS
Title
net: zero-initialize tc skb extension on allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: zero-initialize tc skb extension on allocation
Function skb_ext_add() doesn't initialize created skb extension with any
value and leaves it up to the user. However, since extension of type
TC_SKB_EXT originally contained only single value tc_skb_ext->chain its
users used to just assign the chain value without setting whole extension
memory to zero first. This assumption changed when TC_SKB_EXT extension was
extended with additional fields but not all users were updated to
initialize the new fields which leads to use of uninitialized memory
afterwards. UBSAN log:
[ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28
[ 778.301495] load of value 107 is not a valid value for type '_Bool'
[ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2
[ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[ 778.307901] Call Trace:
[ 778.308680] <IRQ>
[ 778.309358] dump_stack+0xbb/0x107
[ 778.310307] ubsan_epilogue+0x5/0x40
[ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48
[ 778.312454] ? memset+0x20/0x40
[ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]
[ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch]
[ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]
[ 778.317188] ? create_prof_cpu_mask+0x20/0x20
[ 778.318220] ? arch_stack_walk+0x82/0xf0
[ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb
[ 778.320399] ? stack_trace_save+0x91/0xc0
[ 778.321362] ? stack_trace_consume_entry+0x160/0x160
[ 778.322517] ? lock_release+0x52e/0x760
[ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch]
[ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]
[ 778.325950] __netif_receive_skb_core+0x771/0x2db0
[ 778.327067] ? lock_downgrade+0x6e0/0x6f0
[ 778.328021] ? lock_acquire+0x565/0x720
[ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0
[ 778.329902] ? inet_gro_receive+0x2a7/0x10a0
[ 778.330914] ? lock_downgrade+0x6f0/0x6f0
[ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0
[ 778.332876] ? lock_release+0x52e/0x760
[ 778.333808] ? dev_gro_receive+0xcc8/0x2380
[ 778.334810] ? lock_downgrade+0x6f0/0x6f0
[ 778.335769] __netif_receive_skb_list_core+0x295/0x820
[ 778.336955] ? process_backlog+0x780/0x780
[ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]
[ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0
[ 778.341033] ? kvm_clock_get_cycles+0x14/0x20
[ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0
[ 778.343288] ? __kasan_kmalloc+0x7a/0x90
[ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]
[ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]
[ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820
[ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]
[ 778.349688] ? napi_gro_flush+0x26c/0x3c0
[ 778.350641] napi_complete_done+0x188/0x6b0
[ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]
[ 778.352853] __napi_poll+0x9f/0x510
[ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]
[ 778.355158] net_rx_action+0x34c/0xa40
[ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0
[ 778.357083] ? sched_clock_cpu+0x18/0x190
[ 778.358041] ? __common_interrupt+0x8e/0x1a0
[ 778.359045] __do_softirq+0x1ce/0x984
[ 778.359938] __irq_exit_rcu+0x137/0x1d0
[ 778.360865] irq_exit_rcu+0xa/0x20
[ 778.361708] common_interrupt+0x80/0xa0
[ 778.362640] </IRQ>
[ 778.363212] asm_common_interrupt+0x1e/0x40
[ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10
[ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00
[ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246
[ 778.370570] RAX
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
038ebb1a713d114d54dbf14868a73181c0c92758 , < ac493452e937b8939eaf2d24cac51a4804b6c20e
(git)
Affected: 038ebb1a713d114d54dbf14868a73181c0c92758 , < 86ab133b695ed7ba1f8786b12f4ca43137ad8c18 (git) Affected: 038ebb1a713d114d54dbf14868a73181c0c92758 , < 9453d45ecb6c2199d72e73c993e9d98677a2801b (git) Affected: 7154bda4cfc1f41b339121475d2b0234141f3492 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac493452e937b8939eaf2d24cac51a4804b6c20e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86ab133b695ed7ba1f8786b12f4ca43137ad8c18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9453d45ecb6c2199d72e73c993e9d98677a2801b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:03.662373Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c",
"drivers/net/ethernet/mellanox/mlx5/core/en_tc.c",
"include/net/pkt_cls.h",
"net/sched/cls_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ac493452e937b8939eaf2d24cac51a4804b6c20e",
"status": "affected",
"version": "038ebb1a713d114d54dbf14868a73181c0c92758",
"versionType": "git"
},
{
"lessThan": "86ab133b695ed7ba1f8786b12f4ca43137ad8c18",
"status": "affected",
"version": "038ebb1a713d114d54dbf14868a73181c0c92758",
"versionType": "git"
},
{
"lessThan": "9453d45ecb6c2199d72e73c993e9d98677a2801b",
"status": "affected",
"version": "038ebb1a713d114d54dbf14868a73181c0c92758",
"versionType": "git"
},
{
"status": "affected",
"version": "7154bda4cfc1f41b339121475d2b0234141f3492",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c",
"drivers/net/ethernet/mellanox/mlx5/core/en_tc.c",
"include/net/pkt_cls.h",
"net/sched/cls_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: zero-initialize tc skb extension on allocation\n\nFunction skb_ext_add() doesn\u0027t initialize created skb extension with any\nvalue and leaves it up to the user. However, since extension of type\nTC_SKB_EXT originally contained only single value tc_skb_ext-\u003echain its\nusers used to just assign the chain value without setting whole extension\nmemory to zero first. This assumption changed when TC_SKB_EXT extension was\nextended with additional fields but not all users were updated to\ninitialize the new fields which leads to use of uninitialized memory\nafterwards. UBSAN log:\n\n[ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28\n[ 778.301495] load of value 107 is not a valid value for type \u0027_Bool\u0027\n[ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2\n[ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 778.307901] Call Trace:\n[ 778.308680] \u003cIRQ\u003e\n[ 778.309358] dump_stack+0xbb/0x107\n[ 778.310307] ubsan_epilogue+0x5/0x40\n[ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48\n[ 778.312454] ? memset+0x20/0x40\n[ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]\n[ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch]\n[ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]\n[ 778.317188] ? create_prof_cpu_mask+0x20/0x20\n[ 778.318220] ? arch_stack_walk+0x82/0xf0\n[ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb\n[ 778.320399] ? stack_trace_save+0x91/0xc0\n[ 778.321362] ? stack_trace_consume_entry+0x160/0x160\n[ 778.322517] ? lock_release+0x52e/0x760\n[ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch]\n[ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]\n[ 778.325950] __netif_receive_skb_core+0x771/0x2db0\n[ 778.327067] ? lock_downgrade+0x6e0/0x6f0\n[ 778.328021] ? lock_acquire+0x565/0x720\n[ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0\n[ 778.329902] ? inet_gro_receive+0x2a7/0x10a0\n[ 778.330914] ? lock_downgrade+0x6f0/0x6f0\n[ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0\n[ 778.332876] ? lock_release+0x52e/0x760\n[ 778.333808] ? dev_gro_receive+0xcc8/0x2380\n[ 778.334810] ? lock_downgrade+0x6f0/0x6f0\n[ 778.335769] __netif_receive_skb_list_core+0x295/0x820\n[ 778.336955] ? process_backlog+0x780/0x780\n[ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]\n[ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0\n[ 778.341033] ? kvm_clock_get_cycles+0x14/0x20\n[ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0\n[ 778.343288] ? __kasan_kmalloc+0x7a/0x90\n[ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]\n[ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]\n[ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820\n[ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]\n[ 778.349688] ? napi_gro_flush+0x26c/0x3c0\n[ 778.350641] napi_complete_done+0x188/0x6b0\n[ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]\n[ 778.352853] __napi_poll+0x9f/0x510\n[ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]\n[ 778.355158] net_rx_action+0x34c/0xa40\n[ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0\n[ 778.357083] ? sched_clock_cpu+0x18/0x190\n[ 778.358041] ? __common_interrupt+0x8e/0x1a0\n[ 778.359045] __do_softirq+0x1ce/0x984\n[ 778.359938] __irq_exit_rcu+0x137/0x1d0\n[ 778.360865] irq_exit_rcu+0xa/0x20\n[ 778.361708] common_interrupt+0x80/0xa0\n[ 778.362640] \u003c/IRQ\u003e\n[ 778.363212] asm_common_interrupt+0x1e/0x40\n[ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10\n[ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 \u003cc3\u003e 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00\n[ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246\n[ 778.370570] RAX\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:08.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ac493452e937b8939eaf2d24cac51a4804b6c20e"
},
{
"url": "https://git.kernel.org/stable/c/86ab133b695ed7ba1f8786b12f4ca43137ad8c18"
},
{
"url": "https://git.kernel.org/stable/c/9453d45ecb6c2199d72e73c993e9d98677a2801b"
}
],
"title": "net: zero-initialize tc skb extension on allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47136",
"datePublished": "2024-03-25T09:07:36.064Z",
"dateReserved": "2024-03-04T18:12:48.840Z",
"dateUpdated": "2025-05-04T12:41:08.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47141 (GCVE-0-2021-47141)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
gve: Add NULL pointer checks when freeing irqs.
Summary
In the Linux kernel, the following vulnerability has been resolved:
gve: Add NULL pointer checks when freeing irqs.
When freeing notification blocks, we index priv->msix_vectors.
If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors)
this could lead to a NULL pointer dereference if the driver is unloaded.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
893ce44df56580fb878ca5af9c4a5fd87567da50 , < 821149ee88c206fa37e79c1868cc270518484876
(git)
Affected: 893ce44df56580fb878ca5af9c4a5fd87567da50 , < da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb (git) Affected: 893ce44df56580fb878ca5af9c4a5fd87567da50 , < 5278c75266c5094d3c0958793bf12fc90300e580 (git) Affected: 893ce44df56580fb878ca5af9c4a5fd87567da50 , < 5218e919c8d06279884aa0baf76778a6817d5b93 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T18:19:57.763630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:31.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/821149ee88c206fa37e79c1868cc270518484876"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5278c75266c5094d3c0958793bf12fc90300e580"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5218e919c8d06279884aa0baf76778a6817d5b93"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "821149ee88c206fa37e79c1868cc270518484876",
"status": "affected",
"version": "893ce44df56580fb878ca5af9c4a5fd87567da50",
"versionType": "git"
},
{
"lessThan": "da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb",
"status": "affected",
"version": "893ce44df56580fb878ca5af9c4a5fd87567da50",
"versionType": "git"
},
{
"lessThan": "5278c75266c5094d3c0958793bf12fc90300e580",
"status": "affected",
"version": "893ce44df56580fb878ca5af9c4a5fd87567da50",
"versionType": "git"
},
{
"lessThan": "5218e919c8d06279884aa0baf76778a6817d5b93",
"status": "affected",
"version": "893ce44df56580fb878ca5af9c4a5fd87567da50",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/google/gve/gve_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Add NULL pointer checks when freeing irqs.\n\nWhen freeing notification blocks, we index priv-\u003emsix_vectors.\nIf we failed to allocate priv-\u003emsix_vectors (see abort_with_msix_vectors)\nthis could lead to a NULL pointer dereference if the driver is unloaded."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:56.263Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/821149ee88c206fa37e79c1868cc270518484876"
},
{
"url": "https://git.kernel.org/stable/c/da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb"
},
{
"url": "https://git.kernel.org/stable/c/5278c75266c5094d3c0958793bf12fc90300e580"
},
{
"url": "https://git.kernel.org/stable/c/5218e919c8d06279884aa0baf76778a6817d5b93"
}
],
"title": "gve: Add NULL pointer checks when freeing irqs.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47141",
"datePublished": "2024-03-25T09:07:39.737Z",
"dateReserved": "2024-03-04T18:12:48.842Z",
"dateUpdated": "2025-05-04T07:04:56.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47145 (GCVE-0-2021-47145)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-12-18 11:35
VLAI?
