Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-1235
Vulnerability from csaf_certbund
Published
2024-05-26 22:00
Modified
2024-07-23 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder unspezifische Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder unspezifische Angriffe durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1235 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1235.json" }, { "category": "self", "summary": "WID-SEC-2024-1235 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1235" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47499 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052447-CVE-2021-47499-bf2e@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47500 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052450-CVE-2021-47500-3c02@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47501 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052450-CVE-2021-47501-e183@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47502 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47502-8650@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47503 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47503-b1c2@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47504 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47504-2a5d@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47505 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47505-427f@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47506 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47506-c143@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47507 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47507-e722@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47508 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47508-1a19@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47509 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052429-CVE-2021-47509-a210@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47510 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052430-CVE-2021-47510-7c3f@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47511 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052430-CVE-2021-47511-7bec@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47512 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052430-CVE-2021-47512-4d70@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47513 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052430-CVE-2021-47513-c6d0@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47514 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052431-CVE-2021-47514-9975@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47515 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052431-CVE-2021-47515-5c06@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47516 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052431-CVE-2021-47516-29dd@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47517 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052432-CVE-2021-47517-df40@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47518 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052432-CVE-2021-47518-632d@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47519 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052432-CVE-2021-47519-ed69@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47520 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47520-af45@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47521 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47521-8637@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47522 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47522-ad59@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47523 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052433-CVE-2021-47523-6f3a@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47524 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052434-CVE-2021-47524-7fd0@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47525 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052434-CVE-2021-47525-2b58@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47526 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052434-CVE-2021-47526-7f02@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47527 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052435-CVE-2021-47527-e6f5@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47528 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052435-CVE-2021-47528-da4e@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47529 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052435-CVE-2021-47529-a476@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47530 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052436-CVE-2021-47530-08d5@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47531 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052436-CVE-2021-47531-3ab6@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47532 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052436-CVE-2021-47532-9eaf@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47533 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052436-CVE-2021-47533-a03a@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47534 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052437-CVE-2021-47534-ef5f@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47535 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052437-CVE-2021-47535-41d3@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47536 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052437-CVE-2021-47536-fa00@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47537 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052438-CVE-2021-47537-015c@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47538 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052438-CVE-2021-47538-5639@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47539 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052438-CVE-2021-47539-f0a6@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47540 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052439-CVE-2021-47540-3bea@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47541 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052439-CVE-2021-47541-c3da@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47542 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052439-CVE-2021-47542-125d@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47543 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052439-CVE-2021-47543-a01a@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47544 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052440-CVE-2021-47544-ceb5@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47545 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052440-CVE-2021-47545-0f72@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47546 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052440-CVE-2021-47546-f25b@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47547 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052441-CVE-2021-47547-f3e7@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47548 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052441-CVE-2021-47548-e9c0@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47549 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052441-CVE-2021-47549-5aac@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47550 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052442-CVE-2021-47550-a5e1@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47551 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052442-CVE-2021-47551-0318@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47552 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052442-CVE-2021-47552-99f3@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47553 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052442-CVE-2021-47553-1026@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47554 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052443-CVE-2021-47554-f8a6@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47555 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052443-CVE-2021-47555-3043@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47556 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052443-CVE-2021-47556-558e@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47557 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052444-CVE-2021-47557-bc88@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47558 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052444-CVE-2021-47558-d713@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47559 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052450-CVE-2021-47559-9909@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47560 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47560-4a52@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47561 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47561-4a07@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47562 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052451-CVE-2021-47562-52ec@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47563 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47563-008a@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47564 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47564-2e3b@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47565 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052452-CVE-2021-47565-5f60@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47566 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47566-12b8@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47567 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47567-b955@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47568 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47568-bf15@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47569 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052453-CVE-2021-47569-2d3a@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47570 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052454-CVE-2021-47570-573d@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47571 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052454-CVE-2021-47571-05b5@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2021-47572 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052454-CVE-2021-47572-50bc@gregkh/T/" }, { "category": "external", "summary": "Linux CVE Announcement CVE-2023-52880 vom 2024-05-26", "url": "https://lore.kernel.org/linux-cve-announce/2024052422-CVE-2023-52880-d2ff@gregkh/T/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1978-1 vom 2024-06-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018686.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2011-1 vom 2024-06-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018710.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2010-1 vom 2024-06-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018711.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2183-1 vom 2024-06-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018808.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2185-1 vom 2024-06-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018809.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2189-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018811.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2365-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018897.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2362-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018905.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2385-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018920.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2384-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018921.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4533 vom 2024-07-15", "url": "https://access.redhat.com/errata/RHSA-2024:4533" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-1 vom 2024-07-12", "url": "https://ubuntu.com/security/notices/USN-6896-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-1 vom 2024-07-12", "url": "https://ubuntu.com/security/notices/USN-6895-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-1 vom 2024-07-15", "url": "https://ubuntu.com/security/notices/USN-6898-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4554 vom 2024-07-16", "url": "https://access.redhat.com/errata/RHSA-2024:4554" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-2 vom 2024-07-16", "url": "https://ubuntu.com/security/notices/USN-6895-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2495-1 vom 2024-07-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018982.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4583 vom 2024-07-17", "url": "https://access.redhat.com/errata/RHSA-2024:4583" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-2 vom 2024-07-16", "url": "https://ubuntu.com/security/notices/USN-6896-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6900-1 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6900-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-2 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6898-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-3 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6896-3" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4583 vom 2024-07-19", "url": "https://linux.oracle.com/errata/ELSA-2024-4583.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-3 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6895-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-3 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6898-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-4 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6896-4" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-5 vom 2024-07-23", "url": "https://ubuntu.com/security/notices/USN-6896-5" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-4 vom 2024-07-23", "url": "https://ubuntu.com/security/notices/USN-6898-4" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4740 vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4740" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe", "tracking": { "current_release_date": "2024-07-23T22:00:00.000+00:00", "generator": { "date": "2024-07-24T09:08:16.928+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1235", "initial_release_date": "2024-05-26T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-26T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-12T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-24T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-25T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE und Debian aufgenommen" }, { "date": "2024-06-27T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-07-09T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-10T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-14T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen" }, { "date": "2024-07-15T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen" }, { "date": "2024-07-16T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen" }, { "date": "2024-07-17T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-18T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen" }, { "date": "2024-07-22T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-23T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "16" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T035064", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47499", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47499" }, { "cve": "CVE-2021-47500", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47500" }, { "cve": "CVE-2021-47501", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47501" }, { "cve": "CVE-2021-47502", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47502" }, { "cve": "CVE-2021-47503", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47503" }, { "cve": "CVE-2021-47504", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47504" }, { "cve": "CVE-2021-47505", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47505" }, { "cve": "CVE-2021-47506", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47506" }, { "cve": "CVE-2021-47507", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47507" }, { "cve": "CVE-2021-47508", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47508" }, { "cve": "CVE-2021-47509", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47509" }, { "cve": "CVE-2021-47510", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47510" }, { "cve": "CVE-2021-47511", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47511" }, { "cve": "CVE-2021-47512", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47512" }, { "cve": "CVE-2021-47513", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47513" }, { "cve": "CVE-2021-47514", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47514" }, { "cve": "CVE-2021-47515", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47515" }, { "cve": "CVE-2021-47516", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47516" }, { "cve": "CVE-2021-47517", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47517" }, { "cve": "CVE-2021-47518", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47518" }, { "cve": "CVE-2021-47519", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47519" }, { "cve": "CVE-2021-47520", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47520" }, { "cve": "CVE-2021-47521", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47521" }, { "cve": "CVE-2021-47522", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47522" }, { "cve": "CVE-2021-47523", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47523" }, { "cve": "CVE-2021-47524", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47524" }, { "cve": "CVE-2021-47525", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47525" }, { "cve": "CVE-2021-47526", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47526" }, { "cve": "CVE-2021-47527", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47527" }, { "cve": "CVE-2021-47528", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47528" }, { "cve": "CVE-2021-47529", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47529" }, { "cve": "CVE-2021-47530", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47530" }, { "cve": "CVE-2021-47531", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47531" }, { "cve": "CVE-2021-47532", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47532" }, { "cve": "CVE-2021-47533", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47533" }, { "cve": "CVE-2021-47534", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47534" }, { "cve": "CVE-2021-47535", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47535" }, { "cve": "CVE-2021-47536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47536" }, { "cve": "CVE-2021-47537", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47537" }, { "cve": "CVE-2021-47538", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47538" }, { "cve": "CVE-2021-47539", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47539" }, { "cve": "CVE-2021-47540", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47540" }, { "cve": "CVE-2021-47541", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47541" }, { "cve": "CVE-2021-47542", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47542" }, { "cve": "CVE-2021-47543", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47543" }, { "cve": "CVE-2021-47544", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47544" }, { "cve": "CVE-2021-47545", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47545" }, { "cve": "CVE-2021-47546", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47546" }, { "cve": "CVE-2021-47547", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47547" }, { "cve": "CVE-2021-47548", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47548" }, { "cve": "CVE-2021-47549", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47549" }, { "cve": "CVE-2021-47550", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47550" }, { "cve": "CVE-2021-47551", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47551" }, { "cve": "CVE-2021-47552", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47552" }, { "cve": "CVE-2021-47553", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47553" }, { "cve": "CVE-2021-47554", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47554" }, { "cve": "CVE-2021-47555", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47555" }, { "cve": "CVE-2021-47556", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47556" }, { "cve": "CVE-2021-47557", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47557" }, { "cve": "CVE-2021-47558", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47558" }, { "cve": "CVE-2021-47559", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47559" }, { "cve": "CVE-2021-47560", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47560" }, { "cve": "CVE-2021-47561", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47561" }, { "cve": "CVE-2021-47562", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47562" }, { "cve": "CVE-2021-47563", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47563" }, { "cve": "CVE-2021-47564", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47564" }, { "cve": "CVE-2021-47565", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47565" }, { "cve": "CVE-2021-47566", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47566" }, { "cve": "CVE-2021-47567", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47567" }, { "cve": "CVE-2021-47568", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47568" }, { "cve": "CVE-2021-47569", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47569" }, { "cve": "CVE-2021-47570", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47570" }, { "cve": "CVE-2021-47571", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47571" }, { "cve": "CVE-2021-47572", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2021-47572" }, { "cve": "CVE-2023-52880", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, ethtool oder HID, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Use-after-free, einem Speicherleck oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "T035064", "T004914" ] }, "release_date": "2024-05-26T22:00:00Z", "title": "CVE-2023-52880" } ] }
cve-2021-47532
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/devfreq: Fix OPP refcnt leak
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47532", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:15:57.265096Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:24.585Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a4eb55901df1dce8c6944438bbdf57caf08911e2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/59ba1b2b4825342676300f66d785764be3fcb093" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_gpu_devfreq.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a4eb55901df1dce8c6944438bbdf57caf08911e2", "status": "affected", "version": "9bc95570175a7fbca29d86d22c54bbf399f4ad5a", "versionType": "git" }, { "lessThan": "59ba1b2b4825342676300f66d785764be3fcb093", "status": "affected", "version": "9bc95570175a7fbca29d86d22c54bbf399f4ad5a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_gpu_devfreq.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/devfreq: Fix OPP refcnt leak" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:18.360Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a4eb55901df1dce8c6944438bbdf57caf08911e2" }, { "url": "https://git.kernel.org/stable/c/59ba1b2b4825342676300f66d785764be3fcb093" } ], "title": "drm/msm/devfreq: Fix OPP refcnt leak", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47532", "datePublished": "2024-05-24T15:09:42.027Z", "dateReserved": "2024-05-24T15:02:54.826Z", "dateUpdated": "2024-12-19T07:44:18.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47571
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:45
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
The free_rtllib() function frees the "dev" pointer so there is use
after free on the next line. Re-arrange things to avoid that.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 Version: 66898177e7e5486dc77a4ba742efa4e2e9e900a4 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47571", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:15:02.697856Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:45.282Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d43aecb694b10db9a4228ce2d38b5ae8de374443" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9186680382934b0e7529d3d70dcc0a21d087683b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c0ef0e75a858cbd8618b473f22fbca36106dcf82" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bca19bb2dc2d89ce60c4a4a6e59609d4cf2e13ef" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e1ec01af2c7139c6a600bbfaea1a018b35094b6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8d0163cec7de995f9eb9c3128c83fb84f0cb1c64" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e27ee2f607fe6a9b923ef1fc65461c0613c97594" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b535917c51acc97fb0761b1edec85f1f3d02bda4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/staging/rtl8192e/rtl8192e/rtl_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d43aecb694b10db9a4228ce2d38b5ae8de374443", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "9186680382934b0e7529d3d70dcc0a21d087683b", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "c0ef0e75a858cbd8618b473f22fbca36106dcf82", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "bca19bb2dc2d89ce60c4a4a6e59609d4cf2e13ef", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "2e1ec01af2c7139c6a600bbfaea1a018b35094b6", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "8d0163cec7de995f9eb9c3128c83fb84f0cb1c64", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "e27ee2f607fe6a9b923ef1fc65461c0613c97594", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" }, { "lessThan": "b535917c51acc97fb0761b1edec85f1f3d02bda4", "status": "affected", "version": "66898177e7e5486dc77a4ba742efa4e2e9e900a4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/staging/rtl8192e/rtl8192e/rtl_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.2" }, { "lessThan": "3.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.219", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.163", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()\n\nThe free_rtllib() function frees the \"dev\" pointer so there is use\nafter free on the next line. Re-arrange things to avoid that." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:45:03.544Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d43aecb694b10db9a4228ce2d38b5ae8de374443" }, { "url": "https://git.kernel.org/stable/c/9186680382934b0e7529d3d70dcc0a21d087683b" }, { "url": "https://git.kernel.org/stable/c/c0ef0e75a858cbd8618b473f22fbca36106dcf82" }, { "url": "https://git.kernel.org/stable/c/bca19bb2dc2d89ce60c4a4a6e59609d4cf2e13ef" }, { "url": "https://git.kernel.org/stable/c/2e1ec01af2c7139c6a600bbfaea1a018b35094b6" }, { "url": "https://git.kernel.org/stable/c/8d0163cec7de995f9eb9c3128c83fb84f0cb1c64" }, { "url": "https://git.kernel.org/stable/c/e27ee2f607fe6a9b923ef1fc65461c0613c97594" }, { "url": "https://git.kernel.org/stable/c/b535917c51acc97fb0761b1edec85f1f3d02bda4" } ], "title": "staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47571", "datePublished": "2024-05-24T15:12:57.732Z", "dateReserved": "2024-05-24T15:11:00.729Z", "dateUpdated": "2024-12-19T07:45:03.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47501
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
When trying to dump VFs VSI RX/TX descriptors
using debugfs there was a crash
due to NULL pointer dereference in i40e_dbg_dump_desc.
Added a check to i40e_dbg_dump_desc that checks if
VSI type is correct for dumping RX/TX descriptors.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47501", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:53:53.614307Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:54:04.855Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e5b7fb2198abc50058f1a29c395b004f76ab1c83" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/16431e442db248ecd8aa9457cf0a656f1885f56e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/23ec111bf3549aae37140330c31a16abfc172421" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/i40e/i40e_debugfs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e5b7fb2198abc50058f1a29c395b004f76ab1c83", "status": "affected", "version": "02e9c290814cc143ceccecb14eac3e7a05da745e", "versionType": "git" }, { "lessThan": "16431e442db248ecd8aa9457cf0a656f1885f56e", "status": "affected", "version": "02e9c290814cc143ceccecb14eac3e7a05da745e", "versionType": "git" }, { "lessThan": "23ec111bf3549aae37140330c31a16abfc172421", "status": "affected", "version": "02e9c290814cc143ceccecb14eac3e7a05da745e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/i40e/i40e_debugfs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.12" }, { "lessThan": "3.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix NULL pointer dereference in i40e_dbg_dump_desc\n\nWhen trying to dump VFs VSI RX/TX descriptors\nusing debugfs there was a crash\ndue to NULL pointer dereference in i40e_dbg_dump_desc.\nAdded a check to i40e_dbg_dump_desc that checks if\nVSI type is correct for dumping RX/TX descriptors." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:40.689Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e5b7fb2198abc50058f1a29c395b004f76ab1c83" }, { "url": "https://git.kernel.org/stable/c/16431e442db248ecd8aa9457cf0a656f1885f56e" }, { "url": "https://git.kernel.org/stable/c/23ec111bf3549aae37140330c31a16abfc172421" } ], "title": "i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47501", "datePublished": "2024-05-24T15:01:49.040Z", "dateReserved": "2024-05-22T06:20:56.204Z", "dateUpdated": "2024-12-19T07:43:40.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47569
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:45
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fail cancellation for EXITING tasks
WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269
CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0
Workqueue: events io_fallback_req_func
RIP: 0010:io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269
Call Trace:
<TASK>
io_req_task_link_timeout+0x6b/0x1e0 fs/io_uring.c:6886
io_fallback_req_func+0xf9/0x1ae fs/io_uring.c:1334
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
We need original task's context to do cancellations, so if it's dying
and the callback is executed in a fallback mode, fail the cancellation
attempt.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3d2a1e68fd9904fdc1b02f2e7d40ca47df7ba39f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/617a89484debcd4e7999796d693cf0b77d2519de" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47569", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:11.017717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:50.979Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3d2a1e68fd9904fdc1b02f2e7d40ca47df7ba39f", "status": "affected", "version": "89b263f6d56e683ddcf7643140271ef6e36c72b9", "versionType": "git" }, { "lessThan": "617a89484debcd4e7999796d693cf0b77d2519de", "status": "affected", "version": "89b263f6d56e683ddcf7643140271ef6e36c72b9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fail cancellation for EXITING tasks\n\nWARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269\nCPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0\nWorkqueue: events io_fallback_req_func\nRIP: 0010:io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269\nCall Trace:\n \u003cTASK\u003e\n io_req_task_link_timeout+0x6b/0x1e0 fs/io_uring.c:6886\n io_fallback_req_func+0xf9/0x1ae fs/io_uring.c:1334\n process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298\n worker_thread+0x658/0x11f0 kernel/workqueue.c:2445\n kthread+0x405/0x4f0 kernel/kthread.c:327\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e\n\nWe need original task\u0027s context to do cancellations, so if it\u0027s dying\nand the callback is executed in a fallback mode, fail the cancellation\nattempt." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:45:01.196Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3d2a1e68fd9904fdc1b02f2e7d40ca47df7ba39f" }, { "url": "https://git.kernel.org/stable/c/617a89484debcd4e7999796d693cf0b77d2519de" } ], "title": "io_uring: fail cancellation for EXITING tasks", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47569", "datePublished": "2024-05-24T15:12:55.394Z", "dateReserved": "2024-05-24T15:11:00.729Z", "dateUpdated": "2024-12-19T07:45:01.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47559
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
Coverity reports a possible NULL dereferencing problem:
in smc_vlan_by_tcpsk():
6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times).
7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next.
1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, &lower);
CID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS)
8. dereference: Dereferencing a pointer that might be NULL ndev when calling is_vlan_dev.
1624 if (is_vlan_dev(ndev)) {
Remove the manual implementation and use netdev_walk_all_lower_dev() to
iterate over the lower devices. While on it remove an obsolete function
parameter comment.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47559", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:14:31.432418Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:40.808Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/smc/smc_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff", "status": "affected", "version": "cb9d43f6775457cac75544bc4197f26ac2b6f294", "versionType": "git" }, { "lessThan": "bb851d0fb02547d03cd40106b5f2391c4fed6ed1", "status": "affected", "version": "cb9d43f6775457cac75544bc4197f26ac2b6f294", "versionType": "git" }, { "lessThan": "587acad41f1bc48e16f42bb2aca63bf323380be8", "status": "affected", "version": "cb9d43f6775457cac75544bc4197f26ac2b6f294", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/smc/smc_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.18" }, { "lessThan": "4.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()\n\nCoverity reports a possible NULL dereferencing problem:\n\nin smc_vlan_by_tcpsk():\n6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times).\n7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next.\n1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, \u0026lower);\nCID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS)\n8. dereference: Dereferencing a pointer that might be NULL ndev when calling is_vlan_dev.\n1624 if (is_vlan_dev(ndev)) {\n\nRemove the manual implementation and use netdev_walk_all_lower_dev() to\niterate over the lower devices. While on it remove an obsolete function\nparameter comment." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:48.940Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff" }, { "url": "https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1" }, { "url": "https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8" } ], "title": "net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47559", "datePublished": "2024-05-24T15:12:48.675Z", "dateReserved": "2024-05-24T15:11:00.727Z", "dateUpdated": "2024-12-19T07:44:48.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47504
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring: ensure task_work gets run as part of cancelations
If we successfully cancel a work item but that work item needs to be
processed through task_work, then we can be sleeping uninterruptibly
in io_uring_cancel_generic() and never process it. Hence we don't
make forward progress and we end up with an uninterruptible sleep
warning.
While in there, correct a comment that should be IFF, not IIF.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47504", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T18:38:00.409763Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T18:38:32.174Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e12976c0c19ebc14b60046b1348c516a74c25a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/78a780602075d8b00c98070fa26e389b3b3efa72" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8e12976c0c19ebc14b60046b1348c516a74c25a2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "78a780602075d8b00c98070fa26e389b3b3efa72", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/io_uring.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: ensure task_work gets run as part of cancelations\n\nIf we successfully cancel a work item but that work item needs to be\nprocessed through task_work, then we can be sleeping uninterruptibly\nin io_uring_cancel_generic() and never process it. Hence we don\u0027t\nmake forward progress and we end up with an uninterruptible sleep\nwarning.\n\nWhile in there, correct a comment that should be IFF, not IIF." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:44.061Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8e12976c0c19ebc14b60046b1348c516a74c25a2" }, { "url": "https://git.kernel.org/stable/c/78a780602075d8b00c98070fa26e389b3b3efa72" } ], "title": "io_uring: ensure task_work gets run as part of cancelations", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47504", "datePublished": "2024-05-24T15:01:51.013Z", "dateReserved": "2024-05-22T06:20:56.205Z", "dateUpdated": "2024-12-19T07:43:44.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47526
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: Fix NULL pointer dereference in ->remove()
drvdata has to be set in _probe() - otherwise platform_get_drvdata()
causes null pointer dereference BUG in _remove().