EPSS
Title
btrfs: do not BUG_ON in link_to_fixup_dir
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not BUG_ON in link_to_fixup_dir
While doing error injection testing I got the following panic
kernel BUG at fs/btrfs/tree-log.c:1862!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
RIP: 0010:link_to_fixup_dir+0xd5/0xe0
RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216
RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0
RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000
RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001
R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800
R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065
FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0
Call Trace:
replay_one_buffer+0x409/0x470
? btree_read_extent_buffer_pages+0xd0/0x110
walk_up_log_tree+0x157/0x1e0
walk_log_tree+0xa6/0x1d0
btrfs_recover_log_trees+0x1da/0x360
? replay_one_extent+0x7b0/0x7b0
open_ctree+0x1486/0x1720
btrfs_mount_root.cold+0x12/0xea
? __kmalloc_track_caller+0x12f/0x240
legacy_get_tree+0x24/0x40
vfs_get_tree+0x22/0xb0
vfs_kern_mount.part.0+0x71/0xb0
btrfs_mount+0x10d/0x380
? vfs_parse_fs_string+0x4d/0x90
legacy_get_tree+0x24/0x40
vfs_get_tree+0x22/0xb0
path_mount+0x433/0xa10
__x64_sys_mount+0xe3/0x120
do_syscall_64+0x3d/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
We can get -EIO or any number of legitimate errors from
btrfs_search_slot(), panicing here is not the appropriate response. The
error path for this code handles errors properly, simply return the
error.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 76bfd8ac20bebeae599452a03dfc5724c0475dcf
(git)
Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < e934c4ee17b33bafb0444f2f9766cda7166d3c40 (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 0eaf383c6a4a83c09f60fd07a1bea9f1a9181611 (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 0ed102453aa1cd12fefde8f6b60b9519b0b1f003 (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 7e13db503918820e6333811cdc6f151dcea5090a (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < b545442133580dcb2f2496133bf850824d41255c (git) Affected: e02119d5a7b4396c5a872582fddc8bd6d305a70a , < 91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T14:12:43.029638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:28.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e934c4ee17b33bafb0444f2f9766cda7166d3c40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0eaf383c6a4a83c09f60fd07a1bea9f1a9181611"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ed102453aa1cd12fefde8f6b60b9519b0b1f003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e13db503918820e6333811cdc6f151dcea5090a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b545442133580dcb2f2496133bf850824d41255c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "76bfd8ac20bebeae599452a03dfc5724c0475dcf",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "e934c4ee17b33bafb0444f2f9766cda7166d3c40",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "0eaf383c6a4a83c09f60fd07a1bea9f1a9181611",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "0ed102453aa1cd12fefde8f6b60b9519b0b1f003",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "7e13db503918820e6333811cdc6f151dcea5090a",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "b545442133580dcb2f2496133bf850824d41255c",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
},
{
"lessThan": "91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d",
"status": "affected",
"version": "e02119d5a7b4396c5a872582fddc8bd6d305a70a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/tree-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON in link_to_fixup_dir\n\nWhile doing error injection testing I got the following panic\n\n kernel BUG at fs/btrfs/tree-log.c:1862!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\n RIP: 0010:link_to_fixup_dir+0xd5/0xe0\n RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216\n RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0\n RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000\n RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001\n R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800\n R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065\n FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0\n Call Trace:\n replay_one_buffer+0x409/0x470\n ? btree_read_extent_buffer_pages+0xd0/0x110\n walk_up_log_tree+0x157/0x1e0\n walk_log_tree+0xa6/0x1d0\n btrfs_recover_log_trees+0x1da/0x360\n ? replay_one_extent+0x7b0/0x7b0\n open_ctree+0x1486/0x1720\n btrfs_mount_root.cold+0x12/0xea\n ? __kmalloc_track_caller+0x12f/0x240\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n vfs_kern_mount.part.0+0x71/0xb0\n btrfs_mount+0x10d/0x380\n ? vfs_parse_fs_string+0x4d/0x90\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n path_mount+0x433/0xa10\n __x64_sys_mount+0xe3/0x120\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nWe can get -EIO or any number of legitimate errors from\nbtrfs_search_slot(), panicing here is not the appropriate response. The\nerror path for this code handles errors properly, simply return the\nerror."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:35:43.006Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf"
},
{
"url": "https://git.kernel.org/stable/c/e934c4ee17b33bafb0444f2f9766cda7166d3c40"
},
{
"url": "https://git.kernel.org/stable/c/0eaf383c6a4a83c09f60fd07a1bea9f1a9181611"
},
{
"url": "https://git.kernel.org/stable/c/6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa"
},
{
"url": "https://git.kernel.org/stable/c/0ed102453aa1cd12fefde8f6b60b9519b0b1f003"
},
{
"url": "https://git.kernel.org/stable/c/7e13db503918820e6333811cdc6f151dcea5090a"
},
{
"url": "https://git.kernel.org/stable/c/b545442133580dcb2f2496133bf850824d41255c"
},
{
"url": "https://git.kernel.org/stable/c/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d"
}
],
"title": "btrfs: do not BUG_ON in link_to_fixup_dir",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47145",
"datePublished": "2024-03-25T09:07:42.384Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-12-18T11:35:43.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47138 (GCVE-0-2021-47138)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
cxgb4: avoid accessing registers when clearing filters
Summary
In the Linux kernel, the following vulnerability has been resolved:
cxgb4: avoid accessing registers when clearing filters
Hardware register having the server TID base can contain
invalid values when adapter is in bad state (for example,
due to AER fatal error). Reading these invalid values in the
register can lead to out-of-bound memory access. So, fix
by using the saved server TID base when clearing filters.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
b1a79360ee862f8ada4798ad2346fa45bb41b527 , < 0bf49b3c8d8b3a43ce09f1b2db70e5484d31fcdf
(git)
Affected: b1a79360ee862f8ada4798ad2346fa45bb41b527 , < 02f03883fdb10ad7e66717c70ea163a8d27ae6e7 (git) Affected: b1a79360ee862f8ada4798ad2346fa45bb41b527 , < 285207a558ab456aa7d8aa877ecc7e91fcc51710 (git) Affected: b1a79360ee862f8ada4798ad2346fa45bb41b527 , < 88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:36:36.021064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:36:44.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0bf49b3c8d8b3a43ce09f1b2db70e5484d31fcdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f03883fdb10ad7e66717c70ea163a8d27ae6e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/285207a558ab456aa7d8aa877ecc7e91fcc51710"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0bf49b3c8d8b3a43ce09f1b2db70e5484d31fcdf",
"status": "affected",
"version": "b1a79360ee862f8ada4798ad2346fa45bb41b527",
"versionType": "git"
},
{
"lessThan": "02f03883fdb10ad7e66717c70ea163a8d27ae6e7",
"status": "affected",
"version": "b1a79360ee862f8ada4798ad2346fa45bb41b527",
"versionType": "git"
},
{
"lessThan": "285207a558ab456aa7d8aa877ecc7e91fcc51710",
"status": "affected",
"version": "b1a79360ee862f8ada4798ad2346fa45bb41b527",
"versionType": "git"
},
{
"lessThan": "88c380df84fbd03f9b137c2b9d0a44b9f2f553b0",
"status": "affected",
"version": "b1a79360ee862f8ada4798ad2346fa45bb41b527",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: avoid accessing registers when clearing filters\n\nHardware register having the server TID base can contain\ninvalid values when adapter is in bad state (for example,\ndue to AER fatal error). Reading these invalid values in the\nregister can lead to out-of-bound memory access. So, fix\nby using the saved server TID base when clearing filters."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:52.812Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bf49b3c8d8b3a43ce09f1b2db70e5484d31fcdf"
},
{
"url": "https://git.kernel.org/stable/c/02f03883fdb10ad7e66717c70ea163a8d27ae6e7"
},
{
"url": "https://git.kernel.org/stable/c/285207a558ab456aa7d8aa877ecc7e91fcc51710"
},
{
"url": "https://git.kernel.org/stable/c/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0"
}
],
"title": "cxgb4: avoid accessing registers when clearing filters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47138",
"datePublished": "2024-03-25T09:07:37.414Z",
"dateReserved": "2024-03-04T18:12:48.841Z",
"dateUpdated": "2025-05-04T07:04:52.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47139 (GCVE-0-2021-47139)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
net: hns3: put off calling register_netdev() until client initialize complete
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: put off calling register_netdev() until client initialize complete
Currently, the netdevice is registered before client initializing
complete. So there is a timewindow between netdevice available
and usable. In this case, if user try to change the channel number
or ring param, it may cause the hns3_set_rx_cpu_rmap() being called
twice, and report bug.
[47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0
[47199.430340] hns3 0000:35:00.0 eth1: already uninitialized
[47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1
[47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1
[47200.163524] ------------[ cut here ]------------
[47200.171674] kernel BUG at lib/cpu_rmap.c:142!
[47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge]
[47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1
[47200.215601] Hardware name: , xxxxxx 02/04/2021
[47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[47200.230188] pc : cpu_rmap_add+0x38/0x40
[47200.237472] lr : irq_cpu_rmap_add+0x84/0x140
[47200.243291] sp : ffff800010e93a30
[47200.247295] x29: ffff800010e93a30 x28: ffff082100584880
[47200.254155] x27: 0000000000000000 x26: 0000000000000000
[47200.260712] x25: 0000000000000000 x24: 0000000000000004
[47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0
[47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680
[47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0
[47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0
[47200.293456] x15: fffffc2082990600 x14: dead000000000122
[47200.300059] x13: ffffffffffffffff x12: 000000000000003e
[47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000
[47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700
[47200.319682] x7 : 0000000000000000 x6 : 000000000000003f
[47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20
[47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80
[47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004
[47200.346058] Call trace:
[47200.349324] cpu_rmap_add+0x38/0x40
[47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3]
[47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3]
[47200.370049] hns3_change_channels+0x40/0xb0 [hns3]
[47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3]
[47200.383353] ethtool_set_channels+0x140/0x250
[47200.389772] dev_ethtool+0x714/0x23d0
[47200.394440] dev_ioctl+0x4cc/0x640
[47200.399277] sock_do_ioctl+0x100/0x2a0
[47200.404574] sock_ioctl+0x28c/0x470
[47200.409079] __arm64_sys_ioctl+0xb4/0x100
[47200.415217] el0_svc_common.constprop.0+0x84/0x210
[47200.422088] do_el0_svc+0x28/0x34
[47200.426387] el0_svc+0x28/0x70
[47200.431308] el0_sync_handler+0x1a4/0x1b0
[47200.436477] el0_sync+0x174/0x180
[47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000)
[47200.448869] ---[ end trace a01efe4ce42e5f34 ]---
The process is like below:
excuting hns3_client_init
|
register_netdev()
| hns3_set_channels()
| |
hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet()
| |
| quit without calling function
| hns3_free_rx_cpu_rmap for flag
| HNS3_NIC_STATE_INITED is unset.
| |
| hns3_reset_notify_init_enet()
| |
set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash
Fix it by calling register_netdev() at the end of function
hns3_client_init().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
08a100689d4baf296d6898c687ea8d005da8d234 , < a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc
(git)
Affected: 08a100689d4baf296d6898c687ea8d005da8d234 , < 0921a0620b5077796fddffb22a8e6bc635a4bb50 (git) Affected: 08a100689d4baf296d6898c687ea8d005da8d234 , < a289a7e5c1d49b7d47df9913c1cc81fb48fab613 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:39:46.000821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:16.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0921a0620b5077796fddffb22a8e6bc635a4bb50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a289a7e5c1d49b7d47df9913c1cc81fb48fab613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc",
"status": "affected",
"version": "08a100689d4baf296d6898c687ea8d005da8d234",
"versionType": "git"
},
{
"lessThan": "0921a0620b5077796fddffb22a8e6bc635a4bb50",
"status": "affected",
"version": "08a100689d4baf296d6898c687ea8d005da8d234",
"versionType": "git"
},
{
"lessThan": "a289a7e5c1d49b7d47df9913c1cc81fb48fab613",
"status": "affected",
"version": "08a100689d4baf296d6898c687ea8d005da8d234",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: put off calling register_netdev() until client initialize complete\n\nCurrently, the netdevice is registered before client initializing\ncomplete. So there is a timewindow between netdevice available\nand usable. In this case, if user try to change the channel number\nor ring param, it may cause the hns3_set_rx_cpu_rmap() being called\ntwice, and report bug.\n\n[47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0\n[47199.430340] hns3 0000:35:00.0 eth1: already uninitialized\n[47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1\n[47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1\n[47200.163524] ------------[ cut here ]------------\n[47200.171674] kernel BUG at lib/cpu_rmap.c:142!\n[47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge]\n[47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1\n[47200.215601] Hardware name: , xxxxxx 02/04/2021\n[47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[47200.230188] pc : cpu_rmap_add+0x38/0x40\n[47200.237472] lr : irq_cpu_rmap_add+0x84/0x140\n[47200.243291] sp : ffff800010e93a30\n[47200.247295] x29: ffff800010e93a30 x28: ffff082100584880\n[47200.254155] x27: 0000000000000000 x26: 0000000000000000\n[47200.260712] x25: 0000000000000000 x24: 0000000000000004\n[47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0\n[47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680\n[47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0\n[47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0\n[47200.293456] x15: fffffc2082990600 x14: dead000000000122\n[47200.300059] x13: ffffffffffffffff x12: 000000000000003e\n[47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000\n[47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700\n[47200.319682] x7 : 0000000000000000 x6 : 000000000000003f\n[47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20\n[47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80\n[47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004\n[47200.346058] Call trace:\n[47200.349324] cpu_rmap_add+0x38/0x40\n[47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3]\n[47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3]\n[47200.370049] hns3_change_channels+0x40/0xb0 [hns3]\n[47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3]\n[47200.383353] ethtool_set_channels+0x140/0x250\n[47200.389772] dev_ethtool+0x714/0x23d0\n[47200.394440] dev_ioctl+0x4cc/0x640\n[47200.399277] sock_do_ioctl+0x100/0x2a0\n[47200.404574] sock_ioctl+0x28c/0x470\n[47200.409079] __arm64_sys_ioctl+0xb4/0x100\n[47200.415217] el0_svc_common.constprop.0+0x84/0x210\n[47200.422088] do_el0_svc+0x28/0x34\n[47200.426387] el0_svc+0x28/0x70\n[47200.431308] el0_sync_handler+0x1a4/0x1b0\n[47200.436477] el0_sync+0x174/0x180\n[47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000)\n[47200.448869] ---[ end trace a01efe4ce42e5f34 ]---\n\nThe process is like below:\nexcuting hns3_client_init\n|\nregister_netdev()\n| hns3_set_channels()\n| |\nhns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet()\n| |\n| quit without calling function\n| hns3_free_rx_cpu_rmap for flag\n| HNS3_NIC_STATE_INITED is unset.\n| |\n| hns3_reset_notify_init_enet()\n| |\nset HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash\n\nFix it by calling register_netdev() at the end of function\nhns3_client_init()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:54.050Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc"
},
{
"url": "https://git.kernel.org/stable/c/0921a0620b5077796fddffb22a8e6bc635a4bb50"
},
{
"url": "https://git.kernel.org/stable/c/a289a7e5c1d49b7d47df9913c1cc81fb48fab613"
}
],
"title": "net: hns3: put off calling register_netdev() until client initialize complete",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47139",
"datePublished": "2024-03-25T09:07:38.216Z",
"dateReserved": "2024-03-04T18:12:48.841Z",
"dateUpdated": "2025-05-04T07:04:54.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47149 (GCVE-0-2021-47149)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-12-18 11:35
VLAI?
EPSS
Title
net: fujitsu: fix potential null-ptr-deref
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fujitsu: fix potential null-ptr-deref
In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer
deref. To fix this, check the return value of ioremap and return -1
to the caller in case of failure.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b92170e209f7746ed72eaac98f2c2f4b9af734e6
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6dbf1101594f7c76990b63c35b5a40205a914b6b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c4f1c23edbe921ab2ecd6140d700e756cd44c5f7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7883d3895d0fbb0ba9bff0f8665f99974b45210f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 22049c3d40f08facd1867548716a484dad6b3251 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 71723a796ab7881f491d663c6cd94b29be5fba50 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f14bf57a08779a5dee9936f63ada0149ea89c5e6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 52202be1cd996cde6e8969a128dc27ee45a7cb5e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:41:00.802890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:37.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/fujitsu/fmvj18x_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b92170e209f7746ed72eaac98f2c2f4b9af734e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6dbf1101594f7c76990b63c35b5a40205a914b6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c4f1c23edbe921ab2ecd6140d700e756cd44c5f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7883d3895d0fbb0ba9bff0f8665f99974b45210f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22049c3d40f08facd1867548716a484dad6b3251",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71723a796ab7881f491d663c6cd94b29be5fba50",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f14bf57a08779a5dee9936f63ada0149ea89c5e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "52202be1cd996cde6e8969a128dc27ee45a7cb5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/fujitsu/fmvj18x_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fujitsu: fix potential null-ptr-deref\n\nIn fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer\nderef. To fix this, check the return value of ioremap and return -1\nto the caller in case of failure."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:35:44.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6"
},
{
"url": "https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b"
},
{
"url": "https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7"
},
{
"url": "https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f"
},
{
"url": "https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251"
},
{
"url": "https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50"
},
{
"url": "https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6"
},
{
"url": "https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e"
}
],
"title": "net: fujitsu: fix potential null-ptr-deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47149",
"datePublished": "2024-03-25T09:07:45.189Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-12-18T11:35:44.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47148 (GCVE-0-2021-47148)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()
This function is called from ethtool_set_rxfh() and "*rss_context"
comes from the user. Add some bounds checking to prevent memory
corruption.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:36:23.128673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:36:29.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/389146bc6d2bbb20714d06624b74856320ce40f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e5cc361e21648b75f935f9571d4003aaee480214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "389146bc6d2bbb20714d06624b74856320ce40f7",
"status": "affected",
"version": "81a4362016e7d8b17031fe1aa43cdb58a7f0f163",
"versionType": "git"
},
{
"lessThan": "e5cc361e21648b75f935f9571d4003aaee480214",
"status": "affected",
"version": "81a4362016e7d8b17031fe1aa43cdb58a7f0f163",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()\n\nThis function is called from ethtool_set_rxfh() and \"*rss_context\"\ncomes from the user. Add some bounds checking to prevent memory\ncorruption."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:09.370Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/389146bc6d2bbb20714d06624b74856320ce40f7"
},
{
"url": "https://git.kernel.org/stable/c/e5cc361e21648b75f935f9571d4003aaee480214"
}
],
"title": "octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47148",
"datePublished": "2024-03-25T09:07:44.472Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-05-04T07:05:09.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47176 (GCVE-0-2021-47176)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
s390/dasd: add missing discipline function
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: add missing discipline function
Fix crash with illegal operation exception in dasd_device_tasklet.
Commit b72949328869 ("s390/dasd: Prepare for additional path event handling")
renamed the verify_path function for ECKD but not for FBA and DIAG.
This leads to a panic when the path verification function is called for a
FBA or DIAG device.
Fix by defining a wrapper function for dasd_generic_verify_path().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
8bc5a76268fb334236296b4c185b8337e0d85473 , < 6a16810068e70959bc1df686424aa35ce05578f1
(git)
Affected: 72aebdac390bf0dc04c0385d2db7ee522f4ffa3c , < aa8579bc084673c651204f7cd0d6308a47dffc16 (git) Affected: b72949328869dfd45f6452c2410647afd7db5f1a , < a16be88a3d7e5efcb59a15edea87a8bd369630c6 (git) Affected: b72949328869dfd45f6452c2410647afd7db5f1a , < c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T18:12:45.015543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:47.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd_diag.c",
"drivers/s390/block/dasd_fba.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a16810068e70959bc1df686424aa35ce05578f1",
"status": "affected",
"version": "8bc5a76268fb334236296b4c185b8337e0d85473",
"versionType": "git"
},
{
"lessThan": "aa8579bc084673c651204f7cd0d6308a47dffc16",
"status": "affected",
"version": "72aebdac390bf0dc04c0385d2db7ee522f4ffa3c",
"versionType": "git"
},
{
"lessThan": "a16be88a3d7e5efcb59a15edea87a8bd369630c6",
"status": "affected",
"version": "b72949328869dfd45f6452c2410647afd7db5f1a",
"versionType": "git"
},
{
"lessThan": "c0c8a8397fa8a74d04915f4d3d28cb4a5d401427",
"status": "affected",
"version": "b72949328869dfd45f6452c2410647afd7db5f1a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd_diag.c",
"drivers/s390/block/dasd_fba.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.175",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.237",
"versionStartIncluding": "5.4.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.175",
"versionStartIncluding": "5.10.173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: add missing discipline function\n\nFix crash with illegal operation exception in dasd_device_tasklet.\nCommit b72949328869 (\"s390/dasd: Prepare for additional path event handling\")\nrenamed the verify_path function for ECKD but not for FBA and DIAG.\nThis leads to a panic when the path verification function is called for a\nFBA or DIAG device.\n\nFix by defining a wrapper function for dasd_generic_verify_path()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:41.463Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1"
},
{
"url": "https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16"
},
{
"url": "https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6"
},
{
"url": "https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427"
}
],
"title": "s390/dasd: add missing discipline function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47176",
"datePublished": "2024-03-25T09:16:26.731Z",
"dateReserved": "2024-03-25T09:12:14.112Z",
"dateUpdated": "2025-05-04T07:05:41.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47169 (GCVE-0-2021-47169)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-12-18 11:35
VLAI?