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47526", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T20:03:43.426133Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T20:04:10.423Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/189c99c629bbf85916c02c153f904649cc0a9d7f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0f55f89d98c8b3e12b4f55f71c127a173e29557c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "189c99c629bbf85916c02c153f904649cc0a9d7f", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" }, { "lessThan": "0f55f89d98c8b3e12b4f55f71c127a173e29557c", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: liteuart: Fix NULL pointer dereference in -\u003eremove()\n\ndrvdata has to be set in _probe() - otherwise platform_get_drvdata()\ncauses null pointer dereference BUG in _remove()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:11.332Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/189c99c629bbf85916c02c153f904649cc0a9d7f" }, { "url": "https://git.kernel.org/stable/c/0f55f89d98c8b3e12b4f55f71c127a173e29557c" } ], "title": "serial: liteuart: Fix NULL pointer dereference in -\u003eremove()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47526", "datePublished": "2024-05-24T15:09:38.024Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:11.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47549
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux,
a bug is reported:
==================================================================
BUG: Unable to handle kernel data access on read at 0x80000800805b502c
Oops: Kernel access of bad area, sig: 11 [#1]
NIP [c0000000000388a4] .ioread32+0x4/0x20
LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl]
Call Trace:
.free_irq+0x1c/0x4e0 (unreliable)
.ata_host_stop+0x74/0xd0 [libata]
.release_nodes+0x330/0x3f0
.device_release_driver_internal+0x178/0x2c0
.driver_detach+0x64/0xd0
.bus_remove_driver+0x70/0xf0
.driver_unregister+0x38/0x80
.platform_driver_unregister+0x14/0x30
.fsl_sata_driver_exit+0x18/0xa20 [sata_fsl]
.__se_sys_delete_module+0x1ec/0x2d0
.system_call_exception+0xfc/0x1f0
system_call_common+0xf8/0x200
==================================================================
The triggering of the BUG is shown in the following stack:
driver_detach
device_release_driver_internal
__device_release_driver
drv->remove(dev) --> platform_drv_remove/platform_remove
drv->remove(dev) --> sata_fsl_remove
iounmap(host_priv->hcr_base); <---- unmap
kfree(host_priv); <---- free
devres_release_all
release_nodes
dr->node.release(dev, dr->data) --> ata_host_stop
ap->ops->port_stop(ap) --> sata_fsl_port_stop
ioread32(hcr_base + HCONTROL) <---- UAF
host->ops->host_stop(host)
The iounmap(host_priv->hcr_base) and kfree(host_priv) functions should
not be executed in drv->remove. These functions should be executed in
host_stop after port_stop. Therefore, we move these functions to the
new function sata_fsl_host_stop and bind the new function to host_stop.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 Version: faf0b2e5afe7dae072d2715763c7f992b612b628 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47549", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:51:57.611443Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:52:23.946Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cdcd80292106df5cda325426e96495503e41f947" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/91ba94d3f7afca195b224f77a72044fbde1389ce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/325ea49fc43cbc03a5e1e37de8f0ca6357ced4b1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0769449b0a5eabc3545337217ae690e46673e73a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/77393806c76b6b44f1c44bd957788c8bd9152c45" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4a46b2f5dce02539e88a300800812bd24a45e097" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/adf098e2a8a1e1fc075d6a5ba2edd13cf7189082" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6c8ad7e8cf29eb55836e7a0215f967746ab2b504" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/ata/sata_fsl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cdcd80292106df5cda325426e96495503e41f947", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "91ba94d3f7afca195b224f77a72044fbde1389ce", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "325ea49fc43cbc03a5e1e37de8f0ca6357ced4b1", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "0769449b0a5eabc3545337217ae690e46673e73a", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "77393806c76b6b44f1c44bd957788c8bd9152c45", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "4a46b2f5dce02539e88a300800812bd24a45e097", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "adf098e2a8a1e1fc075d6a5ba2edd13cf7189082", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" }, { "lessThan": "6c8ad7e8cf29eb55836e7a0215f967746ab2b504", "status": "affected", "version": "faf0b2e5afe7dae072d2715763c7f992b612b628", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/ata/sata_fsl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.24" }, { "lessThan": "2.6.24", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl\n\nWhen the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux,\na bug is reported:\n ==================================================================\n BUG: Unable to handle kernel data access on read at 0x80000800805b502c\n Oops: Kernel access of bad area, sig: 11 [#1]\n NIP [c0000000000388a4] .ioread32+0x4/0x20\n LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl]\n Call Trace:\n .free_irq+0x1c/0x4e0 (unreliable)\n .ata_host_stop+0x74/0xd0 [libata]\n .release_nodes+0x330/0x3f0\n .device_release_driver_internal+0x178/0x2c0\n .driver_detach+0x64/0xd0\n .bus_remove_driver+0x70/0xf0\n .driver_unregister+0x38/0x80\n .platform_driver_unregister+0x14/0x30\n .fsl_sata_driver_exit+0x18/0xa20 [sata_fsl]\n .__se_sys_delete_module+0x1ec/0x2d0\n .system_call_exception+0xfc/0x1f0\n system_call_common+0xf8/0x200\n ==================================================================\n\nThe triggering of the BUG is shown in the following stack:\n\ndriver_detach\n device_release_driver_internal\n __device_release_driver\n drv-\u003eremove(dev) --\u003e platform_drv_remove/platform_remove\n drv-\u003eremove(dev) --\u003e sata_fsl_remove\n iounmap(host_priv-\u003ehcr_base);\t\t\t\u003c---- unmap\n kfree(host_priv); \u003c---- free\n devres_release_all\n release_nodes\n dr-\u003enode.release(dev, dr-\u003edata) --\u003e ata_host_stop\n ap-\u003eops-\u003eport_stop(ap) --\u003e sata_fsl_port_stop\n ioread32(hcr_base + HCONTROL) \u003c---- UAF\n host-\u003eops-\u003ehost_stop(host)\n\nThe iounmap(host_priv-\u003ehcr_base) and kfree(host_priv) functions should\nnot be executed in drv-\u003eremove. These functions should be executed in\nhost_stop after port_stop. Therefore, we move these functions to the\nnew function sata_fsl_host_stop and bind the new function to host_stop." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:36.614Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cdcd80292106df5cda325426e96495503e41f947" }, { "url": "https://git.kernel.org/stable/c/91ba94d3f7afca195b224f77a72044fbde1389ce" }, { "url": "https://git.kernel.org/stable/c/325ea49fc43cbc03a5e1e37de8f0ca6357ced4b1" }, { "url": "https://git.kernel.org/stable/c/0769449b0a5eabc3545337217ae690e46673e73a" }, { "url": "https://git.kernel.org/stable/c/77393806c76b6b44f1c44bd957788c8bd9152c45" }, { "url": "https://git.kernel.org/stable/c/4a46b2f5dce02539e88a300800812bd24a45e097" }, { "url": "https://git.kernel.org/stable/c/adf098e2a8a1e1fc075d6a5ba2edd13cf7189082" }, { "url": "https://git.kernel.org/stable/c/6c8ad7e8cf29eb55836e7a0215f967746ab2b504" } ], "title": "sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47549", "datePublished": "2024-05-24T15:09:53.292Z", "dateReserved": "2024-05-24T15:02:54.831Z", "dateUpdated": "2024-12-19T07:44:36.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47540
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
Fix the following NULL pointer dereference in mt7915_get_phy_mode
routine adding an ibss interface to the mt7915 driver.
[ 101.137097] wlan0: Trigger new scan to find an IBSS to join
[ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69
[ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 103.073670] Mem abort info:
[ 103.076520] ESR = 0x96000005
[ 103.079614] EC = 0x25: DABT (current EL), IL = 32 bits
[ 103.084934] SET = 0, FnV = 0
[ 103.088042] EA = 0, S1PTW = 0
[ 103.091215] Data abort info:
[ 103.094104] ISV = 0, ISS = 0x00000005
[ 103.098041] CM = 0, WnR = 0
[ 103.101044] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000460b1000
[ 103.107565] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 103.116590] Internal error: Oops: 96000005 [#1] SMP
[ 103.189066] CPU: 1 PID: 333 Comm: kworker/u4:3 Not tainted 5.10.75 #0
[ 103.195498] Hardware name: MediaTek MT7622 RFB1 board (DT)
[ 103.201124] Workqueue: phy0 ieee80211_iface_work [mac80211]
[ 103.206695] pstate: 20000005 (nzCv daif -PAN -UAO -TCO BTYPE=--)
[ 103.212705] pc : mt7915_get_phy_mode+0x68/0x120 [mt7915e]
[ 103.218103] lr : mt7915_mcu_add_bss_info+0x11c/0x760 [mt7915e]
[ 103.223927] sp : ffffffc011cdb9e0
[ 103.227235] x29: ffffffc011cdb9e0 x28: ffffff8006563098
[ 103.232545] x27: ffffff8005f4da22 x26: ffffff800685ac40
[ 103.237855] x25: 0000000000000001 x24: 000000000000011f
[ 103.243165] x23: ffffff8005f4e260 x22: ffffff8006567918
[ 103.248475] x21: ffffff8005f4df80 x20: ffffff800685ac58
[ 103.253785] x19: ffffff8006744400 x18: 0000000000000000
[ 103.259094] x17: 0000000000000000 x16: 0000000000000001
[ 103.264403] x15: 000899c3a2d9d2e4 x14: 000899bdc3c3a1c8
[ 103.269713] x13: 0000000000000000 x12: 0000000000000000
[ 103.275024] x11: ffffffc010e30c20 x10: 0000000000000000
[ 103.280333] x9 : 0000000000000050 x8 : ffffff8006567d88
[ 103.285642] x7 : ffffff8006563b5c x6 : ffffff8006563b44
[ 103.290952] x5 : 0000000000000002 x4 : 0000000000000001
[ 103.296262] x3 : 0000000000000001 x2 : 0000000000000001
[ 103.301572] x1 : 0000000000000000 x0 : 0000000000000011
[ 103.306882] Call trace:
[ 103.309328] mt7915_get_phy_mode+0x68/0x120 [mt7915e]
[ 103.314378] mt7915_bss_info_changed+0x198/0x200 [mt7915e]
[ 103.319941] ieee80211_bss_info_change_notify+0x128/0x290 [mac80211]
[ 103.326360] __ieee80211_sta_join_ibss+0x308/0x6c4 [mac80211]
[ 103.332171] ieee80211_sta_create_ibss+0x8c/0x10c [mac80211]
[ 103.337895] ieee80211_ibss_work+0x3dc/0x614 [mac80211]
[ 103.343185] ieee80211_iface_work+0x388/0x3f0 [mac80211]
[ 103.348495] process_one_work+0x288/0x690
[ 103.352499] worker_thread+0x70/0x464
[ 103.356157] kthread+0x144/0x150
[ 103.359380] ret_from_fork+0x10/0x18
[ 103.362952] Code: 394008c3 52800220 394000e4 7100007f (39400023)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/932b338f4e5c4cb0c2ed640da3bced1e63620198" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/14b03b8cebdf18ff13c39d58501b625411314de2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47540", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:20.346625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:20.936Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/mediatek/mt76/mt7915/mcu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "932b338f4e5c4cb0c2ed640da3bced1e63620198", "status": "affected", "version": "37f4ca907c462d7c8a1ac9e7e3473681b5f893dd", "versionType": "git" }, { "lessThan": "14b03b8cebdf18ff13c39d58501b625411314de2", "status": "affected", "version": "37f4ca907c462d7c8a1ac9e7e3473681b5f893dd", "versionType": "git" }, { "lessThan": "6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c", "status": "affected", "version": "37f4ca907c462d7c8a1ac9e7e3473681b5f893dd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/mediatek/mt76/mt7915/mcu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode\n\nFix the following NULL pointer dereference in mt7915_get_phy_mode\nroutine adding an ibss interface to the mt7915 driver.\n\n[ 101.137097] wlan0: Trigger new scan to find an IBSS to join\n[ 102.827039] wlan0: Creating new IBSS network, BSSID 26:a4:50:1a:6e:69\n[ 103.064756] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 103.073670] Mem abort info:\n[ 103.076520] ESR = 0x96000005\n[ 103.079614] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 103.084934] SET = 0, FnV = 0\n[ 103.088042] EA = 0, S1PTW = 0\n[ 103.091215] Data abort info:\n[ 103.094104] ISV = 0, ISS = 0x00000005\n[ 103.098041] CM = 0, WnR = 0\n[ 103.101044] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000460b1000\n[ 103.107565] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 103.116590] Internal error: Oops: 96000005 [#1] SMP\n[ 103.189066] CPU: 1 PID: 333 Comm: kworker/u4:3 Not tainted 5.10.75 #0\n[ 103.195498] Hardware name: MediaTek MT7622 RFB1 board (DT)\n[ 103.201124] Workqueue: phy0 ieee80211_iface_work [mac80211]\n[ 103.206695] pstate: 20000005 (nzCv daif -PAN -UAO -TCO BTYPE=--)\n[ 103.212705] pc : mt7915_get_phy_mode+0x68/0x120 [mt7915e]\n[ 103.218103] lr : mt7915_mcu_add_bss_info+0x11c/0x760 [mt7915e]\n[ 103.223927] sp : ffffffc011cdb9e0\n[ 103.227235] x29: ffffffc011cdb9e0 x28: ffffff8006563098\n[ 103.232545] x27: ffffff8005f4da22 x26: ffffff800685ac40\n[ 103.237855] x25: 0000000000000001 x24: 000000000000011f\n[ 103.243165] x23: ffffff8005f4e260 x22: ffffff8006567918\n[ 103.248475] x21: ffffff8005f4df80 x20: ffffff800685ac58\n[ 103.253785] x19: ffffff8006744400 x18: 0000000000000000\n[ 103.259094] x17: 0000000000000000 x16: 0000000000000001\n[ 103.264403] x15: 000899c3a2d9d2e4 x14: 000899bdc3c3a1c8\n[ 103.269713] x13: 0000000000000000 x12: 0000000000000000\n[ 103.275024] x11: ffffffc010e30c20 x10: 0000000000000000\n[ 103.280333] x9 : 0000000000000050 x8 : ffffff8006567d88\n[ 103.285642] x7 : ffffff8006563b5c x6 : ffffff8006563b44\n[ 103.290952] x5 : 0000000000000002 x4 : 0000000000000001\n[ 103.296262] x3 : 0000000000000001 x2 : 0000000000000001\n[ 103.301572] x1 : 0000000000000000 x0 : 0000000000000011\n[ 103.306882] Call trace:\n[ 103.309328] mt7915_get_phy_mode+0x68/0x120 [mt7915e]\n[ 103.314378] mt7915_bss_info_changed+0x198/0x200 [mt7915e]\n[ 103.319941] ieee80211_bss_info_change_notify+0x128/0x290 [mac80211]\n[ 103.326360] __ieee80211_sta_join_ibss+0x308/0x6c4 [mac80211]\n[ 103.332171] ieee80211_sta_create_ibss+0x8c/0x10c [mac80211]\n[ 103.337895] ieee80211_ibss_work+0x3dc/0x614 [mac80211]\n[ 103.343185] ieee80211_iface_work+0x388/0x3f0 [mac80211]\n[ 103.348495] process_one_work+0x288/0x690\n[ 103.352499] worker_thread+0x70/0x464\n[ 103.356157] kthread+0x144/0x150\n[ 103.359380] ret_from_fork+0x10/0x18\n[ 103.362952] Code: 394008c3 52800220 394000e4 7100007f (39400023)" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:28.238Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/932b338f4e5c4cb0c2ed640da3bced1e63620198" }, { "url": "https://git.kernel.org/stable/c/14b03b8cebdf18ff13c39d58501b625411314de2" }, { "url": "https://git.kernel.org/stable/c/6e53d6d26920d5221d3f4d4f5ffdd629ea69aa5c" } ], "title": "mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47540", "datePublished": "2024-05-24T15:09:47.256Z", "dateReserved": "2024-05-24T15:02:54.828Z", "dateUpdated": "2024-12-19T07:44:28.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47525
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: fix use-after-free and memleak on unbind
Deregister the port when unbinding the driver to prevent it from being
used after releasing the driver data and leaking memory allocated by
serial core.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47525", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:21:08.763793Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:59.157Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/602824cf9aa9db8830ffe5cfb2cd54365cada4fe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/05f929b395dec8957b636ff14e66b277ed022ed9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "602824cf9aa9db8830ffe5cfb2cd54365cada4fe", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" }, { "lessThan": "05f929b395dec8957b636ff14e66b277ed022ed9", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: liteuart: fix use-after-free and memleak on unbind\n\nDeregister the port when unbinding the driver to prevent it from being\nused after releasing the driver data and leaking memory allocated by\nserial core." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:10.115Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/602824cf9aa9db8830ffe5cfb2cd54365cada4fe" }, { "url": "https://git.kernel.org/stable/c/05f929b395dec8957b636ff14e66b277ed022ed9" } ], "title": "serial: liteuart: fix use-after-free and memleak on unbind", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47525", "datePublished": "2024-05-24T15:09:37.355Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:10.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47572
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:45
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: nexthop: fix null pointer dereference when IPv6 is not enabled
When we try to add an IPv6 nexthop and IPv6 is not enabled
(!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path
of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug
has been present since the beginning of IPv6 nexthop gateway support.
Commit 1aefd3de7bc6 ("ipv6: Add fib6_nh_init and release to stubs") tells
us that only fib6_nh_init has a dummy stub because fib6_nh_release should
not be called if fib6_nh_init returns an error, but the commit below added
a call to ipv6_stub->fib6_nh_release in its error path. To fix it return
the dummy stub's -EAFNOSUPPORT error directly without calling
ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path.
[1]
Output is a bit truncated, but it clearly shows the error.
BUG: kernel NULL pointer dereference, address: 000000000000000000
#PF: supervisor instruction fetch in kernel modede
#PF: error_code(0x0010) - not-present pagege
PGD 0 P4D 0
Oops: 0010 [#1] PREEMPT SMP NOPTI
CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ #446
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac
RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860
RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000
R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f
R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840
FS: 00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0
Call Trace:
<TASK>
nh_create_ipv6+0xed/0x10c
rtm_new_nexthop+0x6d7/0x13f3
? check_preemption_disabled+0x3d/0xf2
? lock_is_held_type+0xbe/0xfd
rtnetlink_rcv_msg+0x23f/0x26a
? check_preemption_disabled+0x3d/0xf2
? rtnl_calcit.isra.0+0x147/0x147
netlink_rcv_skb+0x61/0xb2
netlink_unicast+0x100/0x187
netlink_sendmsg+0x37f/0x3a0
? netlink_unicast+0x187/0x187
sock_sendmsg_nosec+0x67/0x9b
____sys_sendmsg+0x19d/0x1f9
? copy_msghdr_from_user+0x4c/0x5e
? rcu_read_lock_any_held+0x2a/0x78
___sys_sendmsg+0x6c/0x8c
? asm_sysvec_apic_timer_interrupt+0x12/0x20
? lockdep_hardirqs_on+0xd9/0x102
? sockfd_lookup_light+0x69/0x99
__sys_sendmsg+0x50/0x6e
do_syscall_64+0xcb/0xf2
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f98dea28914
Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53
RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e
RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914
RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008
R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001
R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0
</TASK>
Modules linked in: bridge stp llc bonding virtio_net
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7b6f44856da5ba0b1aa61403eb9fddd272156503" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b70ff391deeec35cdd8a05f5f63f5fe28bc4f225" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/39509d76a9a3d02f379d52cb4b1449469c56c0e0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c743127cc54b112b155f434756bd4b5fa565a99" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47572", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:07.855330Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:19.470Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv4/nexthop.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7b6f44856da5ba0b1aa61403eb9fddd272156503", "status": "affected", "version": "53010f991a9f5e4ed2db705ddde6ff32709192a2", "versionType": "git" }, { "lessThan": "b70ff391deeec35cdd8a05f5f63f5fe28bc4f225", "status": "affected", "version": "53010f991a9f5e4ed2db705ddde6ff32709192a2", "versionType": "git" }, { "lessThan": "39509d76a9a3d02f379d52cb4b1449469c56c0e0", "status": "affected", "version": "53010f991a9f5e4ed2db705ddde6ff32709192a2", "versionType": "git" }, { "lessThan": "1c743127cc54b112b155f434756bd4b5fa565a99", "status": "affected", "version": "53010f991a9f5e4ed2db705ddde6ff32709192a2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv4/nexthop.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.3" }, { "lessThan": "5.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.163", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: fix null pointer dereference when IPv6 is not enabled\n\nWhen we try to add an IPv6 nexthop and IPv6 is not enabled\n(!CONFIG_IPV6) we\u0027ll hit a NULL pointer dereference[1] in the error path\nof nh_create_ipv6() due to calling ipv6_stub-\u003efib6_nh_release. The bug\nhas been present since the beginning of IPv6 nexthop gateway support.\nCommit 1aefd3de7bc6 (\"ipv6: Add fib6_nh_init and release to stubs\") tells\nus that only fib6_nh_init has a dummy stub because fib6_nh_release should\nnot be called if fib6_nh_init returns an error, but the commit below added\na call to ipv6_stub-\u003efib6_nh_release in its error path. To fix it return\nthe dummy stub\u0027s -EAFNOSUPPORT error directly without calling\nipv6_stub-\u003efib6_nh_release in nh_create_ipv6()\u0027s error path.\n\n[1]\n Output is a bit truncated, but it clearly shows the error.\n BUG: kernel NULL pointer dereference, address: 000000000000000000\n #PF: supervisor instruction fetch in kernel modede\n #PF: error_code(0x0010) - not-present pagege\n PGD 0 P4D 0\n Oops: 0010 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ #446\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\n RIP: 0010:0x0\n Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac\n RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860\n RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f\n R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840\n FS: 00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0\n Call Trace:\n \u003cTASK\u003e\n nh_create_ipv6+0xed/0x10c\n rtm_new_nexthop+0x6d7/0x13f3\n ? check_preemption_disabled+0x3d/0xf2\n ? lock_is_held_type+0xbe/0xfd\n rtnetlink_rcv_msg+0x23f/0x26a\n ? check_preemption_disabled+0x3d/0xf2\n ? rtnl_calcit.isra.0+0x147/0x147\n netlink_rcv_skb+0x61/0xb2\n netlink_unicast+0x100/0x187\n netlink_sendmsg+0x37f/0x3a0\n ? netlink_unicast+0x187/0x187\n sock_sendmsg_nosec+0x67/0x9b\n ____sys_sendmsg+0x19d/0x1f9\n ? copy_msghdr_from_user+0x4c/0x5e\n ? rcu_read_lock_any_held+0x2a/0x78\n ___sys_sendmsg+0x6c/0x8c\n ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n ? lockdep_hardirqs_on+0xd9/0x102\n ? sockfd_lookup_light+0x69/0x99\n __sys_sendmsg+0x50/0x6e\n do_syscall_64+0xcb/0xf2\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f98dea28914\n Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53\n RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e\n RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914\n RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008\n R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001\n R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0\n \u003c/TASK\u003e\n Modules linked in: bridge stp llc bonding virtio_net" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:45:04.771Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7b6f44856da5ba0b1aa61403eb9fddd272156503" }, { "url": "https://git.kernel.org/stable/c/b70ff391deeec35cdd8a05f5f63f5fe28bc4f225" }, { "url": "https://git.kernel.org/stable/c/39509d76a9a3d02f379d52cb4b1449469c56c0e0" }, { "url": "https://git.kernel.org/stable/c/1c743127cc54b112b155f434756bd4b5fa565a99" } ], "title": "net: nexthop: fix null pointer dereference when IPv6 is not enabled", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47572", "datePublished": "2024-05-24T15:12:58.397Z", "dateReserved": "2024-05-24T15:11:00.729Z", "dateUpdated": "2024-12-19T07:45:04.771Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47513
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
Avoid a memory leak if there is not a CPU port defined.