EPSS
Title
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls
'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the
firmware don't exists, function just return without initializing ports
of 'rp2_card'. But now the interrupt handler function has been
registered, and when an interrupt comes, 'rp2_uart_interrupt' may access
those ports then causing NULL pointer dereference or other bugs.
Because the driver does some initialization work in 'rp2_fw_cb', in
order to make the driver ready to handle interrupts, 'request_firmware'
should be used instead of asynchronous 'request_firmware_nowait'.
This report reveals it:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-
gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xec/0x156 lib/dump_stack.c:118
assign_lock_key kernel/locking/lockdep.c:727 [inline]
register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753
__lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303
lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144
spin_lock include/linux/spinlock.h:329 [inline]
rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]
rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493
rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504
__handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149
handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189
handle_irq_event+0xac/0x140 kernel/irq/handle.c:206
handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725
generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]
handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87
do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670
</IRQ>
RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61
Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8
8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90
90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde
RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200
RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840
R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002
R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x6f/0x360 arch/x86/kernel/process.c:557
arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548
default_idle_call+0x3b/0x60 kernel/sched/idle.c:93
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263
cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369
start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-
gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline]
RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline]
RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c:
493
Co
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 1e04d5d5fe5e76af68f834e1941fcbfa439653be
(git)
Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < c697244ce940ec07e2d745ccb63ca97fc0266fbc (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 1cc57cb32c84e059bd158494f746b665fc14d1b1 (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 35265552c7fe9553c75e324c80f45e28ff14eb6e (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 915452f40e2f495e187276c4407a4f567ec2307e (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 6a931ceb0b9401fe18d0c500e08164bf9cc7be4b (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 9b07b6973f7359e2dd6a9fe6db0c142634c823b7 (git) Affected: 7d9f49afa451d8565d00a5cea39acf9bb26feb50 , < 016002848c82eeb5d460489ce392d91fe18c475c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T15:14:46.131045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:26.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/rp2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1e04d5d5fe5e76af68f834e1941fcbfa439653be",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "c697244ce940ec07e2d745ccb63ca97fc0266fbc",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "1cc57cb32c84e059bd158494f746b665fc14d1b1",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "35265552c7fe9553c75e324c80f45e28ff14eb6e",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "915452f40e2f495e187276c4407a4f567ec2307e",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "6a931ceb0b9401fe18d0c500e08164bf9cc7be4b",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "9b07b6973f7359e2dd6a9fe6db0c142634c823b7",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
},
{
"lessThan": "016002848c82eeb5d460489ce392d91fe18c475c",
"status": "affected",
"version": "7d9f49afa451d8565d00a5cea39acf9bb26feb50",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/rp2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: rp2: use \u0027request_firmware\u0027 instead of \u0027request_firmware_nowait\u0027\n\nIn \u0027rp2_probe\u0027, the driver registers \u0027rp2_uart_interrupt\u0027 then calls\n\u0027rp2_fw_cb\u0027 through \u0027request_firmware_nowait\u0027. In \u0027rp2_fw_cb\u0027, if the\nfirmware don\u0027t exists, function just return without initializing ports\nof \u0027rp2_card\u0027. But now the interrupt handler function has been\nregistered, and when an interrupt comes, \u0027rp2_uart_interrupt\u0027 may access\nthose ports then causing NULL pointer dereference or other bugs.\n\nBecause the driver does some initialization work in \u0027rp2_fw_cb\u0027, in\norder to make the driver ready to handle interrupts, \u0027request_firmware\u0027\nshould be used instead of asynchronous \u0027request_firmware_nowait\u0027.\n\nThis report reveals it:\n\nINFO: trying to register non-static key.\nthe code is fine but needs lockdep annotation.\nturning off the locking correctness validator.\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xec/0x156 lib/dump_stack.c:118\n assign_lock_key kernel/locking/lockdep.c:727 [inline]\n register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753\n __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303\n lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907\n __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]\n _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144\n spin_lock include/linux/spinlock.h:329 [inline]\n rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]\n rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493\n rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504\n __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149\n handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189\n handle_irq_event+0xac/0x140 kernel/irq/handle.c:206\n handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725\n generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]\n handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87\n do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247\n common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670\n \u003c/IRQ\u003e\nRIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61\nCode: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8\n8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 \u003c5d\u003e c3 90 90 90\n90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\nRSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde\nRAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200\nRBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840\nR10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002\nR13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000\n arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]\n default_idle+0x6f/0x360 arch/x86/kernel/process.c:557\n arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548\n default_idle_call+0x3b/0x60 kernel/sched/idle.c:93\n cpuidle_idle_call kernel/sched/idle.c:153 [inline]\n do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263\n cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369\n start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nRIP: 0010:readl arch/x86/include/asm/io.h:59 [inline]\nRIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline]\nRIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c:\n493\nCo\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:35:45.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be"
},
{
"url": "https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc"
},
{
"url": "https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1"
},
{
"url": "https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e"
},
{
"url": "https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e"
},
{
"url": "https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b"
},
{
"url": "https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7"
},
{
"url": "https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c"
}
],
"title": "serial: rp2: use \u0027request_firmware\u0027 instead of \u0027request_firmware_nowait\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47169",
"datePublished": "2024-03-25T09:16:21.589Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-12-18T11:35:45.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47167 (GCVE-0-2021-47167)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,
so that the structure reflects the fact that it is now empty.
Also change the test in nfs_pageio_do_add_request() to be more robust by
checking whether or not the list is empty rather than relying on the
value of pg_count.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
a7d42ddb3099727f58366fa006f850a219cce6c8 , < 1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e
(git)
Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < ee21cd3aa8548e0cbc8c67a80b62113aedd2d101 (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 15ac6f14787649e8ebd75c142e2c5d2a243c8490 (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 56517ab958b7c11030e626250c00b9b1a24b41eb (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:37.991848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:53.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "ee21cd3aa8548e0cbc8c67a80b62113aedd2d101",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "15ac6f14787649e8ebd75c142e2c5d2a243c8490",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "56517ab958b7c11030e626250c00b9b1a24b41eb",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix an Oopsable condition in __nfs_pageio_add_request()\n\nEnsure that nfs_pageio_error_cleanup() resets the mirror array contents,\nso that the structure reflects the fact that it is now empty.\nAlso change the test in nfs_pageio_do_add_request() to be more robust by\nchecking whether or not the list is empty rather than relying on the\nvalue of pg_count."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:26.825Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e"
},
{
"url": "https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101"
},
{
"url": "https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490"
},
{
"url": "https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb"
}
],
"title": "NFS: Fix an Oopsable condition in __nfs_pageio_add_request()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47167",
"datePublished": "2024-03-25T09:16:19.952Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:26.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47177 (GCVE-0-2021-47177)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
iommu/vt-d: Fix sysfs leak in alloc_iommu()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix sysfs leak in alloc_iommu()
iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent
errors.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
39ab9555c24110671f8dc671311a26e5c985b592 , < 22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8
(git)
Affected: 39ab9555c24110671f8dc671311a26e5c985b592 , < 2ec5e9bb6b0560c90d315559c28a99723c80b996 (git) Affected: 39ab9555c24110671f8dc671311a26e5c985b592 , < 044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 (git) Affected: 39ab9555c24110671f8dc671311a26e5c985b592 , < f01134321d04f47c718bb41b799bcdeda27873d2 (git) Affected: 39ab9555c24110671f8dc671311a26e5c985b592 , < ca466561eef36d1ec657673e3944eb6340bddb5b (git) Affected: 39ab9555c24110671f8dc671311a26e5c985b592 , < 0ee74d5a48635c848c20f152d0d488bf84641304 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:24.969003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
},
{
"lessThan": "2ec5e9bb6b0560c90d315559c28a99723c80b996",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
},
{
"lessThan": "044bbe8b92ab4e542de7f6c93c88ea65cccd8e29",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
},
{
"lessThan": "f01134321d04f47c718bb41b799bcdeda27873d2",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
},
{
"lessThan": "ca466561eef36d1ec657673e3944eb6340bddb5b",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
},
{
"lessThan": "0ee74d5a48635c848c20f152d0d488bf84641304",
"status": "affected",
"version": "39ab9555c24110671f8dc671311a26e5c985b592",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/intel/dmar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix sysfs leak in alloc_iommu()\n\niommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent\nerrors."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:42.586Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8"
},
{
"url": "https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996"
},
{
"url": "https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29"
},
{
"url": "https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2"
},
{
"url": "https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b"
},
{
"url": "https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304"
}
],
"title": "iommu/vt-d: Fix sysfs leak in alloc_iommu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47177",
"datePublished": "2024-03-25T09:16:27.371Z",
"dateReserved": "2024-03-25T09:12:14.112Z",
"dateUpdated": "2025-05-04T07:05:42.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47144 (GCVE-0-2021-47144)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-06-19 13:03
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-06-19T13:03:02.983Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47144",
"datePublished": "2024-03-25T09:07:41.691Z",
"dateRejected": "2025-06-19T13:03:02.983Z",
"dateReserved": "2024-03-04T18:12:48.844Z",
"dateUpdated": "2025-06-19T13:03:02.983Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47162 (GCVE-0-2021-47162)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 12:41
VLAI?
EPSS
Title
tipc: skb_linearize the head skb when reassembling msgs
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: skb_linearize the head skb when reassembling msgs
It's not a good idea to append the frag skb to a skb's frag_list if
the frag_list already has skbs from elsewhere, such as this skb was
created by pskb_copy() where the frag_list was cloned (all the skbs
in it were skb_get'ed) and shared by multiple skbs.
However, the new appended frag skb should have been only seen by the
current skb. Otherwise, it will cause use after free crashes as this
appended frag skb are seen by multiple skbs but it only got skb_get
called once.
The same thing happens with a skb updated by pskb_may_pull() with a
skb_cloned skb. Li Shuang has reported quite a few crashes caused
by this when doing testing over macvlan devices:
[] kernel BUG at net/core/skbuff.c:1970!
[] Call Trace:
[] skb_clone+0x4d/0xb0
[] macvlan_broadcast+0xd8/0x160 [macvlan]
[] macvlan_process_broadcast+0x148/0x150 [macvlan]
[] process_one_work+0x1a7/0x360
[] worker_thread+0x30/0x390
[] kernel BUG at mm/usercopy.c:102!