Addresses-Coverity-ID: 1492897 ("Resource leak")
Addresses-Coverity-ID: 1492899 ("Resource leak")
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47513", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T18:36:49.820029Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T18:37:04.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.788Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/973a0373e88cc19129bd6ef0ec193040535397d9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e8b1d7698038e76363859fb47ae0a262080646f5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/dsa/ocelot/felix.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "973a0373e88cc19129bd6ef0ec193040535397d9", "status": "affected", "version": "8d5f7954b7c8de54902a8beda141064a7e2e6ee0", "versionType": "git" }, { "lessThan": "e8b1d7698038e76363859fb47ae0a262080646f5", "status": "affected", "version": "8d5f7954b7c8de54902a8beda141064a7e2e6ee0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/dsa/ocelot/felix.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: Fix memory leak in felix_setup_mmio_filtering\n\nAvoid a memory leak if there is not a CPU port defined.\n\nAddresses-Coverity-ID: 1492897 (\"Resource leak\")\nAddresses-Coverity-ID: 1492899 (\"Resource leak\")" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:55.292Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/973a0373e88cc19129bd6ef0ec193040535397d9" }, { "url": "https://git.kernel.org/stable/c/e8b1d7698038e76363859fb47ae0a262080646f5" } ], "title": "net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47513", "datePublished": "2024-05-24T15:09:28.028Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:43:55.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47521
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: sja1000: fix use after free in ems_pcmcia_add_card()
If the last channel is not available then "dev" is freed. Fortunately,
we can just use "pdev->irq" instead.
Also we should check if at least one channel was set up.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e Version: fd734c6f25aea4b2b44b045e489aec67b388577e |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47521", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:55:46.664460Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:06.426Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.801Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e1e039ce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/can/sja1000/ems_pcmcia.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cbd86110546f7f730a1f5d7de56c944a336c15c4", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "1dd5b819f7e406dc15bbc7670596ff25261aaa2a", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "c8718026ba287168ff9ad0ccc4f9a413062cba36", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "ccf070183e4655824936c0f96c4a2bcca93419aa", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "1a295fea90e1acbe80c6d4940f5ff856edcd6bec", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "923f4dc5df679f678e121c20bf2fd70f7bf3e288", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "474f9a8534f5f89841240a7e978bafd6e1e039ce", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" }, { "lessThan": "3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45", "status": "affected", "version": "fd734c6f25aea4b2b44b045e489aec67b388577e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/can/sja1000/ems_pcmcia.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.2" }, { "lessThan": "3.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sja1000: fix use after free in ems_pcmcia_add_card()\n\nIf the last channel is not available then \"dev\" is freed. Fortunately,\nwe can just use \"pdev-\u003eirq\" instead.\n\nAlso we should check if at least one channel was set up." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:05.387Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cbd86110546f7f730a1f5d7de56c944a336c15c4" }, { "url": "https://git.kernel.org/stable/c/1dd5b819f7e406dc15bbc7670596ff25261aaa2a" }, { "url": "https://git.kernel.org/stable/c/c8718026ba287168ff9ad0ccc4f9a413062cba36" }, { "url": "https://git.kernel.org/stable/c/ccf070183e4655824936c0f96c4a2bcca93419aa" }, { "url": "https://git.kernel.org/stable/c/1a295fea90e1acbe80c6d4940f5ff856edcd6bec" }, { "url": "https://git.kernel.org/stable/c/923f4dc5df679f678e121c20bf2fd70f7bf3e288" }, { "url": "https://git.kernel.org/stable/c/474f9a8534f5f89841240a7e978bafd6e1e039ce" }, { "url": "https://git.kernel.org/stable/c/3ec6ca6b1a8e64389f0212b5a1b0f6fed1909e45" } ], "title": "can: sja1000: fix use after free in ems_pcmcia_add_card()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47521", "datePublished": "2024-05-24T15:09:34.457Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:05.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47544
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix page frag corruption on page fault
Steffen reported a TCP stream corruption for HTTP requests
served by the apache web-server using a cifs mount-point
and memory mapping the relevant file.
The root cause is quite similar to the one addressed by
commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from
memory reclaim"). Here the nested access to the task page frag
is caused by a page fault on the (mmapped) user-space memory
buffer coming from the cifs file.
The page fault handler performs an smb transaction on a different
socket, inside the same process context. Since sk->sk_allaction
for such socket does not prevent the usage for the task_frag,
the nested allocation modify "under the hood" the page frag
in use by the outer sendmsg call, corrupting the stream.
The overall relevant stack trace looks like the following:
httpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked:
ffffffff91461d91 tcp_sendmsg_locked+0x1
ffffffff91462b57 tcp_sendmsg+0x27
ffffffff9139814e sock_sendmsg+0x3e
ffffffffc06dfe1d smb_send_kvec+0x28
[...]
ffffffffc06cfaf8 cifs_readpages+0x213
ffffffff90e83c4b read_pages+0x6b
ffffffff90e83f31 __do_page_cache_readahead+0x1c1
ffffffff90e79e98 filemap_fault+0x788
ffffffff90eb0458 __do_fault+0x38
ffffffff90eb5280 do_fault+0x1a0
ffffffff90eb7c84 __handle_mm_fault+0x4d4
ffffffff90eb8093 handle_mm_fault+0xc3
ffffffff90c74f6d __do_page_fault+0x1ed
ffffffff90c75277 do_page_fault+0x37
ffffffff9160111e page_fault+0x1e
ffffffff9109e7b5 copyin+0x25
ffffffff9109eb40 _copy_from_iter_full+0xe0
ffffffff91462370 tcp_sendmsg_locked+0x5e0
ffffffff91462370 tcp_sendmsg_locked+0x5e0
ffffffff91462b57 tcp_sendmsg+0x27
ffffffff9139815c sock_sendmsg+0x4c
ffffffff913981f7 sock_write_iter+0x97
ffffffff90f2cc56 do_iter_readv_writev+0x156
ffffffff90f2dff0 do_iter_write+0x80
ffffffff90f2e1c3 vfs_writev+0xa3
ffffffff90f2e27c do_writev+0x5c
ffffffff90c042bb do_syscall_64+0x5b
ffffffff916000ad entry_SYSCALL_64_after_hwframe+0x65
The cifs filesystem rightfully sets sk_allocations to GFP_NOFS,
we can avoid the nesting using the sk page frag for allocation
lacking the __GFP_FS flag. Do not define an additional mm-helper
for that, as this is strictly tied to the sk page frag usage.
v1 -> v2:
- use a stricted sk_page_frag() check instead of reordering the
code (Eric)
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47544", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T17:06:35.022552Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:09.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c6f340a331fb72e5ac23a083de9c780e132ca3ae" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a9afcd827cafe14a95c9fcbded2c2d104f18dfc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dacb5d8875cc6cd3a553363b4d6f06760fcbe70c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/net/sock.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c6f340a331fb72e5ac23a083de9c780e132ca3ae", "status": "affected", "version": "5640f7685831e088fe6c2e1f863a6805962f8e81", "versionType": "git" }, { "lessThan": "5a9afcd827cafe14a95c9fcbded2c2d104f18dfc", "status": "affected", "version": "5640f7685831e088fe6c2e1f863a6805962f8e81", "versionType": "git" }, { "lessThan": "dacb5d8875cc6cd3a553363b4d6f06760fcbe70c", "status": "affected", "version": "5640f7685831e088fe6c2e1f863a6805962f8e81", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/net/sock.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.7" }, { "lessThan": "3.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix page frag corruption on page fault\n\nSteffen reported a TCP stream corruption for HTTP requests\nserved by the apache web-server using a cifs mount-point\nand memory mapping the relevant file.\n\nThe root cause is quite similar to the one addressed by\ncommit 20eb4f29b602 (\"net: fix sk_page_frag() recursion from\nmemory reclaim\"). Here the nested access to the task page frag\nis caused by a page fault on the (mmapped) user-space memory\nbuffer coming from the cifs file.\n\nThe page fault handler performs an smb transaction on a different\nsocket, inside the same process context. Since sk-\u003esk_allaction\nfor such socket does not prevent the usage for the task_frag,\nthe nested allocation modify \"under the hood\" the page frag\nin use by the outer sendmsg call, corrupting the stream.\n\nThe overall relevant stack trace looks like the following:\n\nhttpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked:\n ffffffff91461d91 tcp_sendmsg_locked+0x1\n ffffffff91462b57 tcp_sendmsg+0x27\n ffffffff9139814e sock_sendmsg+0x3e\n ffffffffc06dfe1d smb_send_kvec+0x28\n [...]\n ffffffffc06cfaf8 cifs_readpages+0x213\n ffffffff90e83c4b read_pages+0x6b\n ffffffff90e83f31 __do_page_cache_readahead+0x1c1\n ffffffff90e79e98 filemap_fault+0x788\n ffffffff90eb0458 __do_fault+0x38\n ffffffff90eb5280 do_fault+0x1a0\n ffffffff90eb7c84 __handle_mm_fault+0x4d4\n ffffffff90eb8093 handle_mm_fault+0xc3\n ffffffff90c74f6d __do_page_fault+0x1ed\n ffffffff90c75277 do_page_fault+0x37\n ffffffff9160111e page_fault+0x1e\n ffffffff9109e7b5 copyin+0x25\n ffffffff9109eb40 _copy_from_iter_full+0xe0\n ffffffff91462370 tcp_sendmsg_locked+0x5e0\n ffffffff91462370 tcp_sendmsg_locked+0x5e0\n ffffffff91462b57 tcp_sendmsg+0x27\n ffffffff9139815c sock_sendmsg+0x4c\n ffffffff913981f7 sock_write_iter+0x97\n ffffffff90f2cc56 do_iter_readv_writev+0x156\n ffffffff90f2dff0 do_iter_write+0x80\n ffffffff90f2e1c3 vfs_writev+0xa3\n ffffffff90f2e27c do_writev+0x5c\n ffffffff90c042bb do_syscall_64+0x5b\n ffffffff916000ad entry_SYSCALL_64_after_hwframe+0x65\n\nThe cifs filesystem rightfully sets sk_allocations to GFP_NOFS,\nwe can avoid the nesting using the sk page frag for allocation\nlacking the __GFP_FS flag. Do not define an additional mm-helper\nfor that, as this is strictly tied to the sk page frag usage.\n\nv1 -\u003e v2:\n - use a stricted sk_page_frag() check instead of reordering the\n code (Eric)" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:31.740Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c6f340a331fb72e5ac23a083de9c780e132ca3ae" }, { "url": "https://git.kernel.org/stable/c/5a9afcd827cafe14a95c9fcbded2c2d104f18dfc" }, { "url": "https://git.kernel.org/stable/c/dacb5d8875cc6cd3a553363b4d6f06760fcbe70c" } ], "title": "tcp: fix page frag corruption on page fault", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47544", "datePublished": "2024-05-24T15:09:49.895Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:31.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47551
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch
already been called, the start_cpsch will not be called since there is no resume in this
case. When reset been triggered again, driver should avoid to do uninitialization again.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.16", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.10.84:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.10.84", "status": "unaffected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47551", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:41:59.377852Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T17:34:00.605Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.853Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/74aafe99efb68f15e50be9f7032c2168512f98a8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/06c6f8f86ec243b89e52f0c3dc7062bcb9de74df" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2cf49e00d40d5132e3d067b5aa6d84791929ab15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "74aafe99efb68f15e50be9f7032c2168512f98a8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "06c6f8f86ec243b89e52f0c3dc7062bcb9de74df", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2cf49e00d40d5132e3d067b5aa6d84791929ab15", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again\n\nIn SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch\nalready been called, the start_cpsch will not be called since there is no resume in this\ncase. When reset been triggered again, driver should avoid to do uninitialization again." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:38.918Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/74aafe99efb68f15e50be9f7032c2168512f98a8" }, { "url": "https://git.kernel.org/stable/c/06c6f8f86ec243b89e52f0c3dc7062bcb9de74df" }, { "url": "https://git.kernel.org/stable/c/2cf49e00d40d5132e3d067b5aa6d84791929ab15" } ], "title": "drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47551", "datePublished": "2024-05-24T15:09:54.635Z", "dateReserved": "2024-05-24T15:02:54.832Z", "dateUpdated": "2024-12-19T07:44:38.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47522
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: bigbenff: prevent null pointer dereference
When emulating the device through uhid, there is a chance we don't have
output reports and so report_field is null.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47522", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:21:40.399716Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:47.355Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6272b17001e6fdcf7b4a16206287010a1523fa6e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/918aa1ef104d286d16b9e7ef139a463ac7a296f0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hid/hid-bigbenff.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8e0ceff632f48175ec7fb4706129c55ca8a7c7bd", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "6272b17001e6fdcf7b4a16206287010a1523fa6e", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "58f15f5ae7786c824868f3a7e093859b74669ce7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "918aa1ef104d286d16b9e7ef139a463ac7a296f0", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hid/hid-bigbenff.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: bigbenff: prevent null pointer dereference\n\nWhen emulating the device through uhid, there is a chance we don\u0027t have\noutput reports and so report_field is null." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:06.561Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd" }, { "url": "https://git.kernel.org/stable/c/6272b17001e6fdcf7b4a16206287010a1523fa6e" }, { "url": "https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7" }, { "url": "https://git.kernel.org/stable/c/918aa1ef104d286d16b9e7ef139a463ac7a296f0" } ], "title": "HID: bigbenff: prevent null pointer dereference", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47522", "datePublished": "2024-05-24T15:09:35.118Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:06.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47545
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-06-13T14:00:05.274Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47545", "datePublished": "2024-05-24T15:09:50.605Z", "dateRejected": "2024-06-13T14:00:05.274Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-06-13T14:00:05.274Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47502
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd934x: handle channel mappping list correctly
Currently each channel is added as list to dai channel list, however
there is danger of adding same channel to multiple dai channel list
which endups corrupting the other list where its already added.
This patch ensures that the channel is actually free before adding to
the dai channel list and also ensures that the channel is on the list
before deleting it.
This check was missing previously, and we did not hit this issue as
we were testing very simple usecases with sequence of amixer commands.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47502", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:19:30.436874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:49.622Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/soc/codecs/wcd934x.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1089dac26c6b4b833323ae6c0ceab29fb30ede72", "status": "affected", "version": "a70d9245759a48e57bb1dc9f63213dcf3017db32", "versionType": "git" }, { "lessThan": "339ffb5b56005582aacc860524d2d208604049d1", "status": "affected", "version": "a70d9245759a48e57bb1dc9f63213dcf3017db32", "versionType": "git" }, { "lessThan": "23ba28616d3063bd4c4953598ed5e439ca891101", "status": "affected", "version": "a70d9245759a48e57bb1dc9f63213dcf3017db32", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/soc/codecs/wcd934x.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.6" }, { "lessThan": "5.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: handle channel mappping list correctly\n\nCurrently each channel is added as list to dai channel list, however\nthere is danger of adding same channel to multiple dai channel list\nwhich endups corrupting the other list where its already added.\n\nThis patch ensures that the channel is actually free before adding to\nthe dai channel list and also ensures that the channel is on the list\nbefore deleting it.\n\nThis check was missing previously, and we did not hit this issue as\nwe were testing very simple usecases with sequence of amixer commands." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:41.808Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72" }, { "url": "https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1" }, { "url": "https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101" } ], "title": "ASoC: codecs: wcd934x: handle channel mappping list correctly", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47502", "datePublished": "2024-05-24T15:01:49.699Z", "dateReserved": "2024-05-22T06:20:56.204Z", "dateUpdated": "2024-12-19T07:43:41.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47556
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
ethtool_set_coalesce() now uses both the .get_coalesce() and
.set_coalesce() callbacks. But the check for their availability is
buggy, so changing the coalesce settings on a device where the driver
provides only _one_ of the callbacks results in a NULL pointer
dereference instead of an -EOPNOTSUPP.
Fix the condition so that the availability of both callbacks is
ensured. This also matches the netlink code.
Note that reproducing this requires some effort - it only affects the
legacy ioctl path, and needs a specific combination of driver options:
- have .get_coalesce() and .coalesce_supported but no
.set_coalesce(), or
- have .set_coalesce() but no .get_coalesce(). Here eg. ethtool doesn't
cause the crash as it first attempts to call ethtool_get_coalesce()
and bails out on error.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/abfdd9e2f0f9699015d72317f74154d3e53664e6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0276af2176c78771da7f311621a25d7608045827" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47556", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:17.251127Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:20.673Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ethtool/ioctl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "abfdd9e2f0f9699015d72317f74154d3e53664e6", "status": "affected", "version": "f3ccfda1931977b80267ba54070a1aeafa18f6ca", "versionType": "git" }, { "lessThan": "0276af2176c78771da7f311621a25d7608045827", "status": "affected", "version": "f3ccfda1931977b80267ba54070a1aeafa18f6ca", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ethtool/ioctl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()\n\nethtool_set_coalesce() now uses both the .get_coalesce() and\n.set_coalesce() callbacks. But the check for their availability is\nbuggy, so changing the coalesce settings on a device where the driver\nprovides only _one_ of the callbacks results in a NULL pointer\ndereference instead of an -EOPNOTSUPP.\n\nFix the condition so that the availability of both callbacks is\nensured. This also matches the netlink code.\n\nNote that reproducing this requires some effort - it only affects the\nlegacy ioctl path, and needs a specific combination of driver options:\n- have .get_coalesce() and .coalesce_supported but no\n .set_coalesce(), or\n- have .set_coalesce() but no .get_coalesce(). Here eg. ethtool doesn\u0027t\n cause the crash as it first attempts to call ethtool_get_coalesce()\n and bails out on error." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:45.287Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/abfdd9e2f0f9699015d72317f74154d3e53664e6" }, { "url": "https://git.kernel.org/stable/c/0276af2176c78771da7f311621a25d7608045827" } ], "title": "ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47556", "datePublished": "2024-05-24T15:09:57.983Z", "dateReserved": "2024-05-24T15:02:54.833Z", "dateUpdated": "2024-12-19T07:44:45.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47505
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
aio: fix use-after-free due to missing POLLFREE handling
signalfd_poll() and binder_poll() are special in that they use a
waitqueue whose lifetime is the current task, rather than the struct
file as is normally the case. This is okay for blocking polls, since a
blocking poll occurs within one task; however, non-blocking polls
require another solution. This solution is for the queue to be cleared
before it is freed, by sending a POLLFREE notification to all waiters.
Unfortunately, only eventpoll handles POLLFREE. A second type of
non-blocking poll, aio poll, was added in kernel v4.18, and it doesn't
handle POLLFREE. This allows a use-after-free to occur if a signalfd or
binder fd is polled with aio poll, and the waitqueue gets freed.
Fix this by making aio poll handle POLLFREE.
A patch by Ramji Jiyani <ramjiyani@google.com>
(https://lore.kernel.org/r/20211027011834.2497484-1-ramjiyani@google.com)
tried to do this by making aio_poll_wake() always complete the request
inline if POLLFREE is seen. However, that solution had two bugs.
First, it introduced a deadlock, as it unconditionally locked the aio
context while holding the waitqueue lock, which inverts the normal
locking order. Second, it didn't consider that POLLFREE notifications
are missed while the request has been temporarily de-queued.
The second problem was solved by my previous patch. This patch then
properly fixes the use-after-free by handling POLLFREE in a
deadlock-free way. It does this by taking advantage of the fact that
freeing of the waitqueue is RCU-delayed, similar to what eventpoll does.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 2c14fa838cbefc23cf1c73ca167ed85b274b2913 Version: 2c14fa838cbefc23cf1c73ca167ed85b274b2913 Version: 2c14fa838cbefc23cf1c73ca167ed85b274b2913 Version: 2c14fa838cbefc23cf1c73ca167ed85b274b2913 Version: 2c14fa838cbefc23cf1c73ca167ed85b274b2913 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47505", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T18:37:27.922309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-30T15:15:43.456Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/321fba81ec034f88aea4898993c1bf15605c023f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4105e6a128e8a98455dfc9e6dbb2ab0c33c4497f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/47ffefd88abfffe8a040bcc1dd0554d4ea6f7689" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60d311f9e6381d779d7d53371f87285698ecee24" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/50252e4b5e989ce64555c7aef7516bdefc2fea72" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/aio.c", "include/uapi/asm-generic/poll.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "321fba81ec034f88aea4898993c1bf15605c023f", "status": "affected", "version": "2c14fa838cbefc23cf1c73ca167ed85b274b2913", "versionType": "git" }, { "lessThan": "4105e6a128e8a98455dfc9e6dbb2ab0c33c4497f", "status": "affected", "version": "2c14fa838cbefc23cf1c73ca167ed85b274b2913", "versionType": "git" }, { "lessThan": "47ffefd88abfffe8a040bcc1dd0554d4ea6f7689", "status": "affected", "version": "2c14fa838cbefc23cf1c73ca167ed85b274b2913", "versionType": "git" }, { "lessThan": "60d311f9e6381d779d7d53371f87285698ecee24", "status": "affected", "version": "2c14fa838cbefc23cf1c73ca167ed85b274b2913", "versionType": "git" }, { "lessThan": "50252e4b5e989ce64555c7aef7516bdefc2fea72", "status": "affected", "version": "2c14fa838cbefc23cf1c73ca167ed85b274b2913", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/aio.c", "include/uapi/asm-generic/poll.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.18" }, { "lessThan": "4.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix use-after-free due to missing POLLFREE handling\n\nsignalfd_poll() and binder_poll() are special in that they use a\nwaitqueue whose lifetime is the current task, rather than the struct\nfile as is normally the case. This is okay for blocking polls, since a\nblocking poll occurs within one task; however, non-blocking polls\nrequire another solution. This solution is for the queue to be cleared\nbefore it is freed, by sending a POLLFREE notification to all waiters.\n\nUnfortunately, only eventpoll handles POLLFREE. A second type of\nnon-blocking poll, aio poll, was added in kernel v4.18, and it doesn\u0027t\nhandle POLLFREE. This allows a use-after-free to occur if a signalfd or\nbinder fd is polled with aio poll, and the waitqueue gets freed.\n\nFix this by making aio poll handle POLLFREE.\n\nA patch by Ramji Jiyani \u003cramjiyani@google.com\u003e\n(https://lore.kernel.org/r/20211027011834.2497484-1-ramjiyani@google.com)\ntried to do this by making aio_poll_wake() always complete the request\ninline if POLLFREE is seen. However, that solution had two bugs.\nFirst, it introduced a deadlock, as it unconditionally locked the aio\ncontext while holding the waitqueue lock, which inverts the normal\nlocking order. Second, it didn\u0027t consider that POLLFREE notifications\nare missed while the request has been temporarily de-queued.\n\nThe second problem was solved by my previous patch. This patch then\nproperly fixes the use-after-free by handling POLLFREE in a\ndeadlock-free way. It does this by taking advantage of the fact that\nfreeing of the waitqueue is RCU-delayed, similar to what eventpoll does." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:45.253Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/321fba81ec034f88aea4898993c1bf15605c023f" }, { "url": "https://git.kernel.org/stable/c/4105e6a128e8a98455dfc9e6dbb2ab0c33c4497f" }, { "url": "https://git.kernel.org/stable/c/47ffefd88abfffe8a040bcc1dd0554d4ea6f7689" }, { "url": "https://git.kernel.org/stable/c/60d311f9e6381d779d7d53371f87285698ecee24" }, { "url": "https://git.kernel.org/stable/c/50252e4b5e989ce64555c7aef7516bdefc2fea72" } ], "title": "aio: fix use-after-free due to missing POLLFREE handling", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47505", "datePublished": "2024-05-24T15:01:52.088Z", "dateReserved": "2024-05-22T06:20:56.205Z", "dateUpdated": "2024-12-19T07:43:45.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47566
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
proc/vmcore: fix clearing user buffer by properly using clear_user()
To clear a user buffer we cannot simply use memset, we have to use
clear_user(). With a virtio-mem device that registers a vmcore_cb and
has some logically unplugged memory inside an added Linux memory block,
I can easily trigger a BUG by copying the vmcore via "cp":
systemd[1]: Starting Kdump Vmcore Save Service...
kdump[420]: Kdump is using the default log level(3).
kdump[453]: saving to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/
kdump[458]: saving vmcore-dmesg.txt to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/
kdump[465]: saving vmcore-dmesg.txt complete
kdump[467]: saving vmcore
BUG: unable to handle page fault for address: 00007f2374e01000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD 7a523067 P4D 7a523067 PUD 7a528067 PMD 7a525067 PTE 800000007048f867
Oops: 0003 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 468 Comm: cp Not tainted 5.15.0+ #6
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-27-g64f37cc530f1-prebuilt.qemu.org 04/01/2014
RIP: 0010:read_from_oldmem.part.0.cold+0x1d/0x86
Code: ff ff ff e8 05 ff fe ff e9 b9 e9 7f ff 48 89 de 48 c7 c7 38 3b 60 82 e8 f1 fe fe ff 83 fd 08 72 3c 49 8d 7d 08 4c 89 e9 89 e8 <49> c7 45 00 00 00 00 00 49 c7 44 05 f8 00 00 00 00 48 83 e7 f81
RSP: 0018:ffffc9000073be08 EFLAGS: 00010212
RAX: 0000000000001000 RBX: 00000000002fd000 RCX: 00007f2374e01000
RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00007f2374e01008
RBP: 0000000000001000 R08: 0000000000000000 R09: ffffc9000073bc50
R10: ffffc9000073bc48 R11: ffffffff829461a8 R12: 000000000000f000
R13: 00007f2374e01000 R14: 0000000000000000 R15: ffff88807bd421e8
FS: 00007f2374e12140(0000) GS:ffff88807f000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2374e01000 CR3: 000000007a4aa000 CR4: 0000000000350eb0
Call Trace:
read_vmcore+0x236/0x2c0
proc_reg_read+0x55/0xa0
vfs_read+0x95/0x190
ksys_read+0x4f/0xc0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access
Prevention (SMAP)", which is used to detect wrong access from the kernel
to user buffers like this: SMAP triggers a permissions violation on
wrong access. In the x86-64 variant of clear_user(), SMAP is properly
handled via clac()+stac().
To fix, properly use clear_user() when we're dealing with a user buffer.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 Version: 997c136f518c5debd63847e78e2a8694f56dcf90 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47566", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T19:44:25.541373Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T19:44:36.617Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.769Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/proc/vmcore.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a9e164bd160be8cbee1df70acb379129e3cd2e7c", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "33a7d698f30fa0b99d50569e9909d3baa65d8f6a", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "99d348b82bcb36171f24411d3f1a15706a2a937a", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "9ef384ed300d1bcfb23d0ab0b487d544444d4b52", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "fd7974c547abfb03072a4ee706d3a6f182266f89", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "a8a917058faf4abaec9fb614bb6d5f8fe3529ec6", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" }, { "lessThan": "c1e63117711977cc4295b2ce73de29dd17066c82", "status": "affected", "version": "997c136f518c5debd63847e78e2a8694f56dcf90", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/proc/vmcore.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.0" }, { "lessThan": "3.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.219", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.163", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc/vmcore: fix clearing user buffer by properly using clear_user()\n\nTo clear a user buffer we cannot simply use memset, we have to use\nclear_user(). With a virtio-mem device that registers a vmcore_cb and\nhas some logically unplugged memory inside an added Linux memory block,\nI can easily trigger a BUG by copying the vmcore via \"cp\":\n\n systemd[1]: Starting Kdump Vmcore Save Service...\n kdump[420]: Kdump is using the default log level(3).\n kdump[453]: saving to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/\n kdump[458]: saving vmcore-dmesg.txt to /sysroot/var/crash/127.0.0.1-2021-11-11-14:59:22/\n kdump[465]: saving vmcore-dmesg.txt complete\n kdump[467]: saving vmcore\n BUG: unable to handle page fault for address: 00007f2374e01000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0003) - permissions violation\n PGD 7a523067 P4D 7a523067 PUD 7a528067 PMD 7a525067 PTE 800000007048f867\n Oops: 0003 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 468 Comm: cp Not tainted 5.15.0+ #6\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-27-g64f37cc530f1-prebuilt.qemu.org 04/01/2014\n RIP: 0010:read_from_oldmem.part.0.cold+0x1d/0x86\n Code: ff ff ff e8 05 ff fe ff e9 b9 e9 7f ff 48 89 de 48 c7 c7 38 3b 60 82 e8 f1 fe fe ff 83 fd 08 72 3c 49 8d 7d 08 4c 89 e9 89 e8 \u003c49\u003e c7 45 00 00 00 00 00 49 c7 44 05 f8 00 00 00 00 48 83 e7 f81\n RSP: 0018:ffffc9000073be08 EFLAGS: 00010212\n RAX: 0000000000001000 RBX: 00000000002fd000 RCX: 00007f2374e01000\n RDX: 0000000000000001 RSI: 00000000ffffdfff RDI: 00007f2374e01008\n RBP: 0000000000001000 R08: 0000000000000000 R09: ffffc9000073bc50\n R10: ffffc9000073bc48 R11: ffffffff829461a8 R12: 000000000000f000\n R13: 00007f2374e01000 R14: 0000000000000000 R15: ffff88807bd421e8\n FS: 00007f2374e12140(0000) GS:ffff88807f000000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f2374e01000 CR3: 000000007a4aa000 CR4: 0000000000350eb0\n Call Trace:\n read_vmcore+0x236/0x2c0\n proc_reg_read+0x55/0xa0\n vfs_read+0x95/0x190\n ksys_read+0x4f/0xc0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nSome x86-64 CPUs have a CPU feature called \"Supervisor Mode Access\nPrevention (SMAP)\", which is used to detect wrong access from the kernel\nto user buffers like this: SMAP triggers a permissions violation on\nwrong access. In the x86-64 variant of clear_user(), SMAP is properly\nhandled via clac()+stac().\n\nTo fix, properly use clear_user() when we\u0027re dealing with a user buffer." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:57.674Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c" }, { "url": "https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a" }, { "url": "https://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a" }, { "url": "https://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52" }, { "url": "https://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89" }, { "url": "https://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6" }, { "url": "https://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1" }, { "url": "https://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82" } ], "title": "proc/vmcore: fix clearing user buffer by properly using clear_user()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47566", "datePublished": "2024-05-24T15:12:53.432Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:57.674Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47563
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: avoid bpf_prog refcount underflow
Ice driver has the routines for managing XDP resources that are shared
between ndo_bpf op and VSI rebuild flow. The latter takes place for
example when user changes queue count on an interface via ethtool's
set_channels().
There is an issue around the bpf_prog refcounting when VSI is being
rebuilt - since ice_prepare_xdp_rings() is called with vsi->xdp_prog as
an argument that is used later on by ice_vsi_assign_bpf_prog(), same
bpf_prog pointers are swapped with each other. Then it is also
interpreted as an 'old_prog' which in turn causes us to call
bpf_prog_put on it that will decrement its refcount.
Below splat can be interpreted in a way that due to zero refcount of a
bpf_prog it is wiped out from the system while kernel still tries to
refer to it:
[ 481.069429] BUG: unable to handle page fault for address: ffffc9000640f038
[ 481.077390] #PF: supervisor read access in kernel mode
[ 481.083335] #PF: error_code(0x0000) - not-present page
[ 481.089276] PGD 100000067 P4D 100000067 PUD 1001cb067 PMD 106d2b067 PTE 0
[ 481.097141] Oops: 0000 [#1] PREEMPT SMP PTI
[ 481.101980] CPU: 12 PID: 3339 Comm: sudo Tainted: G OE 5.15.0-rc5+ #1
[ 481.110840] Hardware name: Intel Corp. GRANTLEY/GRANTLEY, BIOS GRRFCRB1.86B.0276.D07.1605190235 05/19/2016
[ 481.122021] RIP: 0010:dev_xdp_prog_id+0x25/0x40
[ 481.127265] Code: 80 00 00 00 00 0f 1f 44 00 00 89 f6 48 c1 e6 04 48 01 fe 48 8b 86 98 08 00 00 48 85 c0 74 13 48 8b 50 18 31 c0 48 85 d2 74 07 <48> 8b 42 38 8b 40 20 c3 48 8b 96 90 08 00 00 eb e8 66 2e 0f 1f 84
[ 481.148991] RSP: 0018:ffffc90007b63868 EFLAGS: 00010286
[ 481.155034] RAX: 0000000000000000 RBX: ffff889080824000 RCX: 0000000000000000
[ 481.163278] RDX: ffffc9000640f000 RSI: ffff889080824010 RDI: ffff889080824000
[ 481.171527] RBP: ffff888107af7d00 R08: 0000000000000000 R09: ffff88810db5f6e0
[ 481.179776] R10: 0000000000000000 R11: ffff8890885b9988 R12: ffff88810db5f4bc
[ 481.188026] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 481.196276] FS: 00007f5466d5bec0(0000) GS:ffff88903fb00000(0000) knlGS:0000000000000000
[ 481.205633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 481.212279] CR2: ffffc9000640f038 CR3: 000000014429c006 CR4: 00000000003706e0
[ 481.220530] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 481.228771] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 481.237029] Call Trace:
[ 481.239856] rtnl_fill_ifinfo+0x768/0x12e0
[ 481.244602] rtnl_dump_ifinfo+0x525/0x650
[ 481.249246] ? __alloc_skb+0xa5/0x280
[ 481.253484] netlink_dump+0x168/0x3c0
[ 481.257725] netlink_recvmsg+0x21e/0x3e0
[ 481.262263] ____sys_recvmsg+0x87/0x170
[ 481.266707] ? __might_fault+0x20/0x30
[ 481.271046] ? _copy_from_user+0x66/0xa0
[ 481.275591] ? iovec_from_user+0xf6/0x1c0
[ 481.280226] ___sys_recvmsg+0x82/0x100
[ 481.284566] ? sock_sendmsg+0x5e/0x60
[ 481.288791] ? __sys_sendto+0xee/0x150
[ 481.293129] __sys_recvmsg+0x56/0xa0
[ 481.297267] do_syscall_64+0x3b/0xc0
[ 481.301395] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 481.307238] RIP: 0033:0x7f5466f39617
[ 481.311373] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb bd 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 481.342944] RSP: 002b:00007ffedc7f4308 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 481.361783] RAX: ffffffffffffffda RBX: 00007ffedc7f5460 RCX: 00007f5466f39617
[ 481.380278] RDX: 0000000000000000 RSI: 00007ffedc7f5360 RDI: 0000000000000003
[ 481.398500] RBP: 00007ffedc7f53f0 R08: 0000000000000000 R09: 000055d556f04d50
[ 481.416463] R10: 0000000000000077 R11: 0000000000000246 R12: 00007ffedc7f5360
[ 481.434131] R13: 00007ffedc7f5350 R14: 00007ffedc7f5344 R15: 0000000000000e98
[ 481.451520] Modules linked in: ice
---truncated---
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47563", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:50:07.805074Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T16:52:12.886Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e65a8707b4cd756d26d246bb2b9fab06eebafac1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1f10b09ccc832698ef4624a6ab9a213b6ccbda76" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f65ee535df775a13a1046c0a0b2d72db342f8a5b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e65a8707b4cd756d26d246bb2b9fab06eebafac1", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" }, { "lessThan": "1f10b09ccc832698ef4624a6ab9a213b6ccbda76", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" }, { "lessThan": "f65ee535df775a13a1046c0a0b2d72db342f8a5b", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: avoid bpf_prog refcount underflow\n\nIce driver has the routines for managing XDP resources that are shared\nbetween ndo_bpf op and VSI rebuild flow. The latter takes place for\nexample when user changes queue count on an interface via ethtool\u0027s\nset_channels().\n\nThere is an issue around the bpf_prog refcounting when VSI is being\nrebuilt - since ice_prepare_xdp_rings() is called with vsi-\u003exdp_prog as\nan argument that is used later on by ice_vsi_assign_bpf_prog(), same\nbpf_prog pointers are swapped with each other. Then it is also\ninterpreted as an \u0027old_prog\u0027 which in turn causes us to call\nbpf_prog_put on it that will decrement its refcount.\n\nBelow splat can be interpreted in a way that due to zero refcount of a\nbpf_prog it is wiped out from the system while kernel still tries to\nrefer to it:\n\n[ 481.069429] BUG: unable to handle page fault for address: ffffc9000640f038\n[ 481.077390] #PF: supervisor read access in kernel mode\n[ 481.083335] #PF: error_code(0x0000) - not-present page\n[ 481.089276] PGD 100000067 P4D 100000067 PUD 1001cb067 PMD 106d2b067 PTE 0\n[ 481.097141] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 481.101980] CPU: 12 PID: 3339 Comm: sudo Tainted: G OE 5.15.0-rc5+ #1\n[ 481.110840] Hardware name: Intel Corp. GRANTLEY/GRANTLEY, BIOS GRRFCRB1.86B.0276.D07.1605190235 05/19/2016\n[ 481.122021] RIP: 0010:dev_xdp_prog_id+0x25/0x40\n[ 481.127265] Code: 80 00 00 00 00 0f 1f 44 00 00 89 f6 48 c1 e6 04 48 01 fe 48 8b 86 98 08 00 00 48 85 c0 74 13 48 8b 50 18 31 c0 48 85 d2 74 07 \u003c48\u003e 8b 42 38 8b 40 20 c3 48 8b 96 90 08 00 00 eb e8 66 2e 0f 1f 84\n[ 481.148991] RSP: 0018:ffffc90007b63868 EFLAGS: 00010286\n[ 481.155034] RAX: 0000000000000000 RBX: ffff889080824000 RCX: 0000000000000000\n[ 481.163278] RDX: ffffc9000640f000 RSI: ffff889080824010 RDI: ffff889080824000\n[ 481.171527] RBP: ffff888107af7d00 R08: 0000000000000000 R09: ffff88810db5f6e0\n[ 481.179776] R10: 0000000000000000 R11: ffff8890885b9988 R12: ffff88810db5f4bc\n[ 481.188026] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 481.196276] FS: 00007f5466d5bec0(0000) GS:ffff88903fb00000(0000) knlGS:0000000000000000\n[ 481.205633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 481.212279] CR2: ffffc9000640f038 CR3: 000000014429c006 CR4: 00000000003706e0\n[ 481.220530] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 481.228771] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 481.237029] Call Trace:\n[ 481.239856] rtnl_fill_ifinfo+0x768/0x12e0\n[ 481.244602] rtnl_dump_ifinfo+0x525/0x650\n[ 481.249246] ? __alloc_skb+0xa5/0x280\n[ 481.253484] netlink_dump+0x168/0x3c0\n[ 481.257725] netlink_recvmsg+0x21e/0x3e0\n[ 481.262263] ____sys_recvmsg+0x87/0x170\n[ 481.266707] ? __might_fault+0x20/0x30\n[ 481.271046] ? _copy_from_user+0x66/0xa0\n[ 481.275591] ? iovec_from_user+0xf6/0x1c0\n[ 481.280226] ___sys_recvmsg+0x82/0x100\n[ 481.284566] ? sock_sendmsg+0x5e/0x60\n[ 481.288791] ? __sys_sendto+0xee/0x150\n[ 481.293129] __sys_recvmsg+0x56/0xa0\n[ 481.297267] do_syscall_64+0x3b/0xc0\n[ 481.301395] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 481.307238] RIP: 0033:0x7f5466f39617\n[ 481.311373] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb bd 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2f 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10\n[ 481.342944] RSP: 002b:00007ffedc7f4308 EFLAGS: 00000246 ORIG_RAX: 000000000000002f\n[ 481.361783] RAX: ffffffffffffffda RBX: 00007ffedc7f5460 RCX: 00007f5466f39617\n[ 481.380278] RDX: 0000000000000000 RSI: 00007ffedc7f5360 RDI: 0000000000000003\n[ 481.398500] RBP: 00007ffedc7f53f0 R08: 0000000000000000 R09: 000055d556f04d50\n[ 481.416463] R10: 0000000000000077 R11: 0000000000000246 R12: 00007ffedc7f5360\n[ 481.434131] R13: 00007ffedc7f5350 R14: 00007ffedc7f5344 R15: 0000000000000e98\n[ 481.451520] Modules linked in: ice\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:53.733Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e65a8707b4cd756d26d246bb2b9fab06eebafac1" }, { "url": "https://git.kernel.org/stable/c/1f10b09ccc832698ef4624a6ab9a213b6ccbda76" }, { "url": "https://git.kernel.org/stable/c/f65ee535df775a13a1046c0a0b2d72db342f8a5b" } ], "title": "ice: avoid bpf_prog refcount underflow", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47563", "datePublished": "2024-05-24T15:12:51.398Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:53.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47543
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-06-13T13:59:28.276Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47543", "datePublished": "2024-05-24T15:09:49.228Z", "dateRejected": "2024-06-13T13:59:28.276Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-06-13T13:59:28.276Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47528
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()
In cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to pep->ring
and there is a dereference of it in cdnsp_endpoint_init(), which could
lead to a NULL pointer dereference on failure of cdnsp_ring_alloc().
Fix this bug by adding a check of pep->ring.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_USB_CDNSP_GADGET=y show no new warnings,
and our static analyzer no longer warns about this code.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47528", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:34:41.402238Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:35:07.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.764Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7d94bc8e335cb33918e52efdbe192c36707bfa24" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/37307f7020ab38dde0892a578249bf63d00bca64" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdnsp-mem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7d94bc8e335cb33918e52efdbe192c36707bfa24", "status": "affected", "version": "3d82904559f4f5a2622db1b21de3edf2eded7664", "versionType": "git" }, { "lessThan": "37307f7020ab38dde0892a578249bf63d00bca64", "status": "affected", "version": "3d82904559f4f5a2622db1b21de3edf2eded7664", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdnsp-mem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()\n\nIn cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to pep-\u003ering\nand there is a dereference of it in cdnsp_endpoint_init(), which could\nlead to a NULL pointer dereference on failure of cdnsp_ring_alloc().\n\nFix this bug by adding a check of pep-\u003ering.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_USB_CDNSP_GADGET=y show no new warnings,\nand our static analyzer no longer warns about this code." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:13.715Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7d94bc8e335cb33918e52efdbe192c36707bfa24" }, { "url": "https://git.kernel.org/stable/c/37307f7020ab38dde0892a578249bf63d00bca64" } ], "title": "usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47528", "datePublished": "2024-05-24T15:09:39.357Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:13.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47561
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: virtio: disable timeout handling
If a timeout is hit, it can result is incorrect data on the I2C bus
and/or memory corruptions in the guest since the device can still be
operating on the buffers it was given while the guest has freed them.