[] Call Trace:
[] __check_heap_object+0xd3/0x100
[] __check_object_size+0xff/0x16b
[] simple_copy_to_iter+0x1c/0x30
[] __skb_datagram_iter+0x7d/0x310
[] __skb_datagram_iter+0x2a5/0x310
[] skb_copy_datagram_iter+0x3b/0x90
[] tipc_recvmsg+0x14a/0x3a0 [tipc]
[] ____sys_recvmsg+0x91/0x150
[] ___sys_recvmsg+0x7b/0xc0
[] kernel BUG at mm/slub.c:305!
[] Call Trace:
[] <IRQ>
[] kmem_cache_free+0x3ff/0x400
[] __netif_receive_skb_core+0x12c/0xc40
[] ? kmem_cache_alloc+0x12e/0x270
[] netif_receive_skb_internal+0x3d/0xb0
[] ? get_rx_page_info+0x8e/0xa0 [be2net]
[] be_poll+0x6ef/0xd00 [be2net]
[] ? irq_exit+0x4f/0x100
[] net_rx_action+0x149/0x3b0
...
This patch is to fix it by linearizing the head skb if it has frag_list
set in tipc_buf_append(). Note that we choose to do this before calling
skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can
not just drop the frag_list either as the early time.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < b2c8d28c34b3070407cb1741f9ba3f15d0284b8b
(git)
Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < 5489f30bb78ff0dafb4229a69632afc2ba20765c (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < 436d650d374329a591c30339a91fa5078052ed1e (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < 4b1761898861117c97066aea6c58f68a7787f0bf (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < 64d17ec9f1ded042c4b188d15734f33486ed9966 (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < 6da24cfc83ba4f97ea44fc7ae9999a006101755c (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < ace300eecbccaa698e2b472843c74a5f33f7dce8 (git) Affected: 45c8b7b175ceb2d542e0fe15247377bf3bce29ec , < b7df21cf1b79ab7026f545e7bf837bd5750ac026 (git) Affected: d45ed6c1ff20d3640a31f03816ca2d48fb7d6f22 (git) Affected: c19282fd54a19e4651a4e67836cd842082546677 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:36:04.317335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:36:12.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "436d650d374329a591c30339a91fa5078052ed1e",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "4b1761898861117c97066aea6c58f68a7787f0bf",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "64d17ec9f1ded042c4b188d15734f33486ed9966",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"lessThan": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"status": "affected",
"version": "45c8b7b175ceb2d542e0fe15247377bf3bce29ec",
"versionType": "git"
},
{
"status": "affected",
"version": "d45ed6c1ff20d3640a31f03816ca2d48fb7d6f22",
"versionType": "git"
},
{
"status": "affected",
"version": "c19282fd54a19e4651a4e67836cd842082546677",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: skb_linearize the head skb when reassembling msgs\n\nIt\u0027s not a good idea to append the frag skb to a skb\u0027s frag_list if\nthe frag_list already has skbs from elsewhere, such as this skb was\ncreated by pskb_copy() where the frag_list was cloned (all the skbs\nin it were skb_get\u0027ed) and shared by multiple skbs.\n\nHowever, the new appended frag skb should have been only seen by the\ncurrent skb. Otherwise, it will cause use after free crashes as this\nappended frag skb are seen by multiple skbs but it only got skb_get\ncalled once.\n\nThe same thing happens with a skb updated by pskb_may_pull() with a\nskb_cloned skb. Li Shuang has reported quite a few crashes caused\nby this when doing testing over macvlan devices:\n\n [] kernel BUG at net/core/skbuff.c:1970!\n [] Call Trace:\n [] skb_clone+0x4d/0xb0\n [] macvlan_broadcast+0xd8/0x160 [macvlan]\n [] macvlan_process_broadcast+0x148/0x150 [macvlan]\n [] process_one_work+0x1a7/0x360\n [] worker_thread+0x30/0x390\n\n [] kernel BUG at mm/usercopy.c:102!\n [] Call Trace:\n [] __check_heap_object+0xd3/0x100\n [] __check_object_size+0xff/0x16b\n [] simple_copy_to_iter+0x1c/0x30\n [] __skb_datagram_iter+0x7d/0x310\n [] __skb_datagram_iter+0x2a5/0x310\n [] skb_copy_datagram_iter+0x3b/0x90\n [] tipc_recvmsg+0x14a/0x3a0 [tipc]\n [] ____sys_recvmsg+0x91/0x150\n [] ___sys_recvmsg+0x7b/0xc0\n\n [] kernel BUG at mm/slub.c:305!\n [] Call Trace:\n [] \u003cIRQ\u003e\n [] kmem_cache_free+0x3ff/0x400\n [] __netif_receive_skb_core+0x12c/0xc40\n [] ? kmem_cache_alloc+0x12e/0x270\n [] netif_receive_skb_internal+0x3d/0xb0\n [] ? get_rx_page_info+0x8e/0xa0 [be2net]\n [] be_poll+0x6ef/0xd00 [be2net]\n [] ? irq_exit+0x4f/0x100\n [] net_rx_action+0x149/0x3b0\n\n ...\n\nThis patch is to fix it by linearizing the head skb if it has frag_list\nset in tipc_buf_append(). Note that we choose to do this before calling\nskb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can\nnot just drop the frag_list either as the early time."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:09.415Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b"
},
{
"url": "https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c"
},
{
"url": "https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e"
},
{
"url": "https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf"
},
{
"url": "https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966"
},
{
"url": "https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c"
},
{
"url": "https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8"
},
{
"url": "https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026"
}
],
"title": "tipc: skb_linearize the head skb when reassembling msgs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47162",
"datePublished": "2024-03-25T09:16:15.857Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T12:41:09.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47166 (GCVE-0-2021-47166)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
The value of mirror->pg_bytes_written should only be updated after a
successful attempt to flush out the requests on the list.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
a7d42ddb3099727f58366fa006f850a219cce6c8 , < e8b8418ce14ae66ee55179901edd12191ab06a9e
(git)
Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < b291baae24f876acd5a5dd57d0bb2bbac8a68b0c (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < c757c1f1e65d89429db1409429436cf40d47c008 (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 40f139a6d50c232c0d1fd1c5e65a845c62db0ede (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 785917316b25685c9b3a2a88f933139f2de75e33 (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 7087db95c0a06ab201b8ebfac6a7ec1e34257997 (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 2fe1cac336b55a1f79e603e9ce3552c3623e90eb (git) Affected: a7d42ddb3099727f58366fa006f850a219cce6c8 , < 0d0ea309357dea0d85a82815f02157eb7fcda39f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:41.157060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:53.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8b8418ce14ae66ee55179901edd12191ab06a9e",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "b291baae24f876acd5a5dd57d0bb2bbac8a68b0c",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "c757c1f1e65d89429db1409429436cf40d47c008",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "40f139a6d50c232c0d1fd1c5e65a845c62db0ede",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "785917316b25685c9b3a2a88f933139f2de75e33",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "7087db95c0a06ab201b8ebfac6a7ec1e34257997",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "2fe1cac336b55a1f79e603e9ce3552c3623e90eb",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
},
{
"lessThan": "0d0ea309357dea0d85a82815f02157eb7fcda39f",
"status": "affected",
"version": "a7d42ddb3099727f58366fa006f850a219cce6c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Don\u0027t corrupt the value of pg_bytes_written in nfs_do_recoalesce()\n\nThe value of mirror-\u003epg_bytes_written should only be updated after a\nsuccessful attempt to flush out the requests on the list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:25.815Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e"
},
{
"url": "https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c"
},
{
"url": "https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008"
},
{
"url": "https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede"
},
{
"url": "https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33"
},
{
"url": "https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997"
},
{
"url": "https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb"
},
{
"url": "https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f"
}
],
"title": "NFS: Don\u0027t corrupt the value of pg_bytes_written in nfs_do_recoalesce()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47166",
"datePublished": "2024-03-25T09:16:19.133Z",
"dateReserved": "2024-03-25T09:12:14.110Z",
"dateUpdated": "2025-05-04T07:05:25.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47180 (GCVE-0-2021-47180)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
NFC: nci: fix memory leak in nci_allocate_device
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFC: nci: fix memory leak in nci_allocate_device
nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.
Fix this by freeing hci_dev in nci_free_device.
BUG: memory leak
unreferenced object 0xffff888111ea6800 (size 1024):
comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]
[<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]
[<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
[<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
[<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
[<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
[<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
[<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
[<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
[<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
[<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
[<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
[<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914
[<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
[<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109
[<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
[<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
[<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
[<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < 448a1cb12977f52142e6feb12022c59662d88dc1
(git)
Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < 4a621621c7af3cec21c47c349b30cd9c3cea11c8 (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < 2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < 0365701bc44e078682ee1224866a71897495c7ef (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < af2a4426baf71163c0c354580ae98c7888a9aba7 (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < b34cb7ac32cc8e5471dc773180ea9ae676b1a745 (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < 65234f50a90b64b335cbb9164b8a98c2a0d031dd (git) Affected: 11f54f228643d0248ec00ce8c9fb8d872f87e7b8 , < e0652f8bb44d6294eeeac06d703185357f25d50b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T13:48:55.834173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:05.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/nfc/nci_core.h",
"net/nfc/nci/core.c",
"net/nfc/nci/hci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "448a1cb12977f52142e6feb12022c59662d88dc1",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "4a621621c7af3cec21c47c349b30cd9c3cea11c8",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "2c2fb2df46ea866b49fea5ec7112ec3cd4896c74",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "0365701bc44e078682ee1224866a71897495c7ef",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "af2a4426baf71163c0c354580ae98c7888a9aba7",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "b34cb7ac32cc8e5471dc773180ea9ae676b1a745",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "65234f50a90b64b335cbb9164b8a98c2a0d031dd",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
},
{
"lessThan": "e0652f8bb44d6294eeeac06d703185357f25d50b",
"status": "affected",
"version": "11f54f228643d0248ec00ce8c9fb8d872f87e7b8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/nfc/nci_core.h",
"net/nfc/nci/core.c",
"net/nfc/nci/hci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.123",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.123",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.41",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: fix memory leak in nci_allocate_device\n\nnfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.\nFix this by freeing hci_dev in nci_free_device.\n\nBUG: memory leak\nunreferenced object 0xffff888111ea6800 (size 1024):\n comm \"kworker/1:0\", pid 19, jiffies 4294942308 (age 13.580s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`......\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000004bc25d43\u003e] kmalloc include/linux/slab.h:552 [inline]\n [\u003c000000004bc25d43\u003e] kzalloc include/linux/slab.h:682 [inline]\n [\u003c000000004bc25d43\u003e] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784\n [\u003c00000000c59cff92\u003e] nci_allocate_device net/nfc/nci/core.c:1170 [inline]\n [\u003c00000000c59cff92\u003e] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132\n [\u003c00000000006e0a8e\u003e] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153\n [\u003c000000004da1b57e\u003e] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345\n [\u003c00000000d506aed9\u003e] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n [\u003c00000000bc632c92\u003e] really_probe+0x159/0x4a0 drivers/base/dd.c:554\n [\u003c00000000f5009125\u003e] driver_probe_device+0x84/0x100 drivers/base/dd.c:740\n [\u003c000000000ce658ca\u003e] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846\n [\u003c000000007067d05f\u003e] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431\n [\u003c00000000f8e13372\u003e] __device_attach+0x122/0x250 drivers/base/dd.c:914\n [\u003c000000009cf68860\u003e] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491\n [\u003c00000000359c965a\u003e] device_add+0x5be/0xc30 drivers/base/core.c:3109\n [\u003c00000000086e4bd3\u003e] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164\n [\u003c00000000ca036872\u003e] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n [\u003c00000000d40d36f6\u003e] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n [\u003c00000000bc632c92\u003e] really_probe+0x159/0x4a0 drivers/base/dd.c:554"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:50.928Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1"
},
{
"url": "https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8"
},
{
"url": "https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74"
},
{
"url": "https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef"
},
{
"url": "https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7"
},
{
"url": "https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745"
},
{
"url": "https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd"
},
{
"url": "https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b"
}
],
"title": "NFC: nci: fix memory leak in nci_allocate_device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47180",
"datePublished": "2024-03-25T09:16:29.580Z",
"dateReserved": "2024-03-25T09:12:14.112Z",
"dateUpdated": "2025-05-04T07:05:50.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47161 (GCVE-0-2021-47161)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the
error handling path of the probe function, as already done in the remove
function
Severity ?