Here is, for example, the start of a slub_debug splat which was
triggered on the next transfer after one transfer was forced to timeout
by setting a breakpoint in the backend (rust-vmm/vhost-device):
BUG kmalloc-1k (Not tainted): Poison overwritten
First byte 0x1 instead of 0x6b
Allocated in virtio_i2c_xfer+0x65/0x35c age=350 cpu=0 pid=29
__kmalloc+0xc2/0x1c9
virtio_i2c_xfer+0x65/0x35c
__i2c_transfer+0x429/0x57d
i2c_transfer+0x115/0x134
i2cdev_ioctl_rdwr+0x16a/0x1de
i2cdev_ioctl+0x247/0x2ed
vfs_ioctl+0x21/0x30
sys_ioctl+0xb18/0xb41
Freed in virtio_i2c_xfer+0x32e/0x35c age=244 cpu=0 pid=29
kfree+0x1bd/0x1cc
virtio_i2c_xfer+0x32e/0x35c
__i2c_transfer+0x429/0x57d
i2c_transfer+0x115/0x134
i2cdev_ioctl_rdwr+0x16a/0x1de
i2cdev_ioctl+0x247/0x2ed
vfs_ioctl+0x21/0x30
sys_ioctl+0xb18/0xb41
There is no simple fix for this (the driver would have to always create
bounce buffers and hold on to them until the device eventually returns
the buffers), so just disable the timeout support for now.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47561", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:51:06.665618Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:51:14.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cc432b0727ce404cc13e8f6b5ce29f412c3f9f1f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84e1d0bf1d7121759622dabf8fbef4c99ad597c5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/i2c/busses/i2c-virtio.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cc432b0727ce404cc13e8f6b5ce29f412c3f9f1f", "status": "affected", "version": "3cfc88380413d20f777dc6648a38f683962e52bf", "versionType": "git" }, { "lessThan": "84e1d0bf1d7121759622dabf8fbef4c99ad597c5", "status": "affected", "version": "3cfc88380413d20f777dc6648a38f683962e52bf", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/i2c/busses/i2c-virtio.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: virtio: disable timeout handling\n\nIf a timeout is hit, it can result is incorrect data on the I2C bus\nand/or memory corruptions in the guest since the device can still be\noperating on the buffers it was given while the guest has freed them.\n\nHere is, for example, the start of a slub_debug splat which was\ntriggered on the next transfer after one transfer was forced to timeout\nby setting a breakpoint in the backend (rust-vmm/vhost-device):\n\n BUG kmalloc-1k (Not tainted): Poison overwritten\n First byte 0x1 instead of 0x6b\n Allocated in virtio_i2c_xfer+0x65/0x35c age=350 cpu=0 pid=29\n \t__kmalloc+0xc2/0x1c9\n \tvirtio_i2c_xfer+0x65/0x35c\n \t__i2c_transfer+0x429/0x57d\n \ti2c_transfer+0x115/0x134\n \ti2cdev_ioctl_rdwr+0x16a/0x1de\n \ti2cdev_ioctl+0x247/0x2ed\n \tvfs_ioctl+0x21/0x30\n \tsys_ioctl+0xb18/0xb41\n Freed in virtio_i2c_xfer+0x32e/0x35c age=244 cpu=0 pid=29\n \tkfree+0x1bd/0x1cc\n \tvirtio_i2c_xfer+0x32e/0x35c\n \t__i2c_transfer+0x429/0x57d\n \ti2c_transfer+0x115/0x134\n \ti2cdev_ioctl_rdwr+0x16a/0x1de\n \ti2cdev_ioctl+0x247/0x2ed\n \tvfs_ioctl+0x21/0x30\n \tsys_ioctl+0xb18/0xb41\n\nThere is no simple fix for this (the driver would have to always create\nbounce buffers and hold on to them until the device eventually returns\nthe buffers), so just disable the timeout support for now." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:51.283Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cc432b0727ce404cc13e8f6b5ce29f412c3f9f1f" }, { "url": "https://git.kernel.org/stable/c/84e1d0bf1d7121759622dabf8fbef4c99ad597c5" } ], "title": "i2c: virtio: disable timeout handling", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47561", "datePublished": "2024-05-24T15:12:50.061Z", "dateReserved": "2024-05-24T15:11:00.727Z", "dateUpdated": "2024-12-19T07:44:51.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47564
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: fix double free issue on err path
fix error path handling in prestera_bridge_port_join() that
cases prestera driver to crash (see below).
Trace:
Internal error: Oops: 96000044 [#1] SMP
Modules linked in: prestera_pci prestera uio_pdrv_genirq
CPU: 1 PID: 881 Comm: ip Not tainted 5.15.0 #1
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : prestera_bridge_destroy+0x2c/0xb0 [prestera]
lr : prestera_bridge_port_join+0x2cc/0x350 [prestera]
sp : ffff800011a1b0f0
...
x2 : ffff000109ca6c80 x1 : dead000000000100 x0 : dead000000000122
Call trace:
prestera_bridge_destroy+0x2c/0xb0 [prestera]
prestera_bridge_port_join+0x2cc/0x350 [prestera]
prestera_netdev_port_event.constprop.0+0x3c4/0x450 [prestera]
prestera_netdev_event_handler+0xf4/0x110 [prestera]
raw_notifier_call_chain+0x54/0x80
call_netdevice_notifiers_info+0x54/0xa0
__netdev_upper_dev_link+0x19c/0x380
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47564", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T17:03:20.536355Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:02.315Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.796Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5dca8eff4627315df98feec09fff9dfe3356325e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/03e5203d2161a00afe4d97d206d2293e40b2f253" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e8d032507cb7912baf1d3e0af54516f823befefd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/prestera/prestera_switchdev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5dca8eff4627315df98feec09fff9dfe3356325e", "status": "affected", "version": "e1189d9a5fbec8153dbe03f3589bc2baa96694e2", "versionType": "git" }, { "lessThan": "03e5203d2161a00afe4d97d206d2293e40b2f253", "status": "affected", "version": "e1189d9a5fbec8153dbe03f3589bc2baa96694e2", "versionType": "git" }, { "lessThan": "e8d032507cb7912baf1d3e0af54516f823befefd", "status": "affected", "version": "e1189d9a5fbec8153dbe03f3589bc2baa96694e2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/prestera/prestera_switchdev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix double free issue on err path\n\nfix error path handling in prestera_bridge_port_join() that\ncases prestera driver to crash (see below).\n\n Trace:\n Internal error: Oops: 96000044 [#1] SMP\n Modules linked in: prestera_pci prestera uio_pdrv_genirq\n CPU: 1 PID: 881 Comm: ip Not tainted 5.15.0 #1\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : prestera_bridge_destroy+0x2c/0xb0 [prestera]\n lr : prestera_bridge_port_join+0x2cc/0x350 [prestera]\n sp : ffff800011a1b0f0\n ...\n x2 : ffff000109ca6c80 x1 : dead000000000100 x0 : dead000000000122\n Call trace:\n prestera_bridge_destroy+0x2c/0xb0 [prestera]\n prestera_bridge_port_join+0x2cc/0x350 [prestera]\n prestera_netdev_port_event.constprop.0+0x3c4/0x450 [prestera]\n prestera_netdev_event_handler+0xf4/0x110 [prestera]\n raw_notifier_call_chain+0x54/0x80\n call_netdevice_notifiers_info+0x54/0xa0\n __netdev_upper_dev_link+0x19c/0x380" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:54.985Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5dca8eff4627315df98feec09fff9dfe3356325e" }, { "url": "https://git.kernel.org/stable/c/03e5203d2161a00afe4d97d206d2293e40b2f253" }, { "url": "https://git.kernel.org/stable/c/e8d032507cb7912baf1d3e0af54516f823befefd" } ], "title": "net: marvell: prestera: fix double free issue on err path", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47564", "datePublished": "2024-05-24T15:12:52.129Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:54.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47535
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Allocate enough space for GMU registers
In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for
A650") we changed a6xx_get_gmu_registers() to read 3 sets of
registers. Unfortunately, we didn't change the memory allocation for
the array. That leads to a KASAN warning (this was on the chromeos-5.4
kernel, which has the problematic commit backported to it):
BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430
Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209
CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22
Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)
Call trace:
dump_backtrace+0x0/0x248
show_stack+0x20/0x2c
dump_stack+0x128/0x1ec
print_address_description+0x88/0x4a0
__kasan_report+0xfc/0x120
kasan_report+0x10/0x18
__asan_report_store8_noabort+0x1c/0x24
_a6xx_get_gmu_registers+0x144/0x430
a6xx_gpu_state_get+0x330/0x25d4
msm_gpu_crashstate_capture+0xa0/0x84c
recover_worker+0x328/0x838
kthread_worker_fn+0x32c/0x574
kthread+0x2dc/0x39c
ret_from_fork+0x10/0x18
Allocated by task 209:
__kasan_kmalloc+0xfc/0x1c4
kasan_kmalloc+0xc/0x14
kmem_cache_alloc_trace+0x1f0/0x2a0
a6xx_gpu_state_get+0x164/0x25d4
msm_gpu_crashstate_capture+0xa0/0x84c
recover_worker+0x328/0x838
kthread_worker_fn+0x32c/0x574
kthread+0x2dc/0x39c
ret_from_fork+0x10/0x18
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47535", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:34:34.685290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-04T18:09:25.843Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d646856a600e8635ba498f20b194219b158626e8", "status": "affected", "version": "142639a52a01e90c512a9a8d2156997e02a65b53", "versionType": "git" }, { "lessThan": "83e54fcf0b14ca2d869dd37abe1bb6542805f538", "status": "affected", "version": "142639a52a01e90c512a9a8d2156997e02a65b53", "versionType": "git" }, { "lessThan": "b4d25abf9720b69a03465b09d0d62d1998ed6708", "status": "affected", "version": "142639a52a01e90c512a9a8d2156997e02a65b53", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.9" }, { "lessThan": "5.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Allocate enough space for GMU registers\n\nIn commit 142639a52a01 (\"drm/msm/a6xx: fix crashstate capture for\nA650\") we changed a6xx_get_gmu_registers() to read 3 sets of\nregisters. Unfortunately, we didn\u0027t change the memory allocation for\nthe array. That leads to a KASAN warning (this was on the chromeos-5.4\nkernel, which has the problematic commit backported to it):\n\n BUG: KASAN: slab-out-of-bounds in _a6xx_get_gmu_registers+0x144/0x430\n Write of size 8 at addr ffffff80c89432b0 by task A618-worker/209\n CPU: 5 PID: 209 Comm: A618-worker Tainted: G W 5.4.156-lockdep #22\n Hardware name: Google Lazor Limozeen without Touchscreen (rev5 - rev8) (DT)\n Call trace:\n dump_backtrace+0x0/0x248\n show_stack+0x20/0x2c\n dump_stack+0x128/0x1ec\n print_address_description+0x88/0x4a0\n __kasan_report+0xfc/0x120\n kasan_report+0x10/0x18\n __asan_report_store8_noabort+0x1c/0x24\n _a6xx_get_gmu_registers+0x144/0x430\n a6xx_gpu_state_get+0x330/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18\n\n Allocated by task 209:\n __kasan_kmalloc+0xfc/0x1c4\n kasan_kmalloc+0xc/0x14\n kmem_cache_alloc_trace+0x1f0/0x2a0\n a6xx_gpu_state_get+0x164/0x25d4\n msm_gpu_crashstate_capture+0xa0/0x84c\n recover_worker+0x328/0x838\n kthread_worker_fn+0x32c/0x574\n kthread+0x2dc/0x39c\n ret_from_fork+0x10/0x18" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:21.984Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d646856a600e8635ba498f20b194219b158626e8" }, { "url": "https://git.kernel.org/stable/c/83e54fcf0b14ca2d869dd37abe1bb6542805f538" }, { "url": "https://git.kernel.org/stable/c/b4d25abf9720b69a03465b09d0d62d1998ed6708" } ], "title": "drm/msm/a6xx: Allocate enough space for GMU registers", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47535", "datePublished": "2024-05-24T15:09:43.994Z", "dateReserved": "2024-05-24T15:02:54.826Z", "dateUpdated": "2024-12-19T07:44:21.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47537
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Fix a memleak bug in rvu_mbox_init()
In rvu_mbox_init(), mbox_regions is not freed or passed out
under the switch-default region, which could lead to a memory leak.
Fix this bug by changing 'return err' to 'goto free_regions'.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_OCTEONTX2_AF=y show no new warnings,
and our static analyzer no longer warns about this code.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47537", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:16:42.747816Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:05.942Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c0ddef45b7e3dbe3ed073695d20faa572b7056a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e07a097b4986afb8f925d0bb32612e1d3e88ce15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/octeontx2/af/rvu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1c0ddef45b7e3dbe3ed073695d20faa572b7056a", "status": "affected", "version": "98c5611163603d3d8012b1bf64ab48fd932cf734", "versionType": "git" }, { "lessThan": "e07a097b4986afb8f925d0bb32612e1d3e88ce15", "status": "affected", "version": "98c5611163603d3d8012b1bf64ab48fd932cf734", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/octeontx2/af/rvu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix a memleak bug in rvu_mbox_init()\n\nIn rvu_mbox_init(), mbox_regions is not freed or passed out\nunder the switch-default region, which could lead to a memory leak.\n\nFix this bug by changing \u0027return err\u0027 to \u0027goto free_regions\u0027.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_OCTEONTX2_AF=y show no new warnings,\nand our static analyzer no longer warns about this code." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:24.366Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1c0ddef45b7e3dbe3ed073695d20faa572b7056a" }, { "url": "https://git.kernel.org/stable/c/e07a097b4986afb8f925d0bb32612e1d3e88ce15" } ], "title": "octeontx2-af: Fix a memleak bug in rvu_mbox_init()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47537", "datePublished": "2024-05-24T15:09:45.298Z", "dateReserved": "2024-05-24T15:02:54.827Z", "dateUpdated": "2024-12-19T07:44:24.366Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47554
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim: avoid putting an uninitialized iova_domain
The system will crash if we put an uninitialized iova_domain, this
could happen when an error occurs before initializing the iova_domain
in vdpasim_create().
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
RIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0
...
Call Trace:
<TASK>
put_iova_domain+0x29/0x220
vdpasim_free+0xd1/0x120 [vdpa_sim]
vdpa_release_dev+0x21/0x40 [vdpa]
device_release+0x33/0x90
kobject_release+0x63/0x160
vdpasim_create+0x127/0x2a0 [vdpa_sim]
vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net]
vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa]
genl_family_rcv_msg_doit+0x112/0x140
genl_rcv_msg+0xdf/0x1d0
...
So we must make sure the iova_domain is already initialized before
put it.
In addition, we may get the following warning in this case:
WARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70
So we must make sure the iova_cache_put() is invoked only if the
iova_cache_get() is already invoked. Let's fix it together.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47554", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:16:03.600031Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:31.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.788Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/vdpa/vdpa_sim/vdpa_sim.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e4d58ac67e63727aa45a4a26185876f598e8b3dd", "status": "affected", "version": "4080fc1067501707b9693b8003feae7d50d14e35", "versionType": "git" }, { "lessThan": "bb93ce4b150dde79f58e34103cbd1fe829796649", "status": "affected", "version": "4080fc1067501707b9693b8003feae7d50d14e35", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/vdpa/vdpa_sim/vdpa_sim.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.13" }, { "lessThan": "5.13", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa_sim: avoid putting an uninitialized iova_domain\n\nThe system will crash if we put an uninitialized iova_domain, this\ncould happen when an error occurs before initializing the iova_domain\nin vdpasim_create().\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:__cpuhp_state_remove_instance+0x96/0x1c0\n...\nCall Trace:\n \u003cTASK\u003e\n put_iova_domain+0x29/0x220\n vdpasim_free+0xd1/0x120 [vdpa_sim]\n vdpa_release_dev+0x21/0x40 [vdpa]\n device_release+0x33/0x90\n kobject_release+0x63/0x160\n vdpasim_create+0x127/0x2a0 [vdpa_sim]\n vdpasim_net_dev_add+0x7d/0xfe [vdpa_sim_net]\n vdpa_nl_cmd_dev_add_set_doit+0xe1/0x1a0 [vdpa]\n genl_family_rcv_msg_doit+0x112/0x140\n genl_rcv_msg+0xdf/0x1d0\n ...\n\nSo we must make sure the iova_domain is already initialized before\nput it.\n\nIn addition, we may get the following warning in this case:\nWARNING: ... drivers/iommu/iova.c:344 iova_cache_put+0x58/0x70\n\nSo we must make sure the iova_cache_put() is invoked only if the\niova_cache_get() is already invoked. Let\u0027s fix it together." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:42.492Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e4d58ac67e63727aa45a4a26185876f598e8b3dd" }, { "url": "https://git.kernel.org/stable/c/bb93ce4b150dde79f58e34103cbd1fe829796649" } ], "title": "vdpa_sim: avoid putting an uninitialized iova_domain", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47554", "datePublished": "2024-05-24T15:09:56.614Z", "dateReserved": "2024-05-24T15:02:54.833Z", "dateUpdated": "2024-12-19T07:44:42.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47514
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
devlink: fix netns refcount leak in devlink_nl_cmd_reload()
While preparing my patch series adding netns refcount tracking,
I spotted bugs in devlink_nl_cmd_reload()
Some error paths forgot to release a refcount on a netns.
To fix this, we can reduce the scope of get_net()/put_net()
section around the call to devlink_reload().
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47514", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:18:46.534167Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:53.095Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4b7e90672af8e0c78205db006f1b0a20ebd07f5f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe30b70ca84da9c4aca85c03ad86e7a9b89c5ded" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4dbb0dad8e63fcd0b5a117c2861d2abe7ff5f186" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/devlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4b7e90672af8e0c78205db006f1b0a20ebd07f5f", "status": "affected", "version": "ccdf07219da6bd1f43c6ddcde4c0e36993c7365a", "versionType": "git" }, { "lessThan": "fe30b70ca84da9c4aca85c03ad86e7a9b89c5ded", "status": "affected", "version": "ccdf07219da6bd1f43c6ddcde4c0e36993c7365a", "versionType": "git" }, { "lessThan": "4dbb0dad8e63fcd0b5a117c2861d2abe7ff5f186", "status": "affected", "version": "ccdf07219da6bd1f43c6ddcde4c0e36993c7365a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/devlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix netns refcount leak in devlink_nl_cmd_reload()\n\nWhile preparing my patch series adding netns refcount tracking,\nI spotted bugs in devlink_nl_cmd_reload()\n\nSome error paths forgot to release a refcount on a netns.\n\nTo fix this, we can reduce the scope of get_net()/put_net()\nsection around the call to devlink_reload()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:56.600Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4b7e90672af8e0c78205db006f1b0a20ebd07f5f" }, { "url": "https://git.kernel.org/stable/c/fe30b70ca84da9c4aca85c03ad86e7a9b89c5ded" }, { "url": "https://git.kernel.org/stable/c/4dbb0dad8e63fcd0b5a117c2861d2abe7ff5f186" } ], "title": "devlink: fix netns refcount leak in devlink_nl_cmd_reload()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47514", "datePublished": "2024-05-24T15:09:28.686Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:43:56.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47530
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix wait_fence submitqueue leak
We weren't dropping the submitqueue reference in all paths. In
particular, when the fence has already been signalled. Split out
a helper to simplify handling this in the various different return
paths.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47530", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:34:37.808286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:35:01.471Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4c3cdbf2540319ea674f1f3c54f31f14c6f39647" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea0006d390a28012f8187717aea61498b2b341e5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_drv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4c3cdbf2540319ea674f1f3c54f31f14c6f39647", "status": "affected", "version": "a61acbbe9cf873f869fc634ae6f72f214f5994cc", "versionType": "git" }, { "lessThan": "ea0006d390a28012f8187717aea61498b2b341e5", "status": "affected", "version": "a61acbbe9cf873f869fc634ae6f72f214f5994cc", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_drv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix wait_fence submitqueue leak\n\nWe weren\u0027t dropping the submitqueue reference in all paths. In\nparticular, when the fence has already been signalled. Split out\na helper to simplify handling this in the various different return\npaths." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:16.094Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4c3cdbf2540319ea674f1f3c54f31f14c6f39647" }, { "url": "https://git.kernel.org/stable/c/ea0006d390a28012f8187717aea61498b2b341e5" } ], "title": "drm/msm: Fix wait_fence submitqueue leak", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47530", "datePublished": "2024-05-24T15:09:40.707Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:16.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47531
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object
function") we switched to a new/cleaner method of doing things. That's
good, but we missed a little bit.
Before that commit, we used to _first_ run through the
drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant
that we ran:
vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
...and _then_ we modified those mappings with our own. Now that
`obj->funcs->mmap()` is no longer NULL we don't run the default
code. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP
was important because we're now getting crashes on Chromebooks that
use ARC++ while logging out. Specifically a crash that looks like this
(this is on a 5.10 kernel w/ relevant backports but also seen on a
5.15 kernel):
Unable to handle kernel paging request at virtual address ffffffc008000000
Mem abort info:
ESR = 0x96000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000008293d000
[ffffffc008000000] pgd=00000001002b3003, p4d=00000001002b3003,
pud=00000001002b3003, pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
[...]
CPU: 7 PID: 15734 Comm: crash_dump64 Tainted: G W 5.10.67 #1 [...]
Hardware name: Qualcomm Technologies, Inc. sc7280 IDP SKU2 platform (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
pc : __arch_copy_to_user+0xc0/0x30c
lr : copyout+0xac/0x14c
[...]
Call trace:
__arch_copy_to_user+0xc0/0x30c
copy_page_to_iter+0x1a0/0x294
process_vm_rw_core+0x240/0x408
process_vm_rw+0x110/0x16c
__arm64_sys_process_vm_readv+0x30/0x3c
el0_svc_common+0xf8/0x250
do_el0_svc+0x30/0x80
el0_svc+0x10/0x1c
el0_sync_handler+0x78/0x108
el0_sync+0x184/0x1c0
Code: f8408423 f80008c3 910020c6 36100082 (b8404423)
Let's add the two flags back in.
While we're at it, the fact that we aren't running the default means
that we _don't_ need to clear out VM_PFNMAP, so remove that and save
an instruction.
NOTE: it was confirmed that VM_IO was the important flag to fix the
problem I was seeing, but adding back VM_DONTDUMP seems like a sane
thing to do so I'm doing that too.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.773Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e2b7fe5e8a4be5e571561d9afcfbd92097288ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3466d9e217b337bf473ee629c608e53f9f3ab786" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47531", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:23.631797Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:21.334Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_gem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8e2b7fe5e8a4be5e571561d9afcfbd92097288ba", "status": "affected", "version": "510410bfc034c57cc3caf1572aa47c1017bab2f9", "versionType": "git" }, { "lessThan": "3466d9e217b337bf473ee629c608e53f9f3ab786", "status": "affected", "version": "510410bfc034c57cc3caf1572aa47c1017bab2f9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/msm_gem.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix mmap to include VM_IO and VM_DONTDUMP\n\nIn commit 510410bfc034 (\"drm/msm: Implement mmap as GEM object\nfunction\") we switched to a new/cleaner method of doing things. That\u0027s\ngood, but we missed a little bit.\n\nBefore that commit, we used to _first_ run through the\ndrm_gem_mmap_obj() case where `obj-\u003efuncs-\u003emmap()` was NULL. That meant\nthat we ran:\n\n vma-\u003evm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;\n vma-\u003evm_page_prot = pgprot_writecombine(vm_get_page_prot(vma-\u003evm_flags));\n vma-\u003evm_page_prot = pgprot_decrypted(vma-\u003evm_page_prot);\n\n...and _then_ we modified those mappings with our own. Now that\n`obj-\u003efuncs-\u003emmap()` is no longer NULL we don\u0027t run the default\ncode. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP\nwas important because we\u0027re now getting crashes on Chromebooks that\nuse ARC++ while logging out. Specifically a crash that looks like this\n(this is on a 5.10 kernel w/ relevant backports but also seen on a\n5.15 kernel):\n\n Unable to handle kernel paging request at virtual address ffffffc008000000\n Mem abort info:\n ESR = 0x96000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n Data abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\n swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000008293d000\n [ffffffc008000000] pgd=00000001002b3003, p4d=00000001002b3003,\n pud=00000001002b3003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] PREEMPT SMP\n [...]\n CPU: 7 PID: 15734 Comm: crash_dump64 Tainted: G W 5.10.67 #1 [...]\n Hardware name: Qualcomm Technologies, Inc. sc7280 IDP SKU2 platform (DT)\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--)\n pc : __arch_copy_to_user+0xc0/0x30c\n lr : copyout+0xac/0x14c\n [...]\n Call trace:\n __arch_copy_to_user+0xc0/0x30c\n copy_page_to_iter+0x1a0/0x294\n process_vm_rw_core+0x240/0x408\n process_vm_rw+0x110/0x16c\n __arm64_sys_process_vm_readv+0x30/0x3c\n el0_svc_common+0xf8/0x250\n do_el0_svc+0x30/0x80\n el0_svc+0x10/0x1c\n el0_sync_handler+0x78/0x108\n el0_sync+0x184/0x1c0\n Code: f8408423 f80008c3 910020c6 36100082 (b8404423)\n\nLet\u0027s add the two flags back in.\n\nWhile we\u0027re at it, the fact that we aren\u0027t running the default means\nthat we _don\u0027t_ need to clear out VM_PFNMAP, so remove that and save\nan instruction.\n\nNOTE: it was confirmed that VM_IO was the important flag to fix the\nproblem I was seeing, but adding back VM_DONTDUMP seems like a sane\nthing to do so I\u0027m doing that too." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:17.239Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8e2b7fe5e8a4be5e571561d9afcfbd92097288ba" }, { "url": "https://git.kernel.org/stable/c/3466d9e217b337bf473ee629c608e53f9f3ab786" } ], "title": "drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47531", "datePublished": "2024-05-24T15:09:41.360Z", "dateReserved": "2024-05-24T15:02:54.826Z", "dateUpdated": "2024-12-19T07:44:17.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47552
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
For avoiding to slow down queue destroy, we don't call
blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to
cancel dispatch work in blk_release_queue().
However, this way has caused kernel oops[1], reported by Changhui. The log
shows that scsi_device can be freed before running blk_release_queue(),
which is expected too since scsi_device is released after the scsi disk
is closed and the scsi_device is removed.
Fixes the issue by canceling blk-mq dispatch work in both blk_cleanup_queue()
and disk_release():
1) when disk_release() is run, the disk has been closed, and any sync
dispatch activities have been done, so canceling dispatch work is enough to
quiesce filesystem I/O dispatch activity.
2) in blk_cleanup_queue(), we only focus on passthrough request, and
passthrough request is always explicitly allocated & freed by
its caller, so once queue is frozen, all sync dispatch activity
for passthrough request has been done, then it is enough to just cancel
dispatch work for avoiding any dispatch activity.
[1] kernel panic log
[12622.769416] BUG: kernel NULL pointer dereference, address: 0000000000000300
[12622.777186] #PF: supervisor read access in kernel mode
[12622.782918] #PF: error_code(0x0000) - not-present page
[12622.788649] PGD 0 P4D 0
[12622.791474] Oops: 0000 [#1] PREEMPT SMP PTI
[12622.796138] CPU: 10 PID: 744 Comm: kworker/10:1H Kdump: loaded Not tainted 5.15.0+ #1
[12622.804877] Hardware name: Dell Inc. PowerEdge R730/0H21J3, BIOS 1.5.4 10/002/2015
[12622.813321] Workqueue: kblockd blk_mq_run_work_fn
[12622.818572] RIP: 0010:sbitmap_get+0x75/0x190
[12622.823336] Code: 85 80 00 00 00 41 8b 57 08 85 d2 0f 84 b1 00 00 00 45 31 e4 48 63 cd 48 8d 1c 49 48 c1 e3 06 49 03 5f 10 4c 8d 6b 40 83 f0 01 <48> 8b 33 44 89 f2 4c 89 ef 0f b6 c8 e8 fa f3 ff ff 83 f8 ff 75 58
[12622.844290] RSP: 0018:ffffb00a446dbd40 EFLAGS: 00010202
[12622.850120] RAX: 0000000000000001 RBX: 0000000000000300 RCX: 0000000000000004
[12622.858082] RDX: 0000000000000006 RSI: 0000000000000082 RDI: ffffa0b7a2dfe030
[12622.866042] RBP: 0000000000000004 R08: 0000000000000001 R09: ffffa0b742721334
[12622.874003] R10: 0000000000000008 R11: 0000000000000008 R12: 0000000000000000
[12622.881964] R13: 0000000000000340 R14: 0000000000000000 R15: ffffa0b7a2dfe030
[12622.889926] FS: 0000000000000000(0000) GS:ffffa0baafb40000(0000) knlGS:0000000000000000
[12622.898956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[12622.905367] CR2: 0000000000000300 CR3: 0000000641210001 CR4: 00000000001706e0
[12622.913328] Call Trace:
[12622.916055] <TASK>
[12622.918394] scsi_mq_get_budget+0x1a/0x110
[12622.922969] __blk_mq_do_dispatch_sched+0x1d4/0x320
[12622.928404] ? pick_next_task_fair+0x39/0x390
[12622.933268] __blk_mq_sched_dispatch_requests+0xf4/0x140
[12622.939194] blk_mq_sched_dispatch_requests+0x30/0x60
[12622.944829] __blk_mq_run_hw_queue+0x30/0xa0
[12622.949593] process_one_work+0x1e8/0x3c0
[12622.954059] worker_thread+0x50/0x3b0
[12622.958144] ? rescuer_thread+0x370/0x370
[12622.962616] kthread+0x158/0x180
[12622.966218] ? set_kthread_struct+0x40/0x40
[12622.970884] ret_from_fork+0x22/0x30
[12622.974875] </TASK>
[12622.977309] Modules linked in: scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs sunrpc dm_multipath intel_rapl_msr intel_rapl_common dell_wmi_descriptor sb_edac rfkill video x86_pkg_temp_thermal intel_powerclamp dcdbas coretemp kvm_intel kvm mgag200 irqbypass i2c_algo_bit rapl drm_kms_helper ipmi_ssif intel_cstate intel_uncore syscopyarea sysfillrect sysimgblt fb_sys_fops pcspkr cec mei_me lpc_ich mei ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter drm fuse xfs libcrc32c sr_mod cdrom sd_mod t10_pi sg ixgbe ahci libahci crct10dif_pclmul crc32_pclmul crc32c_intel libata megaraid_sas ghash_clmulni_intel tg3 wdat_w
---truncated---
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47552", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:51:40.130772Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:51:50.154Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a19b28f7929866e1cec92a3619f4de9f2d20005" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "block/blk-core.c", "block/blk-mq.c", "block/blk-mq.h", "block/blk-sysfs.c", "block/genhd.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e03513f58919d9e2bc6df765ca2c9da863d03d90", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2a19b28f7929866e1cec92a3619f4de9f2d20005", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "block/blk-core.c", "block/blk-mq.c", "block/blk-mq.h", "block/blk-sysfs.c", "block/genhd.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()\n\nFor avoiding to slow down queue destroy, we don\u0027t call\nblk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to\ncancel dispatch work in blk_release_queue().\n\nHowever, this way has caused kernel oops[1], reported by Changhui. The log\nshows that scsi_device can be freed before running blk_release_queue(),\nwhich is expected too since scsi_device is released after the scsi disk\nis closed and the scsi_device is removed.\n\nFixes the issue by canceling blk-mq dispatch work in both blk_cleanup_queue()\nand disk_release():\n\n1) when disk_release() is run, the disk has been closed, and any sync\ndispatch activities have been done, so canceling dispatch work is enough to\nquiesce filesystem I/O dispatch activity.\n\n2) in blk_cleanup_queue(), we only focus on passthrough request, and\npassthrough request is always explicitly allocated \u0026 freed by\nits caller, so once queue is frozen, all sync dispatch activity\nfor passthrough request has been done, then it is enough to just cancel\ndispatch work for avoiding any dispatch activity.\n\n[1] kernel panic log\n[12622.769416] BUG: kernel NULL pointer dereference, address: 0000000000000300\n[12622.777186] #PF: supervisor read access in kernel mode\n[12622.782918] #PF: error_code(0x0000) - not-present page\n[12622.788649] PGD 0 P4D 0\n[12622.791474] Oops: 0000 [#1] PREEMPT SMP PTI\n[12622.796138] CPU: 10 PID: 744 Comm: kworker/10:1H Kdump: loaded Not tainted 5.15.0+ #1\n[12622.804877] Hardware name: Dell Inc. PowerEdge R730/0H21J3, BIOS 1.5.4 10/002/2015\n[12622.813321] Workqueue: kblockd blk_mq_run_work_fn\n[12622.818572] RIP: 0010:sbitmap_get+0x75/0x190\n[12622.823336] Code: 85 80 00 00 00 41 8b 57 08 85 d2 0f 84 b1 00 00 00 45 31 e4 48 63 cd 48 8d 1c 49 48 c1 e3 06 49 03 5f 10 4c 8d 6b 40 83 f0 01 \u003c48\u003e 8b 33 44 89 f2 4c 89 ef 0f b6 c8 e8 fa f3 ff ff 83 f8 ff 75 58\n[12622.844290] RSP: 0018:ffffb00a446dbd40 EFLAGS: 00010202\n[12622.850120] RAX: 0000000000000001 RBX: 0000000000000300 RCX: 0000000000000004\n[12622.858082] RDX: 0000000000000006 RSI: 0000000000000082 RDI: ffffa0b7a2dfe030\n[12622.866042] RBP: 0000000000000004 R08: 0000000000000001 R09: ffffa0b742721334\n[12622.874003] R10: 0000000000000008 R11: 0000000000000008 R12: 0000000000000000\n[12622.881964] R13: 0000000000000340 R14: 0000000000000000 R15: ffffa0b7a2dfe030\n[12622.889926] FS: 0000000000000000(0000) GS:ffffa0baafb40000(0000) knlGS:0000000000000000\n[12622.898956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[12622.905367] CR2: 0000000000000300 CR3: 0000000641210001 CR4: 00000000001706e0\n[12622.913328] Call Trace:\n[12622.916055] \u003cTASK\u003e\n[12622.918394] scsi_mq_get_budget+0x1a/0x110\n[12622.922969] __blk_mq_do_dispatch_sched+0x1d4/0x320\n[12622.928404] ? pick_next_task_fair+0x39/0x390\n[12622.933268] __blk_mq_sched_dispatch_requests+0xf4/0x140\n[12622.939194] blk_mq_sched_dispatch_requests+0x30/0x60\n[12622.944829] __blk_mq_run_hw_queue+0x30/0xa0\n[12622.949593] process_one_work+0x1e8/0x3c0\n[12622.954059] worker_thread+0x50/0x3b0\n[12622.958144] ? rescuer_thread+0x370/0x370\n[12622.962616] kthread+0x158/0x180\n[12622.966218] ? set_kthread_struct+0x40/0x40\n[12622.970884] ret_from_fork+0x22/0x30\n[12622.974875] \u003c/TASK\u003e\n[12622.977309] Modules linked in: scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs sunrpc dm_multipath intel_rapl_msr intel_rapl_common dell_wmi_descriptor sb_edac rfkill video x86_pkg_temp_thermal intel_powerclamp dcdbas coretemp kvm_intel kvm mgag200 irqbypass i2c_algo_bit rapl drm_kms_helper ipmi_ssif intel_cstate intel_uncore syscopyarea sysfillrect sysimgblt fb_sys_fops pcspkr cec mei_me lpc_ich mei ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter drm fuse xfs libcrc32c sr_mod cdrom sd_mod t10_pi sg ixgbe ahci libahci crct10dif_pclmul crc32_pclmul crc32c_intel libata megaraid_sas ghash_clmulni_intel tg3 wdat_w\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:40.071Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90" }, { "url": "https://git.kernel.org/stable/c/2a19b28f7929866e1cec92a3619f4de9f2d20005" } ], "title": "blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47552", "datePublished": "2024-05-24T15:09:55.295Z", "dateReserved": "2024-05-24T15:02:54.832Z", "dateUpdated": "2024-12-19T07:44:40.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47523
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr
This buffer is currently allocated in hfi1_init():
if (reinit)
ret = init_after_reset(dd);
else
ret = loadtime_init(dd);
if (ret)
goto done;
/* allocate dummy tail memory for all receive contexts */
dd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev,
sizeof(u64),
&dd->rcvhdrtail_dummy_dma,
GFP_KERNEL);
if (!dd->rcvhdrtail_dummy_kvaddr) {
dd_dev_err(dd, "cannot allocate dummy tail memory\n");
ret = -ENOMEM;
goto done;
}
The reinit triggered path will overwrite the old allocation and leak it.
Fix by moving the allocation to hfi1_alloc_devdata() and the deallocation
to hfi1_free_devdata().
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47523", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:17:45.550563Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:34.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.792Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/hfi1/init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2c08271f4ed0e24633b3f81ceff61052b9d45efc", "status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "versionType": "git" }, { "lessThan": "834d0fb978643eaf09da425de197cc16a7c2761b", "status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "versionType": "git" }, { "lessThan": "60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1", "status": "affected", "version": "46b010d3eeb8eb29c740c4ef09c666485f5c07e6", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/hfi1/init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.5" }, { "lessThan": "4.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr\n\nThis buffer is currently allocated in hfi1_init():\n\n\tif (reinit)\n\t\tret = init_after_reset(dd);\n\telse\n\t\tret = loadtime_init(dd);\n\tif (ret)\n\t\tgoto done;\n\n\t/* allocate dummy tail memory for all receive contexts */\n\tdd-\u003ercvhdrtail_dummy_kvaddr = dma_alloc_coherent(\u0026dd-\u003epcidev-\u003edev,\n\t\t\t\t\t\t\t sizeof(u64),\n\t\t\t\t\t\t\t \u0026dd-\u003ercvhdrtail_dummy_dma,\n\t\t\t\t\t\t\t GFP_KERNEL);\n\n\tif (!dd-\u003ercvhdrtail_dummy_kvaddr) {\n\t\tdd_dev_err(dd, \"cannot allocate dummy tail memory\\n\");\n\t\tret = -ENOMEM;\n\t\tgoto done;\n\t}\n\nThe reinit triggered path will overwrite the old allocation and leak it.\n\nFix by moving the allocation to hfi1_alloc_devdata() and the deallocation\nto hfi1_free_devdata()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:07.748Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2c08271f4ed0e24633b3f81ceff61052b9d45efc" }, { "url": "https://git.kernel.org/stable/c/834d0fb978643eaf09da425de197cc16a7c2761b" }, { "url": "https://git.kernel.org/stable/c/60a8b5a1611b4a26de4839ab9c1fc2a9cf3e17c1" } ], "title": "IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47523", "datePublished": "2024-05-24T15:09:36.045Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:07.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47546
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix memory leak in fib6_rule_suppress
The kernel leaks memory when a `fib` rule is present in IPv6 nftables
firewall rules and a suppress_prefix rule is present in the IPv6 routing
rules (used by certain tools such as wg-quick). In such scenarios, every
incoming packet will leak an allocation in `ip6_dst_cache` slab cache.
After some hours of `bpftrace`-ing and source code reading, I tracked
down the issue to ca7a03c41753 ("ipv6: do not free rt if
FIB_LOOKUP_NOREF is set on suppress rule").
The problem with that change is that the generic `args->flags` always have
`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag
`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not
decreasing the refcount when needed.
How to reproduce:
- Add the following nftables rule to a prerouting chain:
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
This can be done with:
sudo nft create table inet test
sudo nft create chain inet test test_chain '{ type filter hook prerouting priority filter + 10; policy accept; }'
sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop
- Run:
sudo ip -6 rule add table main suppress_prefixlength 0
- Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase
with every incoming ipv6 packet.
This patch exposes the protocol-specific flags to the protocol
specific `suppress` function, and check the protocol-specific `flags`
argument for RT6_LOOKUP_F_DST_NOREF instead of the generic
FIB_LOOKUP_NOREF when decreasing the refcount, like this.
[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71
[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47546", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:34:31.593424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:34:48.850Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/209d35ee34e25f9668c404350a1c86d914c54ffa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cdef485217d30382f3bf6448c54b4401648fe3f1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/net/fib_rules.h", "net/core/fib_rules.c", "net/ipv4/fib_rules.c", "net/ipv6/fib6_rules.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29", "status": "affected", "version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26", "versionType": "git" }, { "lessThan": "209d35ee34e25f9668c404350a1c86d914c54ffa", "status": "affected", "version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26", "versionType": "git" }, { "lessThan": "8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383", "status": "affected", "version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26", "versionType": "git" }, { "lessThan": "cdef485217d30382f3bf6448c54b4401648fe3f1", "status": "affected", "version": "ca7a03c4175366a92cee0ccc4fec0038c3266e26", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/net/fib_rules.h", "net/core/fib_rules.c", "net/ipv4/fib_rules.c", "net/ipv6/fib6_rules.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix memory leak in fib6_rule_suppress\n\nThe kernel leaks memory when a `fib` rule is present in IPv6 nftables\nfirewall rules and a suppress_prefix rule is present in the IPv6 routing\nrules (used by certain tools such as wg-quick). In such scenarios, every\nincoming packet will leak an allocation in `ip6_dst_cache` slab cache.\n\nAfter some hours of `bpftrace`-ing and source code reading, I tracked\ndown the issue to ca7a03c41753 (\"ipv6: do not free rt if\nFIB_LOOKUP_NOREF is set on suppress rule\").\n\nThe problem with that change is that the generic `args-\u003eflags` always have\n`FIB_LOOKUP_NOREF` set[1][2] but the IPv6-specific flag\n`RT6_LOOKUP_F_DST_NOREF` might not be, leading to `fib6_rule_suppress` not\ndecreasing the refcount when needed.\n\nHow to reproduce:\n - Add the following nftables rule to a prerouting chain:\n meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n This can be done with:\n sudo nft create table inet test\n sudo nft create chain inet test test_chain \u0027{ type filter hook prerouting priority filter + 10; policy accept; }\u0027\n sudo nft add rule inet test test_chain meta nfproto ipv6 fib saddr . mark . iif oif missing drop\n - Run:\n sudo ip -6 rule add table main suppress_prefixlength 0\n - Watch `sudo slabtop -o | grep ip6_dst_cache` to see memory usage increase\n with every incoming ipv6 packet.\n\nThis patch exposes the protocol-specific flags to the protocol\nspecific `suppress` function, and check the protocol-specific `flags`\nargument for RT6_LOOKUP_F_DST_NOREF instead of the generic\nFIB_LOOKUP_NOREF when decreasing the refcount, like this.\n\n[1]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L71\n[2]: https://github.com/torvalds/linux/blob/ca7a03c4175366a92cee0ccc4fec0038c3266e26/net/ipv6/fib6_rules.c#L99" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:32.919Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ee38eb8cf9a7323884c2b8e0adbbeb2192d31e29" }, { "url": "https://git.kernel.org/stable/c/209d35ee34e25f9668c404350a1c86d914c54ffa" }, { "url": "https://git.kernel.org/stable/c/8ef8a76a340ebdb2c2eea3f6fb0ebbed09a16383" }, { "url": "https://git.kernel.org/stable/c/cdef485217d30382f3bf6448c54b4401648fe3f1" } ], "title": "ipv6: fix memory leak in fib6_rule_suppress", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47546", "datePublished": "2024-05-24T15:09:51.286Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:32.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47518
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
The done() netlink callback nfc_genl_dump_ses_done() should check if
received argument is non-NULL, because its allocation could fail earlier
in dumpit() (nfc_genl_dump_ses()).