5.5 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
90ba37033cb94207e97c4ced9be575770438213b , < 10a089bae827ec30ad9b6cb7048020a62fae0cfa
(git)
Affected: 90ba37033cb94207e97c4ced9be575770438213b , < 00450ed03a17143e2433b461a656ef9cd17c2f1d (git) Affected: 90ba37033cb94207e97c4ced9be575770438213b , < 15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1 (git) Affected: 90ba37033cb94207e97c4ced9be575770438213b , < fe6921e3b8451a537e01c031b8212366bb386e3e (git) Affected: 90ba37033cb94207e97c4ced9be575770438213b , < 12391be4724acc9269e1845ccbd881df37de4b56 (git) Affected: 90ba37033cb94207e97c4ced9be575770438213b , < 680ec0549a055eb464dce6ffb4bfb736ef87236e (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T17:24:18.714532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:55:37.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-fsl-dspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10a089bae827ec30ad9b6cb7048020a62fae0cfa",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
},
{
"lessThan": "00450ed03a17143e2433b461a656ef9cd17c2f1d",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
},
{
"lessThan": "15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
},
{
"lessThan": "fe6921e3b8451a537e01c031b8212366bb386e3e",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
},
{
"lessThan": "12391be4724acc9269e1845ccbd881df37de4b56",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
},
{
"lessThan": "680ec0549a055eb464dce6ffb4bfb736ef87236e",
"status": "affected",
"version": "90ba37033cb94207e97c4ced9be575770438213b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-fsl-dspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.241",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.199",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix a resource leak in an error handling path\n\n\u0027dspi_request_dma()\u0027 should be undone by a \u0027dspi_release_dma()\u0027 call in the\nerror handling path of the probe function, as already done in the remove\nfunction"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:20.166Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa"
},
{
"url": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d"
},
{
"url": "https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1"
},
{
"url": "https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e"
},
{
"url": "https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56"
},
{
"url": "https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e"
}
],
"title": "spi: spi-fsl-dspi: Fix a resource leak in an error handling path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47161",
"datePublished": "2024-03-25T09:16:15.132Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:20.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47171 (GCVE-0-2021-47171)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net: usb: fix memory leak in smsc75xx_bind
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: fix memory leak in smsc75xx_bind
Syzbot reported memory leak in smsc75xx_bind().
The problem was is non-freed memory in case of
errors after memory allocation.
backtrace:
[<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]
[<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]
[<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460
[<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d0cad871703b898a442e4049c532ec39168e5b57 , < 200dbfcad8011e50c3cec269ed7b980836eeb1fa
(git)
Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 22c840596af0c09068b6cf948616e6496e59e07f (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 9e6a3eccb28779710cbbafc4f4258d92509c6d07 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < b95fb96e6339e34694dd578fb6bde3575b01af17 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 635ac38b36255d3cfb8312cf7c471334f4d537e0 (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 70c886ac93f87ae7214a0c69151a28a8075dd95b (git) Affected: d0cad871703b898a442e4049c532ec39168e5b57 , < 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:28.610486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/smsc75xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "200dbfcad8011e50c3cec269ed7b980836eeb1fa",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "22c840596af0c09068b6cf948616e6496e59e07f",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "9e6a3eccb28779710cbbafc4f4258d92509c6d07",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "b95fb96e6339e34694dd578fb6bde3575b01af17",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "635ac38b36255d3cfb8312cf7c471334f4d537e0",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "70c886ac93f87ae7214a0c69151a28a8075dd95b",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
},
{
"lessThan": "46a8b29c6306d8bbfd92b614ef65a47c900d8e70",
"status": "affected",
"version": "d0cad871703b898a442e4049c532ec39168e5b57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/smsc75xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n [\u003cffffffff84245b62\u003e] kmalloc include/linux/slab.h:556 [inline]\n [\u003cffffffff84245b62\u003e] kzalloc include/linux/slab.h:686 [inline]\n [\u003cffffffff84245b62\u003e] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n [\u003cffffffff82b5b2e6\u003e] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:36.166Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa"
},
{
"url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f"
},
{
"url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc"
},
{
"url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07"
},
{
"url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17"
},
{
"url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0"
},
{
"url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b"
},
{
"url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70"
}
],
"title": "net: usb: fix memory leak in smsc75xx_bind",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47171",
"datePublished": "2024-03-25T09:16:22.993Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:36.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47151 (GCVE-0-2021-47151)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
interconnect: qcom: bcm-voter: add a missing of_node_put()
Summary
In the Linux kernel, the following vulnerability has been resolved:
interconnect: qcom: bcm-voter: add a missing of_node_put()
Add a missing of_node_put() in of_bcm_voter_get() to avoid the
reference leak.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
976daac4a1c581e5d5fd64047519fd6fcde39738 , < 4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae
(git)
Affected: 976daac4a1c581e5d5fd64047519fd6fcde39738 , < 93d1dbe7043b3c9492bdf396b2e98a008435b55b (git) Affected: 976daac4a1c581e5d5fd64047519fd6fcde39738 , < a00593737f8bac2c9e97b696e7ff84a4446653e8 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T18:17:17.412413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:54.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93d1dbe7043b3c9492bdf396b2e98a008435b55b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a00593737f8bac2c9e97b696e7ff84a4446653e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/interconnect/qcom/bcm-voter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae",
"status": "affected",
"version": "976daac4a1c581e5d5fd64047519fd6fcde39738",
"versionType": "git"
},
{
"lessThan": "93d1dbe7043b3c9492bdf396b2e98a008435b55b",
"status": "affected",
"version": "976daac4a1c581e5d5fd64047519fd6fcde39738",
"versionType": "git"
},
{
"lessThan": "a00593737f8bac2c9e97b696e7ff84a4446653e8",
"status": "affected",
"version": "976daac4a1c581e5d5fd64047519fd6fcde39738",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/interconnect/qcom/bcm-voter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: bcm-voter: add a missing of_node_put()\n\nAdd a missing of_node_put() in of_bcm_voter_get() to avoid the\nreference leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:13.146Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae"
},
{
"url": "https://git.kernel.org/stable/c/93d1dbe7043b3c9492bdf396b2e98a008435b55b"
},
{
"url": "https://git.kernel.org/stable/c/a00593737f8bac2c9e97b696e7ff84a4446653e8"
}
],
"title": "interconnect: qcom: bcm-voter: add a missing of_node_put()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47151",
"datePublished": "2024-03-25T09:07:46.508Z",
"dateReserved": "2024-03-04T18:12:48.846Z",
"dateUpdated": "2025-05-04T07:05:13.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47150 (GCVE-0-2021-47150)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net: fec: fix the potential memory leak in fec_enet_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fec: fix the potential memory leak in fec_enet_init()
If the memory allocated for cbd_base is failed, it should
free the memory allocated for the queues, otherwise it causes
memory leak.
And if the memory allocated for the queues is failed, it can
return error directly.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
59d0f746564495c7f54526674deabfcf101236a1 , < 15102886bc8f5f29daaadf2d925591d564c17e9f
(git)
Affected: 59d0f746564495c7f54526674deabfcf101236a1 , < 20255d41ac560397b6a07d8d87dcc5e2efc7672a (git) Affected: 59d0f746564495c7f54526674deabfcf101236a1 , < 8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd (git) Affected: 59d0f746564495c7f54526674deabfcf101236a1 , < 32a1777fd113335c3f70dc445dffee0ad1c6870f (git) Affected: 59d0f746564495c7f54526674deabfcf101236a1 , < 619fee9eb13b5d29e4267cb394645608088c28a8 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T18:23:57.615940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:24.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15102886bc8f5f29daaadf2d925591d564c17e9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20255d41ac560397b6a07d8d87dcc5e2efc7672a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32a1777fd113335c3f70dc445dffee0ad1c6870f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/619fee9eb13b5d29e4267cb394645608088c28a8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15102886bc8f5f29daaadf2d925591d564c17e9f",
"status": "affected",
"version": "59d0f746564495c7f54526674deabfcf101236a1",
"versionType": "git"
},
{
"lessThan": "20255d41ac560397b6a07d8d87dcc5e2efc7672a",
"status": "affected",
"version": "59d0f746564495c7f54526674deabfcf101236a1",
"versionType": "git"
},
{
"lessThan": "8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd",
"status": "affected",
"version": "59d0f746564495c7f54526674deabfcf101236a1",
"versionType": "git"
},
{
"lessThan": "32a1777fd113335c3f70dc445dffee0ad1c6870f",
"status": "affected",
"version": "59d0f746564495c7f54526674deabfcf101236a1",
"versionType": "git"
},
{
"lessThan": "619fee9eb13b5d29e4267cb394645608088c28a8",
"status": "affected",
"version": "59d0f746564495c7f54526674deabfcf101236a1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: fix the potential memory leak in fec_enet_init()\n\nIf the memory allocated for cbd_base is failed, it should\nfree the memory allocated for the queues, otherwise it causes\nmemory leak.\n\nAnd if the memory allocated for the queues is failed, it can\nreturn error directly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:11.743Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15102886bc8f5f29daaadf2d925591d564c17e9f"
},
{
"url": "https://git.kernel.org/stable/c/20255d41ac560397b6a07d8d87dcc5e2efc7672a"
},
{
"url": "https://git.kernel.org/stable/c/8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd"
},
{
"url": "https://git.kernel.org/stable/c/32a1777fd113335c3f70dc445dffee0ad1c6870f"
},
{
"url": "https://git.kernel.org/stable/c/619fee9eb13b5d29e4267cb394645608088c28a8"
}
],
"title": "net: fec: fix the potential memory leak in fec_enet_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47150",
"datePublished": "2024-03-25T09:07:45.875Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-05-04T07:05:11.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47159 (GCVE-0-2021-47159)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
net: dsa: fix a crash if ->get_sset_count() fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix a crash if ->get_sset_count() fails
If ds->ops->get_sset_count() fails then it "count" is a negative error
code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative
error code is type promoted to a very high value and the loop will
corrupt memory until the system crashes.
Fix this by checking for error codes and changing the type of "i" to
just int.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
badf3ada60ab8f76f9488dc8f5c0c57f70682f5a , < 0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37
(git)
Affected: badf3ada60ab8f76f9488dc8f5c0c57f70682f5a , < ce5355f140a7987011388c7e30c4f8fbe180d3e8 (git) Affected: badf3ada60ab8f76f9488dc8f5c0c57f70682f5a , < caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6 (git) Affected: badf3ada60ab8f76f9488dc8f5c0c57f70682f5a , < 7b22466648a4f8e3e94f57ca428d1531866d1373 (git) Affected: badf3ada60ab8f76f9488dc8f5c0c57f70682f5a , < a269333fa5c0c8e53c92b5a28a6076a28cde3e83 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:54:44.376467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:54.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/dsa/master.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37",
"status": "affected",
"version": "badf3ada60ab8f76f9488dc8f5c0c57f70682f5a",
"versionType": "git"
},
{
"lessThan": "ce5355f140a7987011388c7e30c4f8fbe180d3e8",
"status": "affected",
"version": "badf3ada60ab8f76f9488dc8f5c0c57f70682f5a",
"versionType": "git"
},
{
"lessThan": "caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6",
"status": "affected",
"version": "badf3ada60ab8f76f9488dc8f5c0c57f70682f5a",
"versionType": "git"
},
{
"lessThan": "7b22466648a4f8e3e94f57ca428d1531866d1373",
"status": "affected",
"version": "badf3ada60ab8f76f9488dc8f5c0c57f70682f5a",
"versionType": "git"
},
{
"lessThan": "a269333fa5c0c8e53c92b5a28a6076a28cde3e83",
"status": "affected",
"version": "badf3ada60ab8f76f9488dc8f5c0c57f70682f5a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/dsa/master.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix a crash if -\u003eget_sset_count() fails\n\nIf ds-\u003eops-\u003eget_sset_count() fails then it \"count\" is a negative error\ncode such as -EOPNOTSUPP. Because \"i\" is an unsigned int, the negative\nerror code is type promoted to a very high value and the loop will\ncorrupt memory until the system crashes.\n\nFix this by checking for error codes and changing the type of \"i\" to\njust int."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:17.593Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37"
},
{
"url": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8"
},
{
"url": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6"
},
{
"url": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373"
},
{
"url": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83"
}
],
"title": "net: dsa: fix a crash if -\u003eget_sset_count() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47159",
"datePublished": "2024-03-25T09:16:13.815Z",
"dateReserved": "2024-03-25T09:12:14.109Z",
"dateUpdated": "2025-05-04T07:05:17.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47174 (GCVE-0-2021-47174)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05
VLAI?
EPSS
Title
netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
Arturo reported this backtrace:
[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0
[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod
[709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common
[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1
[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020
[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0
[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb
[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202
[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001
[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003
[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462
[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960
[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660
[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000
[709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0
[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[709732.359003] PKRU: 55555554
[709732.359005] Call Trace:
[709732.359009] <IRQ>
[709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables]
[709732.359046] ? sched_clock+0x5/0x10
[709732.359054] ? sched_clock_cpu+0xc/0xb0
[709732.359061] ? record_times+0x16/0x80
[709732.359068] ? plist_add+0xc1/0x100
[709732.359073] ? psi_group_change+0x47/0x230
[709732.359079] ? skb_clone+0x4d/0xb0
[709732.359085] ? enqueue_task_rt+0x22b/0x310
[709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en]
[709732.359102] ? packet_rcv+0x40/0x4a0
[709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables]
[709732.359133] nft_do_chain+0x350/0x500 [nf_tables]
[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables]
[709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables]
[709732.359172] ? fib4_rule_action+0x6d/0x80
[709732.359178] ? fib_rules_lookup+0x107/0x250
[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat]
[709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat]
[709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat]
[709732.359207] nf_hook_slow+0x44/0xc0
[709732.359214] ip_output+0xd2/0x100
[709732.359221] ? __ip_finish_output+0x210/0x210
[709732.359226] ip_forward+0x37d/0x4a0
[709732.359232] ? ip4_key_hashfn+0xb0/0xb0
[709732.359238] ip_subli
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7400b063969bdca4a06cd97f1294d765c8eecbe1 , < b1f45a26bd322525c14edd9504f6d46dfad679a4
(git)
Affected: 7400b063969bdca4a06cd97f1294d765c8eecbe1 , < 727a2b4fc951ee69847d4904d98961856ea9fbe6 (git) Affected: 7400b063969bdca4a06cd97f1294d765c8eecbe1 , < f0b3d338064e1fe7531f0d2977e35f3b334abfb4 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:42:11.415167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:26.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c",
"net/netfilter/nft_set_pipapo.h",
"net/netfilter/nft_set_pipapo_avx2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b1f45a26bd322525c14edd9504f6d46dfad679a4",
"status": "affected",
"version": "7400b063969bdca4a06cd97f1294d765c8eecbe1",
"versionType": "git"
},
{
"lessThan": "727a2b4fc951ee69847d4904d98961856ea9fbe6",
"status": "affected",
"version": "7400b063969bdca4a06cd97f1294d765c8eecbe1",
"versionType": "git"
},
{
"lessThan": "f0b3d338064e1fe7531f0d2977e35f3b334abfb4",
"status": "affected",
"version": "7400b063969bdca4a06cd97f1294d765c8eecbe1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c",
"net/netfilter/nft_set_pipapo.h",
"net/netfilter/nft_set_pipapo_avx2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version\n\nArturo reported this backtrace:\n\n[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0\n[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod\n[709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common\n[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1\n[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020\n[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0\n[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 \u003c0f\u003e 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb\n[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202\n[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001\n[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003\n[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462\n[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960\n[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660\n[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000\n[709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0\n[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[709732.359003] PKRU: 55555554\n[709732.359005] Call Trace:\n[709732.359009] \u003cIRQ\u003e\n[709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables]\n[709732.359046] ? sched_clock+0x5/0x10\n[709732.359054] ? sched_clock_cpu+0xc/0xb0\n[709732.359061] ? record_times+0x16/0x80\n[709732.359068] ? plist_add+0xc1/0x100\n[709732.359073] ? psi_group_change+0x47/0x230\n[709732.359079] ? skb_clone+0x4d/0xb0\n[709732.359085] ? enqueue_task_rt+0x22b/0x310\n[709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en]\n[709732.359102] ? packet_rcv+0x40/0x4a0\n[709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359133] nft_do_chain+0x350/0x500 [nf_tables]\n[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables]\n[709732.359172] ? fib4_rule_action+0x6d/0x80\n[709732.359178] ? fib_rules_lookup+0x107/0x250\n[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat]\n[709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat]\n[709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat]\n[709732.359207] nf_hook_slow+0x44/0xc0\n[709732.359214] ip_output+0xd2/0x100\n[709732.359221] ? __ip_finish_output+0x210/0x210\n[709732.359226] ip_forward+0x37d/0x4a0\n[709732.359232] ? ip4_key_hashfn+0xb0/0xb0\n[709732.359238] ip_subli\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:05:39.300Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4"
},
{
"url": "https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6"
},
{
"url": "https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4"
}
],
"title": "netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47174",
"datePublished": "2024-03-25T09:16:25.273Z",
"dateReserved": "2024-03-25T09:12:14.111Z",
"dateUpdated": "2025-05-04T07:05:39.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47165 (GCVE-0-2021-47165)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 12:41
VLAI?
EPSS
Title
drm/meson: fix shutdown crash when component not probed
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/meson: fix shutdown crash when component not probed
When main component is not probed, by example when the dw-hdmi module is
not loaded yet or in probe defer, the following crash appears on shutdown:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038
...
pc : meson_drv_shutdown+0x24/0x50
lr : platform_drv_shutdown+0x20/0x30
...
Call trace:
meson_drv_shutdown+0x24/0x50
platform_drv_shutdown+0x20/0x30
device_shutdown+0x158/0x360
kernel_restart_prepare+0x38/0x48
kernel_restart+0x18/0x68
__do_sys_reboot+0x224/0x250
__arm64_sys_reboot+0x24/0x30
...
Simply check if the priv struct has been allocated before using it.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8a5160cc8488776ddc48ea045860dab015f47390 , < b4298d33c1fcce511ffe84d8d3de07e220300f9b
(git)
Affected: 8fbbf2b3849419e31731902d7478b0c934732632 , < e256a0eb43e17209e347409a80805b1659398d68 (git) Affected: d2100ef32a8cfd024bad94f4fbc5e53d40d2b3da , < 4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0 (git) Affected: d4ec1ffbdaa8939a208656e9c1440742c457ef16 , < d66083c0d6f5125a4d982aa177dd71ab4cd3d212 (git) Affected: fa0c16caf3d73ab4d2e5d6fa2ef2394dbec91791 , < b4b91033a0b11fe9ade58156cd9168f89f4a8c1a (git) Affected: fa0c16caf3d73ab4d2e5d6fa2ef2394dbec91791 , < 7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 (git) Affected: cef14d5d92f14a6e282c3216c2da63e05f14758a (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T18:15:28.552428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:35.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:40.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b1659398d68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d66083c0d6f5125a4d982aa177dd71ab4cd3d212"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4b91033a0b11fe9ade58156cd9168f89f4a8c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/meson/meson_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4298d33c1fcce511ffe84d8d3de07e220300f9b",
"status": "affected",
"version": "8a5160cc8488776ddc48ea045860dab015f47390",
"versionType": "git"
},
{
"lessThan": "e256a0eb43e17209e347409a80805b1659398d68",
"status": "affected",
"version": "8fbbf2b3849419e31731902d7478b0c934732632",
"versionType": "git"
},
{
"lessThan": "4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0",
"status": "affected",
"version": "d2100ef32a8cfd024bad94f4fbc5e53d40d2b3da",
"versionType": "git"
},
{
"lessThan": "d66083c0d6f5125a4d982aa177dd71ab4cd3d212",
"status": "affected",
"version": "d4ec1ffbdaa8939a208656e9c1440742c457ef16",
"versionType": "git"
},
{
"lessThan": "b4b91033a0b11fe9ade58156cd9168f89f4a8c1a",
"status": "affected",
"version": "fa0c16caf3d73ab4d2e5d6fa2ef2394dbec91791",
"versionType": "git"
},
{
"lessThan": "7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2",
"status": "affected",
"version": "fa0c16caf3d73ab4d2e5d6fa2ef2394dbec91791",
"versionType": "git"
},
{
"status": "affected",
"version": "cef14d5d92f14a6e282c3216c2da63e05f14758a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/meson/meson_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.14.226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.19.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.4.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.10.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: fix shutdown crash when component not probed\n\nWhen main component is not probed, by example when the dw-hdmi module is\nnot loaded yet or in probe defer, the following crash appears on shutdown:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\n...\npc : meson_drv_shutdown+0x24/0x50\nlr : platform_drv_shutdown+0x20/0x30\n...\nCall trace:\nmeson_drv_shutdown+0x24/0x50\nplatform_drv_shutdown+0x20/0x30\ndevice_shutdown+0x158/0x360\nkernel_restart_prepare+0x38/0x48\nkernel_restart+0x18/0x68\n__do_sys_reboot+0x224/0x250\n__arm64_sys_reboot+0x24/0x30\n...\n\nSimply check if the priv struct has been allocated before using it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:10.703Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b"
},
{
"url": "https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b1659398d68"
},
{
"url": "https://git.kernel.org/stable/c/4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0"
},
{
"url": "https://git.kernel.org/stable/c/d66083c0d6f5125a4d982aa177dd71ab4cd3d212"
},
{
"url": "https://git.kernel.org/stable/c/b4b91033a0b11fe9ade58156cd9168f89f4a8c1a"
},
{
"url": "https://git.kernel.org/stable/c/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2"
}
],
"title": "drm/meson: fix shutdown crash when component not probed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47165",
"datePublished": "2024-03-25T09:16:18.321Z",
"dateReserved": "2024-03-25T09:12:14.110Z",
"dateUpdated": "2025-05-04T12:41:10.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47137 (GCVE-0-2021-47137)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:04
VLAI?