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 Version: ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47518", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:36:30.333493Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:36:34.295Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/nfc/netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "87cdb8789c38e44ae5454aafe277997c950d00ed", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "69bb79a8f5bb9f436b6f1434ca9742591b7bbe18", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "811a7576747760bcaf60502f096d1e6e91d566fa", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "3b861a40325eac9c4c13b6c53874ad90617e944d", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "48fcd08fdbe05e35b650a252ec2a2d96057a1c7a", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "83ea620a1be840bf05089a5061fb8323ca42f38c", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "fae9705d281091254d4a81fa2da9d22346097dca", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" }, { "lessThan": "4cd8371a234d051f9c9557fcbb1f8c523b1c0d10", "status": "affected", "version": "ac22ac466a659f1b2e02a2e2ee23fc5c42da2c95", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/nfc/netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.12" }, { "lessThan": "3.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done\n\nThe done() netlink callback nfc_genl_dump_ses_done() should check if\nreceived argument is non-NULL, because its allocation could fail earlier\nin dumpit() (nfc_genl_dump_ses())." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:01.544Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed" }, { "url": "https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18" }, { "url": "https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa" }, { "url": "https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d" }, { "url": "https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a" }, { "url": "https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c" }, { "url": "https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca" }, { "url": "https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10" } ], "title": "nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47518", "datePublished": "2024-05-24T15:09:31.334Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:44:01.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47539
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
Need to call rxrpc_put_peer() for bundle candidate before kfree() as it
holds a ref to rxrpc_peer.
[DH: v2: Changed to abstract out the bundle freeing code into a function]
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47539", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:53:02.140647Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:53:09.609Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/35b40f724c4ef0f683d94dab3af9ab38261d782b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bc97458620e38961af9505cc060ad4cf5c9e4af7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ca77fba821351190777b236ce749d7c4d353102e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/rxrpc/conn_client.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "35b40f724c4ef0f683d94dab3af9ab38261d782b", "status": "affected", "version": "245500d853e9f20036cec7df4f6984ece4c6bf26", "versionType": "git" }, { "lessThan": "bc97458620e38961af9505cc060ad4cf5c9e4af7", "status": "affected", "version": "245500d853e9f20036cec7df4f6984ece4c6bf26", "versionType": "git" }, { "lessThan": "ca77fba821351190777b236ce749d7c4d353102e", "status": "affected", "version": "245500d853e9f20036cec7df4f6984ece4c6bf26", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/rxrpc/conn_client.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()\n\nNeed to call rxrpc_put_peer() for bundle candidate before kfree() as it\nholds a ref to rxrpc_peer.\n\n[DH: v2: Changed to abstract out the bundle freeing code into a function]" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:26.938Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/35b40f724c4ef0f683d94dab3af9ab38261d782b" }, { "url": "https://git.kernel.org/stable/c/bc97458620e38961af9505cc060ad4cf5c9e4af7" }, { "url": "https://git.kernel.org/stable/c/ca77fba821351190777b236ce749d7c4d353102e" } ], "title": "rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47539", "datePublished": "2024-05-24T15:09:46.609Z", "dateReserved": "2024-05-24T15:02:54.828Z", "dateUpdated": "2024-12-19T07:44:26.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47553
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/scs: Reset task stack state in bringup_cpu()
To hot unplug a CPU, the idle task on that CPU calls a few layers of C
code before finally leaving the kernel. When KASAN is in use, poisoned
shadow is left around for each of the active stack frames, and when
shadow call stacks are in use. When shadow call stacks (SCS) are in use
the task's saved SCS SP is left pointing at an arbitrary point within
the task's shadow call stack.
When a CPU is offlined than onlined back into the kernel, this stale
state can adversely affect execution. Stale KASAN shadow can alias new
stackframes and result in bogus KASAN warnings. A stale SCS SP is
effectively a memory leak, and prevents a portion of the shadow call
stack being used. Across a number of hotplug cycles the idle task's
entire shadow call stack can become unusable.
We previously fixed the KASAN issue in commit:
e1b77c92981a5222 ("sched/kasan: remove stale KASAN poison after hotplug")
... by removing any stale KASAN stack poison immediately prior to
onlining a CPU.
Subsequently in commit:
f1a0a376ca0c4ef1 ("sched/core: Initialize the idle task with preemption disabled")
... the refactoring left the KASAN and SCS cleanup in one-time idle
thread initialization code rather than something invoked prior to each
CPU being onlined, breaking both as above.
We fixed SCS (but not KASAN) in commit:
63acd42c0d4942f7 ("sched/scs: Reset the shadow stack when idle_task_exit")
... but as this runs in the context of the idle task being offlined it's
potentially fragile.
To fix these consistently and more robustly, reset the SCS SP and KASAN
shadow of a CPU's idle task immediately before we online that CPU in
bringup_cpu(). This ensures the idle task always has a consistent state
when it is running, and removes the need to so so when exiting an idle
task.
Whenever any thread is created, dup_task_struct() will give the task a
stack which is free of KASAN shadow, and initialize the task's SCS SP,
so there's no need to specially initialize either for idle thread within
init_idle(), as this was only necessary to handle hotplug cycles.
I've tested this on arm64 with:
* gcc 11.1.0, defconfig +KASAN_INLINE, KASAN_STACK
* clang 12.0.0, defconfig +KASAN_INLINE, KASAN_STACK, SHADOW_CALL_STACK
... offlining and onlining CPUS with:
| while true; do
| for C in /sys/devices/system/cpu/cpu*/online; do
| echo 0 > $C;
| echo 1 > $C;
| done
| done
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47553", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T19:56:42.885646Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T19:57:05.890Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e6ee7abd6bfe559ad9989004b34c320fd638c526" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/229c555260cb9c1ccdab861e16f0410f1718f302" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/cpu.c", "kernel/sched/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e6ee7abd6bfe559ad9989004b34c320fd638c526", "status": "affected", "version": "3c51d82d0b7862d7d246016c74b4390fb1fa1f11", "versionType": "git" }, { "lessThan": "229c555260cb9c1ccdab861e16f0410f1718f302", "status": "affected", "version": "f1a0a376ca0c4ef1fc3d24e3e502acbb5b795674", "versionType": "git" }, { "lessThan": "dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3", "status": "affected", "version": "f1a0a376ca0c4ef1fc3d24e3e502acbb5b795674", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/cpu.c", "kernel/sched/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/scs: Reset task stack state in bringup_cpu()\n\nTo hot unplug a CPU, the idle task on that CPU calls a few layers of C\ncode before finally leaving the kernel. When KASAN is in use, poisoned\nshadow is left around for each of the active stack frames, and when\nshadow call stacks are in use. When shadow call stacks (SCS) are in use\nthe task\u0027s saved SCS SP is left pointing at an arbitrary point within\nthe task\u0027s shadow call stack.\n\nWhen a CPU is offlined than onlined back into the kernel, this stale\nstate can adversely affect execution. Stale KASAN shadow can alias new\nstackframes and result in bogus KASAN warnings. A stale SCS SP is\neffectively a memory leak, and prevents a portion of the shadow call\nstack being used. Across a number of hotplug cycles the idle task\u0027s\nentire shadow call stack can become unusable.\n\nWe previously fixed the KASAN issue in commit:\n\n e1b77c92981a5222 (\"sched/kasan: remove stale KASAN poison after hotplug\")\n\n... by removing any stale KASAN stack poison immediately prior to\nonlining a CPU.\n\nSubsequently in commit:\n\n f1a0a376ca0c4ef1 (\"sched/core: Initialize the idle task with preemption disabled\")\n\n... the refactoring left the KASAN and SCS cleanup in one-time idle\nthread initialization code rather than something invoked prior to each\nCPU being onlined, breaking both as above.\n\nWe fixed SCS (but not KASAN) in commit:\n\n 63acd42c0d4942f7 (\"sched/scs: Reset the shadow stack when idle_task_exit\")\n\n... but as this runs in the context of the idle task being offlined it\u0027s\npotentially fragile.\n\nTo fix these consistently and more robustly, reset the SCS SP and KASAN\nshadow of a CPU\u0027s idle task immediately before we online that CPU in\nbringup_cpu(). This ensures the idle task always has a consistent state\nwhen it is running, and removes the need to so so when exiting an idle\ntask.\n\nWhenever any thread is created, dup_task_struct() will give the task a\nstack which is free of KASAN shadow, and initialize the task\u0027s SCS SP,\nso there\u0027s no need to specially initialize either for idle thread within\ninit_idle(), as this was only necessary to handle hotplug cycles.\n\nI\u0027ve tested this on arm64 with:\n\n* gcc 11.1.0, defconfig +KASAN_INLINE, KASAN_STACK\n* clang 12.0.0, defconfig +KASAN_INLINE, KASAN_STACK, SHADOW_CALL_STACK\n\n... offlining and onlining CPUS with:\n\n| while true; do\n| for C in /sys/devices/system/cpu/cpu*/online; do\n| echo 0 \u003e $C;\n| echo 1 \u003e $C;\n| done\n| done" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:41.239Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e6ee7abd6bfe559ad9989004b34c320fd638c526" }, { "url": "https://git.kernel.org/stable/c/229c555260cb9c1ccdab861e16f0410f1718f302" }, { "url": "https://git.kernel.org/stable/c/dce1ca0525bfdc8a69a9343bc714fbc19a2f04b3" } ], "title": "sched/scs: Reset task stack state in bringup_cpu()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47553", "datePublished": "2024-05-24T15:09:55.961Z", "dateReserved": "2024-05-24T15:02:54.833Z", "dateUpdated": "2024-12-19T07:44:41.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47529
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: Fix memory leaks in error handling path
Should an error occur (invalid TLV len or memory allocation failure), the
memory already allocated in 'reduce_power_data' should be freed before
returning, otherwise it is leaking.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47529", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:20:42.461449Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:04.983Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.793Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4768935c25403ba96e7a745645df24a51a774b7e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a571bc28326d9f3e13f5f2d9cda2883e0631b0ce" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/fw/uefi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4768935c25403ba96e7a745645df24a51a774b7e", "status": "affected", "version": "9dad325f9d57508b154f0bebbc341a8528e5729c", "versionType": "git" }, { "lessThan": "a571bc28326d9f3e13f5f2d9cda2883e0631b0ce", "status": "affected", "version": "9dad325f9d57508b154f0bebbc341a8528e5729c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/fw/uefi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niwlwifi: Fix memory leaks in error handling path\n\nShould an error occur (invalid TLV len or memory allocation failure), the\nmemory already allocated in \u0027reduce_power_data\u0027 should be freed before\nreturning, otherwise it is leaking." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:14.880Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4768935c25403ba96e7a745645df24a51a774b7e" }, { "url": "https://git.kernel.org/stable/c/a571bc28326d9f3e13f5f2d9cda2883e0631b0ce" } ], "title": "iwlwifi: Fix memory leaks in error handling path", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47529", "datePublished": "2024-05-24T15:09:40.050Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:14.880Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47503
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
Calling scsi_remove_host() before scsi_add_host() results in a crash:
BUG: kernel NULL pointer dereference, address: 0000000000000108
RIP: 0010:device_del+0x63/0x440
Call Trace:
device_unregister+0x17/0x60
scsi_remove_host+0xee/0x2a0
pm8001_pci_probe+0x6ef/0x1b90 [pm80xx]
local_pci_probe+0x3f/0x90
We cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host()
has not been called yet at that point in time.
Function call tree:
pm8001_pci_probe()
|
`- pm8001_pci_alloc()
| |
| `- pm8001_alloc()
| |
| `- scsi_remove_host()
|
`- scsi_add_host()
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "1e434d2687e8 ", "status": "affected", "version": "05c6c029a44d", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "f8dccc1bdea7 ", "status": "affected", "version": "05c6c029a44d", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "653926205741 ", "status": "affected", "version": "f8dccc1bdea7 ", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.11", "status": "unaffected", "version": "5.10.85", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.16", "status": "unaffected", "version": "5.15.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "5.16" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "5.10" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47503", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:53:11.089005Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T19:58:15.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.785Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/scsi/pm8001/pm8001_init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add", "status": "affected", "version": "05c6c029a44d9f43715577e33e95eba87f44d285", "versionType": "git" }, { "lessThan": "f8dccc1bdea7e21b5ec06c957aef8831c772661c", "status": "affected", "version": "05c6c029a44d9f43715577e33e95eba87f44d285", "versionType": "git" }, { "lessThan": "653926205741add87a6cf452e21950eebc6ac10b", "status": "affected", "version": "05c6c029a44d9f43715577e33e95eba87f44d285", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/scsi/pm8001/pm8001_init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()\n\nCalling scsi_remove_host() before scsi_add_host() results in a crash:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000108\n RIP: 0010:device_del+0x63/0x440\n Call Trace:\n device_unregister+0x17/0x60\n scsi_remove_host+0xee/0x2a0\n pm8001_pci_probe+0x6ef/0x1b90 [pm80xx]\n local_pci_probe+0x3f/0x90\n\nWe cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host()\nhas not been called yet at that point in time.\n\nFunction call tree:\n\n pm8001_pci_probe()\n |\n `- pm8001_pci_alloc()\n | |\n | `- pm8001_alloc()\n | |\n | `- scsi_remove_host()\n |\n `- scsi_add_host()" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:42.946Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add" }, { "url": "https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c" }, { "url": "https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b" } ], "title": "scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47503", "datePublished": "2024-05-24T15:01:50.358Z", "dateReserved": "2024-05-22T06:20:56.205Z", "dateUpdated": "2024-12-19T07:43:42.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47570
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:45
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: r8188eu: fix a memory leak in rtw_wx_read32()
Free "ptmp" before returning -EINVAL.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47570", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T19:36:08.708849Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T19:36:18.413Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.794Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c8d3775745adacf9784a7a80a82d047051752573" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be4ea8f383551b9dae11b8dfff1f38b3b5436e9a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/staging/r8188eu/os_dep/ioctl_linux.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c8d3775745adacf9784a7a80a82d047051752573", "status": "affected", "version": "2b42bd58b32155a1be4dd78991845dec05aaef9e", "versionType": "git" }, { "lessThan": "be4ea8f383551b9dae11b8dfff1f38b3b5436e9a", "status": "affected", "version": "2b42bd58b32155a1be4dd78991845dec05aaef9e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/staging/r8188eu/os_dep/ioctl_linux.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: r8188eu: fix a memory leak in rtw_wx_read32()\n\nFree \"ptmp\" before returning -EINVAL." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:45:02.351Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c8d3775745adacf9784a7a80a82d047051752573" }, { "url": "https://git.kernel.org/stable/c/be4ea8f383551b9dae11b8dfff1f38b3b5436e9a" } ], "title": "staging: r8188eu: fix a memory leak in rtw_wx_read32()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47570", "datePublished": "2024-05-24T15:12:56.032Z", "dateReserved": "2024-05-24T15:11:00.729Z", "dateUpdated": "2024-12-19T07:45:02.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47499
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the
memory allocated by iio_triggered_buffer_setup() will not be freed, and cause
memory leak as follows:
unreferenced object 0xffff888009551400 (size 512):
comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s)
hex dump (first 32 bytes):
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 20 e2 e5 c0 ff ff ff ff ........ .......
backtrace:
[<0000000041ce75ee>] kmem_cache_alloc_trace+0x16d/0x360
[<000000000aeb17b0>] iio_kfifo_allocate+0x41/0x130 [kfifo_buf]
[<000000004b40c1f5>] iio_triggered_buffer_setup_ext+0x2c/0x210 [industrialio_triggered_buffer]
[<000000004375b15f>] kxcjk1013_probe+0x10c3/0x1d81 [kxcjk_1013]
Fix it by remove data->dready_trig condition in probe and remove.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 Version: a25691c1f9674090fb66586cf4c5d60d3efdf339 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60a55b9d91ba99eb8cf015bc46dc2de05e168a15" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3899700ddacbf7aaafadf44464fff3ff0d4e3307" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a3730f74159ad00a28960c0efe2a931fe6fe6b45" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c163a14277115ca962103910ab4cce55e862ffb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ee86d0bad80bdcd11a87e188a596727f41b62320" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70c9774e180d151abaab358108e3510a8e615215" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47499", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:49.142206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:23.165Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iio/accel/kxcjk-1013.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "60a55b9d91ba99eb8cf015bc46dc2de05e168a15", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "3899700ddacbf7aaafadf44464fff3ff0d4e3307", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "a3730f74159ad00a28960c0efe2a931fe6fe6b45", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "8c163a14277115ca962103910ab4cce55e862ffb", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "ee86d0bad80bdcd11a87e188a596727f41b62320", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "14508fe13b1c578b3d2ba574f1d48b351975860c", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" }, { "lessThan": "70c9774e180d151abaab358108e3510a8e615215", "status": "affected", "version": "a25691c1f9674090fb66586cf4c5d60d3efdf339", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iio/accel/kxcjk-1013.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.2" }, { "lessThan": "4.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: kxcjk-1013: Fix possible memory leak in probe and remove\n\nWhen ACPI type is ACPI_SMO8500, the data-\u003edready_trig will not be set, the\nmemory allocated by iio_triggered_buffer_setup() will not be freed, and cause\nmemory leak as follows:\n\nunreferenced object 0xffff888009551400 (size 512):\n comm \"i2c-SMO8500-125\", pid 911, jiffies 4294911787 (age 83.852s)\n hex dump (first 32 bytes):\n 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 20 e2 e5 c0 ff ff ff ff ........ .......\n backtrace:\n [\u003c0000000041ce75ee\u003e] kmem_cache_alloc_trace+0x16d/0x360\n [\u003c000000000aeb17b0\u003e] iio_kfifo_allocate+0x41/0x130 [kfifo_buf]\n [\u003c000000004b40c1f5\u003e] iio_triggered_buffer_setup_ext+0x2c/0x210 [industrialio_triggered_buffer]\n [\u003c000000004375b15f\u003e] kxcjk1013_probe+0x10c3/0x1d81 [kxcjk_1013]\n\nFix it by remove data-\u003edready_trig condition in probe and remove." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:38.390Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8c1d43f3a3fc7184c42d7398bdf59a2a2903e4fc" }, { "url": "https://git.kernel.org/stable/c/60a55b9d91ba99eb8cf015bc46dc2de05e168a15" }, { "url": "https://git.kernel.org/stable/c/3899700ddacbf7aaafadf44464fff3ff0d4e3307" }, { "url": "https://git.kernel.org/stable/c/a3730f74159ad00a28960c0efe2a931fe6fe6b45" }, { "url": "https://git.kernel.org/stable/c/8c163a14277115ca962103910ab4cce55e862ffb" }, { "url": "https://git.kernel.org/stable/c/ee86d0bad80bdcd11a87e188a596727f41b62320" }, { "url": "https://git.kernel.org/stable/c/14508fe13b1c578b3d2ba574f1d48b351975860c" }, { "url": "https://git.kernel.org/stable/c/70c9774e180d151abaab358108e3510a8e615215" } ], "title": "iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47499", "datePublished": "2024-05-24T15:01:42.684Z", "dateReserved": "2024-05-22T06:20:56.204Z", "dateUpdated": "2024-12-19T07:43:38.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47516
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfp: Fix memory leak in nfp_cpp_area_cache_add()
In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a
CPP area structure. But in line 807 (#2), when the cache is allocated
failed, this CPP area structure is not freed, which will result in
memory leak.
We can fix it by freeing the CPP area when the cache is allocated
failed (#2).
792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size)
793 {
794 struct nfp_cpp_area_cache *cache;
795 struct nfp_cpp_area *area;
800 area = nfp_cpp_area_alloc(cpp, NFP_CPP_ID(7, NFP_CPP_ACTION_RW, 0),
801 0, size);
// #1: allocates and initializes
802 if (!area)
803 return -ENOMEM;
805 cache = kzalloc(sizeof(*cache), GFP_KERNEL);
806 if (!cache)
807 return -ENOMEM; // #2: missing free
817 return 0;
818 }
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 Version: 4cb584e0ee7df70fd0376aee60cf701855ea8c81 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e93abcdcec0436fbf0b6a88ae806902426895a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eb51f639ef3fd5498b7def290ed8681b6aadd9a7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e0e072e62fdaf7816220af08e05c020f0fcb77a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/484069b5de9d223cc1c64c6f80389a99cfef51f1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f707820c09239d6f67699d9b2ff57863cc7905b0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c56c96303e9289cc34716b1179597b6f470833de" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47516", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:30.048758Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:51.440Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3e93abcdcec0436fbf0b6a88ae806902426895a2", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" }, { "lessThan": "eb51f639ef3fd5498b7def290ed8681b6aadd9a7", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" }, { "lessThan": "2e0e072e62fdaf7816220af08e05c020f0fcb77a", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" }, { "lessThan": "484069b5de9d223cc1c64c6f80389a99cfef51f1", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" }, { "lessThan": "f707820c09239d6f67699d9b2ff57863cc7905b0", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" }, { "lessThan": "c56c96303e9289cc34716b1179597b6f470833de", "status": "affected", "version": "4cb584e0ee7df70fd0376aee60cf701855ea8c81", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.11" }, { "lessThan": "4.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: Fix memory leak in nfp_cpp_area_cache_add()\n\nIn line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a\nCPP area structure. But in line 807 (#2), when the cache is allocated\nfailed, this CPP area structure is not freed, which will result in\nmemory leak.\n\nWe can fix it by freeing the CPP area when the cache is allocated\nfailed (#2).\n\n792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size)\n793 {\n794 \tstruct nfp_cpp_area_cache *cache;\n795 \tstruct nfp_cpp_area *area;\n\n800\tarea = nfp_cpp_area_alloc(cpp, NFP_CPP_ID(7, NFP_CPP_ACTION_RW, 0),\n801 \t\t\t\t 0, size);\n\t// #1: allocates and initializes\n\n802 \tif (!area)\n803 \t\treturn -ENOMEM;\n\n805 \tcache = kzalloc(sizeof(*cache), GFP_KERNEL);\n806 \tif (!cache)\n807 \t\treturn -ENOMEM; // #2: missing free\n\n817\treturn 0;\n818 }" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:58.975Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3e93abcdcec0436fbf0b6a88ae806902426895a2" }, { "url": "https://git.kernel.org/stable/c/eb51f639ef3fd5498b7def290ed8681b6aadd9a7" }, { "url": "https://git.kernel.org/stable/c/2e0e072e62fdaf7816220af08e05c020f0fcb77a" }, { "url": "https://git.kernel.org/stable/c/484069b5de9d223cc1c64c6f80389a99cfef51f1" }, { "url": "https://git.kernel.org/stable/c/f707820c09239d6f67699d9b2ff57863cc7905b0" }, { "url": "https://git.kernel.org/stable/c/c56c96303e9289cc34716b1179597b6f470833de" } ], "title": "nfp: Fix memory leak in nfp_cpp_area_cache_add()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47516", "datePublished": "2024-05-24T15:09:30.022Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:43:58.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47500
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: mma8452: Fix trigger reference couting
The mma8452 driver directly assigns a trigger to the struct iio_dev. The
IIO core when done using this trigger will call `iio_trigger_put()` to drop
the reference count by 1.