EPSS
Title
net: lantiq: fix memory corruption in RX ring
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: lantiq: fix memory corruption in RX ring
In a situation where memory allocation or dma mapping fails, an
invalid address is programmed into the descriptor. This can lead
to memory corruption. If the memory allocation fails, DMA should
reuse the previous skb and mapping and drop the packet. This patch
also increments rx drop counter.
Severity ?
7.8 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
fe1a56420cf2ec28c8eceef672b87de0bbe1a260 , < 8bb1077448d43a871ed667520763e3b9f9b7975d
(git)
Affected: fe1a56420cf2ec28c8eceef672b87de0bbe1a260 , < 5ac72351655f8b033a2935646f53b7465c903418 (git) Affected: fe1a56420cf2ec28c8eceef672b87de0bbe1a260 , < 46dd4abced3cb2c912916f4a5353e0927db0c4a2 (git) Affected: fe1a56420cf2ec28c8eceef672b87de0bbe1a260 , < c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 (git) |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8bb1077448d4",
"status": "affected",
"version": "fe1a56420cf2",
"versionType": "git"
},
{
"lessThan": "5ac72351655f",
"status": "affected",
"version": "fe1a56420cf2",
"versionType": "git"
},
{
"lessThan": "46dd4abced3c",
"status": "affected",
"version": "fe1a56420cf2",
"versionType": "git"
},
{
"lessThan": "c7718ee96dbc",
"status": "affected",
"version": "fe1a56420cf2",
"versionType": "git"
},
{
"status": "affected",
"version": "4.20"
},
{
"lessThanOrEqual": "4.20",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4*",
"status": "affected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10*",
"status": "affected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12*",
"status": "affected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "5.13",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T17:15:32.931685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:22:44.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/lantiq_xrx200.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8bb1077448d43a871ed667520763e3b9f9b7975d",
"status": "affected",
"version": "fe1a56420cf2ec28c8eceef672b87de0bbe1a260",
"versionType": "git"
},
{
"lessThan": "5ac72351655f8b033a2935646f53b7465c903418",
"status": "affected",
"version": "fe1a56420cf2ec28c8eceef672b87de0bbe1a260",
"versionType": "git"
},
{
"lessThan": "46dd4abced3cb2c912916f4a5353e0927db0c4a2",
"status": "affected",
"version": "fe1a56420cf2ec28c8eceef672b87de0bbe1a260",
"versionType": "git"
},
{
"lessThan": "c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20",
"status": "affected",
"version": "fe1a56420cf2ec28c8eceef672b87de0bbe1a260",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/lantiq_xrx200.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq: fix memory corruption in RX ring\n\nIn a situation where memory allocation or dma mapping fails, an\ninvalid address is programmed into the descriptor. This can lead\nto memory corruption. If the memory allocation fails, DMA should\nreuse the previous skb and mapping and drop the packet. This patch\nalso increments rx drop counter."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:04:51.760Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d"
},
{
"url": "https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418"
},
{
"url": "https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2"
},
{
"url": "https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20"
}
],
"title": "net: lantiq: fix memory corruption in RX ring",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47137",
"datePublished": "2024-03-25T09:07:36.778Z",
"dateReserved": "2024-03-04T18:12:48.841Z",
"dateUpdated": "2025-05-04T07:04:51.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47179 (GCVE-0-2021-47179)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 12:41
VLAI?
EPSS
Title
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
Commit de144ff4234f changes _pnfs_return_layout() to call
pnfs_mark_matching_lsegs_return() passing NULL as the struct
pnfs_layout_range argument. Unfortunately,
pnfs_mark_matching_lsegs_return() doesn't check if we have a value here
before dereferencing it, causing an oops.
I'm able to hit this crash consistently when running connectathon basic
tests on NFS v4.1/v4.2 against Ontap.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
80e34f4957ec3010c85f9bb0b568a8d46acdf535 , < 4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42
(git)
Affected: 7b7b9774643220e53eef58c15bb29bd4182fe053 , < 42637ca25c7d7b5a92804a679af5192e8c1a9f48 (git) Affected: 9ffa7967f9379a0a1b924e9ffeda709d72237da7 , < 39785761feadf261bc5101372b0b0bbaf6a94494 (git) Affected: 6be0e4b59314e4a836495f6ffdc5d2c5b079deeb , < aba3c7795f51717ae316f3566442dee7cc3eeccb (git) Affected: 2fafe7d5047f98791afd9a1d90d2afb70debc590 , < f9890652185b72b8de9ebeb4406037640b6e1b53 (git) Affected: 7e65ea887d0c0997f3053acd91a027af45e71c5b , < b090d110e66636bca473fd8b98d5c97b555a965a (git) Affected: de144ff4234f935bd2150108019b5d87a90a8a96 , < a421d218603ffa822a0b8045055c03eae394a7eb (git) Affected: 96260bde1ea8ae31a5402fe506abbb8951d5a42c (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T15:17:57.286141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:16.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/pnfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42",
"status": "affected",
"version": "80e34f4957ec3010c85f9bb0b568a8d46acdf535",
"versionType": "git"
},
{
"lessThan": "42637ca25c7d7b5a92804a679af5192e8c1a9f48",
"status": "affected",
"version": "7b7b9774643220e53eef58c15bb29bd4182fe053",
"versionType": "git"
},
{
"lessThan": "39785761feadf261bc5101372b0b0bbaf6a94494",
"status": "affected",
"version": "9ffa7967f9379a0a1b924e9ffeda709d72237da7",
"versionType": "git"
},
{
"lessThan": "aba3c7795f51717ae316f3566442dee7cc3eeccb",
"status": "affected",
"version": "6be0e4b59314e4a836495f6ffdc5d2c5b079deeb",
"versionType": "git"
},
{
"lessThan": "f9890652185b72b8de9ebeb4406037640b6e1b53",
"status": "affected",
"version": "2fafe7d5047f98791afd9a1d90d2afb70debc590",
"versionType": "git"
},
{
"lessThan": "b090d110e66636bca473fd8b98d5c97b555a965a",
"status": "affected",
"version": "7e65ea887d0c0997f3053acd91a027af45e71c5b",
"versionType": "git"
},
{
"lessThan": "a421d218603ffa822a0b8045055c03eae394a7eb",
"status": "affected",
"version": "de144ff4234f935bd2150108019b5d87a90a8a96",
"versionType": "git"
},
{
"status": "affected",
"version": "96260bde1ea8ae31a5402fe506abbb8951d5a42c",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/pnfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.9.271",
"status": "affected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThan": "4.14.235",
"status": "affected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThan": "4.19.193",
"status": "affected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThan": "5.4.124",
"status": "affected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThan": "5.10.42",
"status": "affected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThan": "5.12.9",
"status": "affected",
"version": "5.12.3",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.9.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.14.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.19.191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.4.118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.10.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()\n\nCommit de144ff4234f changes _pnfs_return_layout() to call\npnfs_mark_matching_lsegs_return() passing NULL as the struct\npnfs_layout_range argument. Unfortunately,\npnfs_mark_matching_lsegs_return() doesn\u0027t check if we have a value here\nbefore dereferencing it, causing an oops.\n\nI\u0027m able to hit this crash consistently when running connectathon basic\ntests on NFS v4.1/v4.2 against Ontap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:11.823Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42"
},
{
"url": "https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48"
},
{
"url": "https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494"
},
{
"url": "https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb"
},
{
"url": "https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53"
},
{
"url": "https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a"
},
{
"url": "https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb"
}
],
"title": "NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47179",
"datePublished": "2024-03-25T09:16:28.787Z",
"dateReserved": "2024-03-25T09:12:14.112Z",
"dateUpdated": "2025-05-04T12:41:11.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47147 (GCVE-0-2021-47147)
Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-12-10 07:09
VLAI?
EPSS
Title
ptp: ocp: Fix a resource leak in an error handling path
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptp: ocp: Fix a resource leak in an error handling path
If an error occurs after a successful 'pci_ioremap_bar()' call, it must be
undone by a corresponding 'pci_iounmap()' call, as already done in the
remove function.
Severity ?
6.2 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T17:17:52.408774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:26:17.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e38e702f1152479e6afac34f151dbfd99417f99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_ocp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0e38e702f1152479e6afac34f151dbfd99417f99",
"status": "affected",
"version": "a7e1abad13f3f0366ee625831fecda2b603cdc17",
"versionType": "git"
},
{
"lessThan": "9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4",
"status": "affected",
"version": "a7e1abad13f3f0366ee625831fecda2b603cdc17",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ptp/ptp_ocp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Fix a resource leak in an error handling path\n\nIf an error occurs after a successful \u0027pci_ioremap_bar()\u0027 call, it must be\nundone by a corresponding \u0027pci_iounmap()\u0027 call, as already done in the\nremove function."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T07:09:27.664Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e38e702f1152479e6afac34f151dbfd99417f99"
},
{
"url": "https://git.kernel.org/stable/c/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4"
}
],
"title": "ptp: ocp: Fix a resource leak in an error handling path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47147",
"datePublished": "2024-03-25T09:07:43.750Z",
"dateReserved": "2024-03-04T18:12:48.845Z",
"dateUpdated": "2025-12-10T07:09:27.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…