Without the matching `iio_trigger_get()` in the driver the reference count
can reach 0 too early, the trigger gets freed while still in use and a
use-after-free occurs.
Fix this by getting a reference to the trigger before assigning it to the
IIO device.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af Version: ae6d9ce05691bf79694074db7c7da980080548af |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.752Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47500", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:45.977945Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iio/accel/mma8452.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "094d513b78b1714113bc016684b8142382e071ba", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "fb75cc4740d81264cd5bcb0e17d961d018a8be96", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "794c0898f6bf39a458655d5fb4af70ec43a5cfcb", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "f5deab10ced368c807866283f8b79144c4823be8", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "acf0088ac073ca6e7f4cad6acac112177e08df5e", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "db12d95085367de8b0223929d1332731024441f1", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "c43517071dfc9fce34f8f69dbb98a86017f6b739", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" }, { "lessThan": "cd0082235783f814241a1c9483fb89e405f4f892", "status": "affected", "version": "ae6d9ce05691bf79694074db7c7da980080548af", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iio/accel/mma8452.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.2" }, { "lessThan": "4.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: mma8452: Fix trigger reference couting\n\nThe mma8452 driver directly assigns a trigger to the struct iio_dev. The\nIIO core when done using this trigger will call `iio_trigger_put()` to drop\nthe reference count by 1.\n\nWithout the matching `iio_trigger_get()` in the driver the reference count\ncan reach 0 too early, the trigger gets freed while still in use and a\nuse-after-free occurs.\n\nFix this by getting a reference to the trigger before assigning it to the\nIIO device." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:39.544Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/094d513b78b1714113bc016684b8142382e071ba" }, { "url": "https://git.kernel.org/stable/c/fb75cc4740d81264cd5bcb0e17d961d018a8be96" }, { "url": "https://git.kernel.org/stable/c/794c0898f6bf39a458655d5fb4af70ec43a5cfcb" }, { "url": "https://git.kernel.org/stable/c/f5deab10ced368c807866283f8b79144c4823be8" }, { "url": "https://git.kernel.org/stable/c/acf0088ac073ca6e7f4cad6acac112177e08df5e" }, { "url": "https://git.kernel.org/stable/c/db12d95085367de8b0223929d1332731024441f1" }, { "url": "https://git.kernel.org/stable/c/c43517071dfc9fce34f8f69dbb98a86017f6b739" }, { "url": "https://git.kernel.org/stable/c/cd0082235783f814241a1c9483fb89e405f4f892" } ], "title": "iio: mma8452: Fix trigger reference couting", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47500", "datePublished": "2024-05-24T15:01:43.362Z", "dateReserved": "2024-05-22T06:20:56.204Z", "dateUpdated": "2024-12-19T07:43:39.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47510
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix re-dirty process of tree-log nodes
There is a report of a transaction abort of -EAGAIN with the following
script.
#!/bin/sh
for d in sda sdb; do
mkfs.btrfs -d single -m single -f /dev/\${d}
done
mount /dev/sda /mnt/test
mount /dev/sdb /mnt/scratch
for dir in test scratch; do
echo 3 >/proc/sys/vm/drop_caches
fio --directory=/mnt/\${dir} --name=fio.\${dir} --rw=read --size=50G --bs=64m \
--numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \
--group_reporting |& tee /dev/shm/fio.\${dir}
echo 3 >/proc/sys/vm/drop_caches
done
for d in sda sdb; do
umount /dev/\${d}
done
The stack trace is shown in below.
[3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction)
[3310.968060] BTRFS info (device sda): forced readonly
[3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction.
[3310.968065] ------------[ cut here ]------------
[3310.968066] BTRFS: Transaction aborted (error -11)
[3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8
[3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1
[3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021
[3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8
[3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282
[3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027
[3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00
[3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48
[3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00
[3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58
[3310.968154] FS: 00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000
[3310.968157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0
[3310.968160] PKRU: 55555554
[3310.968161] Call Trace:
[3310.968167] ? dput+0xd4/0x300
[3310.968174] btrfs_sync_file+0x3f1/0x490
[3310.968180] __x64_sys_fsync+0x33/0x60
[3310.968185] do_syscall_64+0x3b/0x90
[3310.968190] entry_SYSCALL_64_after_hwframe+0x44/0xae
[3310.968194] RIP: 0033:0x7efe6557329b
[3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a
[3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b
[3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006
[3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010
[3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980
[3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000
[3310.968212] ---[ end trace 1a346f4d3c0d96ba ]---
[3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown
The abort occurs because of a write hole while writing out freeing tree
nodes of a tree-log tree. For zoned btrfs, we re-dirty a freed tree
node to ensure btrfs can write the region and does not leave a hole on
write on a zoned device. The current code fails to re-dirty a node
when the tree-log tree's depth is greater or equal to 2. That leads to
a transaction abort with -EAGAIN.
Fix the issue by properly re-dirtying a node on walking up the tree.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:36.503255Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "477675049ca803aa95ff77468ffbddd966b415b0", "status": "affected", "version": "d3575156f6623eecf086a20bcf99a63f1598109c", "versionType": "git" }, { "lessThan": "84c25448929942edacba905cecc0474e91114e7a", "status": "affected", "version": "d3575156f6623eecf086a20bcf99a63f1598109c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix re-dirty process of tree-log nodes\n\nThere is a report of a transaction abort of -EAGAIN with the following\nscript.\n\n #!/bin/sh\n\n for d in sda sdb; do\n mkfs.btrfs -d single -m single -f /dev/\\${d}\n done\n\n mount /dev/sda /mnt/test\n mount /dev/sdb /mnt/scratch\n\n for dir in test scratch; do\n echo 3 \u003e/proc/sys/vm/drop_caches\n fio --directory=/mnt/\\${dir} --name=fio.\\${dir} --rw=read --size=50G --bs=64m \\\n --numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \\\n --group_reporting |\u0026 tee /dev/shm/fio.\\${dir}\n echo 3 \u003e/proc/sys/vm/drop_caches\n done\n\n for d in sda sdb; do\n umount /dev/\\${d}\n done\n\nThe stack trace is shown in below.\n\n [3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction)\n [3310.968060] BTRFS info (device sda): forced readonly\n [3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction.\n [3310.968065] ------------[ cut here ]------------\n [3310.968066] BTRFS: Transaction aborted (error -11)\n [3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8\n [3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1\n [3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021\n [3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8\n [3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282\n [3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027\n [3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00\n [3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48\n [3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00\n [3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58\n [3310.968154] FS: 00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000\n [3310.968157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0\n [3310.968160] PKRU: 55555554\n [3310.968161] Call Trace:\n [3310.968167] ? dput+0xd4/0x300\n [3310.968174] btrfs_sync_file+0x3f1/0x490\n [3310.968180] __x64_sys_fsync+0x33/0x60\n [3310.968185] do_syscall_64+0x3b/0x90\n [3310.968190] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [3310.968194] RIP: 0033:0x7efe6557329b\n [3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a\n [3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b\n [3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006\n [3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010\n [3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980\n [3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000\n [3310.968212] ---[ end trace 1a346f4d3c0d96ba ]---\n [3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown\n\nThe abort occurs because of a write hole while writing out freeing tree\nnodes of a tree-log tree. For zoned btrfs, we re-dirty a freed tree\nnode to ensure btrfs can write the region and does not leave a hole on\nwrite on a zoned device. The current code fails to re-dirty a node\nwhen the tree-log tree\u0027s depth is greater or equal to 2. That leads to\na transaction abort with -EAGAIN.\n\nFix the issue by properly re-dirtying a node on walking up the tree." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:51.236Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0" }, { "url": "https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a" } ], "title": "btrfs: fix re-dirty process of tree-log nodes", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47510", "datePublished": "2024-05-24T15:09:26.019Z", "dateReserved": "2024-05-24T15:02:54.823Z", "dateUpdated": "2024-12-19T07:43:51.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47565
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix kernel panic during drive powercycle test
While looping over shost's sdev list it is possible that one
of the drives is getting removed and its sas_target object is
freed but its sdev object remains intact.
Consequently, a kernel panic can occur while the driver is trying to access
the sas_address field of sas_target object without also checking the
sas_target object for NULL.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 Version: f92363d12359498f9a9960511de1a550f0ec41c2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5d4d50b1f159a5ebab7617f47121b4370aa58afe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/58ef2c7a6de13721865d84b80eecf56d6cba0937" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dd035ca0e7a142870a970d46b1d19276cfe2bc8c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0d4b29eaadc1f59cec0c7e85eae77d08fcca9824" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7e324f734a914957b8cc3ff4b4c9f0409558adb5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2bf9c5a5039c8f4b037236aed505e6a25c1d5f7b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8485649a7655e791a6e4e9f15b4d30fdae937184" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47565", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:14.174817Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:20.028Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/scsi/mpt3sas/mpt3sas_scsih.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5d4d50b1f159a5ebab7617f47121b4370aa58afe", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "58ef2c7a6de13721865d84b80eecf56d6cba0937", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "dd035ca0e7a142870a970d46b1d19276cfe2bc8c", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "0d4b29eaadc1f59cec0c7e85eae77d08fcca9824", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "7e324f734a914957b8cc3ff4b4c9f0409558adb5", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "2bf9c5a5039c8f4b037236aed505e6a25c1d5f7b", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "8485649a7655e791a6e4e9f15b4d30fdae937184", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" }, { "lessThan": "0ee4ba13e09c9d9c1cb6abb59da8295d9952328b", "status": "affected", "version": "f92363d12359498f9a9960511de1a550f0ec41c2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/scsi/mpt3sas/mpt3sas_scsih.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.8" }, { "lessThan": "3.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.219", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.163", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix kernel panic during drive powercycle test\n\nWhile looping over shost\u0027s sdev list it is possible that one\nof the drives is getting removed and its sas_target object is\nfreed but its sdev object remains intact.\n\nConsequently, a kernel panic can occur while the driver is trying to access\nthe sas_address field of sas_target object without also checking the\nsas_target object for NULL." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:56.437Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5d4d50b1f159a5ebab7617f47121b4370aa58afe" }, { "url": "https://git.kernel.org/stable/c/58ef2c7a6de13721865d84b80eecf56d6cba0937" }, { "url": "https://git.kernel.org/stable/c/dd035ca0e7a142870a970d46b1d19276cfe2bc8c" }, { "url": "https://git.kernel.org/stable/c/0d4b29eaadc1f59cec0c7e85eae77d08fcca9824" }, { "url": "https://git.kernel.org/stable/c/7e324f734a914957b8cc3ff4b4c9f0409558adb5" }, { "url": "https://git.kernel.org/stable/c/2bf9c5a5039c8f4b037236aed505e6a25c1d5f7b" }, { "url": "https://git.kernel.org/stable/c/8485649a7655e791a6e4e9f15b4d30fdae937184" }, { "url": "https://git.kernel.org/stable/c/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b" } ], "title": "scsi: mpt3sas: Fix kernel panic during drive powercycle test", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47565", "datePublished": "2024-05-24T15:12:52.786Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:56.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47567
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/32: Fix hardlockup on vmap stack overflow
Since the commit c118c7303ad5 ("powerpc/32: Fix vmap stack - Do not
activate MMU before reading task struct") a vmap stack overflow
results in a hard lockup. This is because emergency_ctx is still
addressed with its virtual address allthough data MMU is not active
anymore at that time.
Fix it by using a physical address instead.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47567", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:34:28.307539Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:34:41.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/kernel/head_32.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7", "status": "affected", "version": "c118c7303ad528be8ff2aea8cd1ee15452c763f0", "versionType": "git" }, { "lessThan": "c4e3ff8b8b1d54f0c755670174c453b06e17114b", "status": "affected", "version": "c118c7303ad528be8ff2aea8cd1ee15452c763f0", "versionType": "git" }, { "lessThan": "5bb60ea611db1e04814426ed4bd1c95d1487678e", "status": "affected", "version": "c118c7303ad528be8ff2aea8cd1ee15452c763f0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/kernel/head_32.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/32: Fix hardlockup on vmap stack overflow\n\nSince the commit c118c7303ad5 (\"powerpc/32: Fix vmap stack - Do not\nactivate MMU before reading task struct\") a vmap stack overflow\nresults in a hard lockup. This is because emergency_ctx is still\naddressed with its virtual address allthough data MMU is not active\nanymore at that time.\n\nFix it by using a physical address instead." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:58.831Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/dfe906da9a1abebdebe8b15bb3e66a2578f6c4c7" }, { "url": "https://git.kernel.org/stable/c/c4e3ff8b8b1d54f0c755670174c453b06e17114b" }, { "url": "https://git.kernel.org/stable/c/5bb60ea611db1e04814426ed4bd1c95d1487678e" } ], "title": "powerpc/32: Fix hardlockup on vmap stack overflow", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47567", "datePublished": "2024-05-24T15:12:54.081Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:58.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47534
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Add missing drm_crtc_commit_put
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a global state for the HVS, with each FIFO storing
the current CRTC commit so that we can properly synchronize commits.
However, the refcounting was off and we thus ended up leaking the
drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to
prevent the leakage.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47534", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:50:30.871991Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T16:13:57.750Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/vc4/vc4_kms.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "53f9601e908d42481addd67cdb01a9288c611124", "status": "affected", "version": "9ec03d7f1ed394897891319a4dda75f52c5d292d", "versionType": "git" }, { "lessThan": "049cfff8d53a30cae3349ff71a4c01b7d9981bc2", "status": "affected", "version": "9ec03d7f1ed394897891319a4dda75f52c5d292d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/vc4/vc4_kms.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: kms: Add missing drm_crtc_commit_put\n\nCommit 9ec03d7f1ed3 (\"drm/vc4: kms: Wait on previous FIFO users before a\ncommit\") introduced a global state for the HVS, with each FIFO storing\nthe current CRTC commit so that we can properly synchronize commits.\n\nHowever, the refcounting was off and we thus ended up leaking the\ndrm_crtc_commit structure every commit. Add a drm_crtc_commit_put to\nprevent the leakage." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:20.777Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124" }, { "url": "https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2" } ], "title": "drm/vc4: kms: Add missing drm_crtc_commit_put", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47534", "datePublished": "2024-05-24T15:09:43.344Z", "dateReserved": "2024-05-24T15:02:54.826Z", "dateUpdated": "2024-12-19T07:44:20.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47547
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the
'for' end, the 'k' is 8.
At this time, the array 'lp->phy[8]' may be out of bound.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47547", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:50:18.618811Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T18:27:32.027Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/dec/tulip/de4x5.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ec5bd0aef1cec96830d0c7e06d3597d9e786cc98", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "142ead3dc70411bd5977e8c47a6d8bf22287b3f8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "d3dedaa5a601107cfedda087209772c76e364d58", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2c1a6a9a011d622a7c61324a97a49801ba425eff", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "77ff166909458646e66450e42909e0adacc99049", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "12f907cb11576b8cd0b1d95a16d1f10ed5bb7237", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "61217be886b5f7402843677e4be7e7e83de9cb41", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/dec/tulip/de4x5.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tulip: de4x5: fix the problem that the array \u0027lp-\u003ephy[8]\u0027 may be out of bound\n\nIn line 5001, if all id in the array \u0027lp-\u003ephy[8]\u0027 is not 0, when the\n\u0027for\u0027 end, the \u0027k\u0027 is 8.\n\nAt this time, the array \u0027lp-\u003ephy[8]\u0027 may be out of bound." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:34.123Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98" }, { "url": "https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8" }, { "url": "https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58" }, { "url": "https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff" }, { "url": "https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049" }, { "url": "https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f" }, { "url": "https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237" }, { "url": "https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41" } ], "title": "net: tulip: de4x5: fix the problem that the array \u0027lp-\u003ephy[8]\u0027 may be out of bound", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47547", "datePublished": "2024-05-24T15:09:51.940Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:34.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47550
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: fix potential memleak
In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed
There is a potential memleak if not call kobject_put.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47550", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T20:02:31.331869Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T20:02:53.390Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c746945fb6bcbe3863c9ea6369c7ef376e38e5eb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/75752ada77e0726327adf68018b9f50ae091baeb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/27dfaedc0d321b4ea4e10c53e4679d6911ab17aa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c746945fb6bcbe3863c9ea6369c7ef376e38e5eb", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "75752ada77e0726327adf68018b9f50ae091baeb", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "27dfaedc0d321b4ea4e10c53e4679d6911ab17aa", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: fix potential memleak\n\nIn function amdgpu_get_xgmi_hive, when kobject_init_and_add failed\nThere is a potential memleak if not call kobject_put." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:37.750Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c746945fb6bcbe3863c9ea6369c7ef376e38e5eb" }, { "url": "https://git.kernel.org/stable/c/75752ada77e0726327adf68018b9f50ae091baeb" }, { "url": "https://git.kernel.org/stable/c/27dfaedc0d321b4ea4e10c53e4679d6911ab17aa" } ], "title": "drm/amd/amdgpu: fix potential memleak", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47550", "datePublished": "2024-05-24T15:09:53.949Z", "dateReserved": "2024-05-24T15:02:54.831Z", "dateUpdated": "2024-12-19T07:44:37.750Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47511
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Fix negative period/buffer sizes
The period size calculation in OSS layer may receive a negative value
as an error, but the code there assumes only the positive values and
handle them with size_t. Due to that, a too big value may be passed
to the lower layers.
This patch changes the code to handle with ssize_t and adds the proper
error checks appropriately.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47511", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T17:05:32.798414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T20:38:49.373Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/502e1146873d870f87da3b8f93d6bf2de5f38d0c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8af815ab052eaf74addbbfb556d63ce2137c0e1b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f96c0959c1ee92adc911c10d6ec209af50105049" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f12c8a7515f641885677960af450082569a87243" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02b2b691b77cd7b951fa7b6c9d44d4e472cdc823" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00a860678098fcd9fa8db2b5fb9d2ddf4776d4cc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9d2479c960875ca1239bcb899f386970c13d9cfe" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/core/oss/pcm_oss.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "be8869d388593e57223ad39297c8e54be632f2f2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "502e1146873d870f87da3b8f93d6bf2de5f38d0c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "8af815ab052eaf74addbbfb556d63ce2137c0e1b", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f96c0959c1ee92adc911c10d6ec209af50105049", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f12c8a7515f641885677960af450082569a87243", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "02b2b691b77cd7b951fa7b6c9d44d4e472cdc823", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "00a860678098fcd9fa8db2b5fb9d2ddf4776d4cc", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "9d2479c960875ca1239bcb899f386970c13d9cfe", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/core/oss/pcm_oss.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix negative period/buffer sizes\n\nThe period size calculation in OSS layer may receive a negative value\nas an error, but the code there assumes only the positive values and\nhandle them with size_t. Due to that, a too big value may be passed\nto the lower layers.\n\nThis patch changes the code to handle with ssize_t and adds the proper\nerror checks appropriately." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:52.411Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2" }, { "url": "https://git.kernel.org/stable/c/502e1146873d870f87da3b8f93d6bf2de5f38d0c" }, { "url": "https://git.kernel.org/stable/c/8af815ab052eaf74addbbfb556d63ce2137c0e1b" }, { "url": "https://git.kernel.org/stable/c/f96c0959c1ee92adc911c10d6ec209af50105049" }, { "url": "https://git.kernel.org/stable/c/f12c8a7515f641885677960af450082569a87243" }, { "url": "https://git.kernel.org/stable/c/02b2b691b77cd7b951fa7b6c9d44d4e472cdc823" }, { "url": "https://git.kernel.org/stable/c/00a860678098fcd9fa8db2b5fb9d2ddf4776d4cc" }, { "url": "https://git.kernel.org/stable/c/9d2479c960875ca1239bcb899f386970c13d9cfe" } ], "title": "ALSA: pcm: oss: Fix negative period/buffer sizes", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47511", "datePublished": "2024-05-24T15:09:26.695Z", "dateReserved": "2024-05-24T15:02:54.823Z", "dateUpdated": "2024-12-19T07:43:52.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47548
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
The if statement:
if (port >= DSAF_GE_NUM)
return;
limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur:
port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;
because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).
To fix this possible array overflow, we first check port and if it is
greater than or equal to DSAF_MAX_PORT_NUM, the function returns.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "948968f87476", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "abbd5faa0748", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "dd07f8971b81", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "99bb25cb6753", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "22519eff7df2", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "fc7ffa7f10b9", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "a66998e0fbf2", "status": "affected", "version": "1da177e4c3f4", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "4.14*", "status": "unaffected", "version": "4.14.257", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "5.16" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47548", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T14:45:02.339644Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-05T14:45:10.947Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.794Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "948968f8747650447c8f21c9fdba0e1973be040b", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "abbd5faa0748d0aa95d5191d56ff7a17a6275bd1", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "dd07f8971b81ad98cc754b179b331b57f35aa1ff", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "22519eff7df2d88adcc2568d86046ce1e2b52803", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "fc7ffa7f10b9454a86369405d9814bf141b30627", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "a66998e0fbf213d47d02813b9679426129d0d114", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()\n\nThe if statement:\n if (port \u003e= DSAF_GE_NUM)\n return;\n\nlimits the value of port less than DSAF_GE_NUM (i.e., 8).\nHowever, if the value of port is 6 or 7, an array overflow could occur:\n port_rst_off = dsaf_dev-\u003emac_cb[port]-\u003eport_rst_off;\n\nbecause the length of dsaf_dev-\u003emac_cb is DSAF_MAX_PORT_NUM (i.e., 6).\n\nTo fix this possible array overflow, we first check port and if it is\ngreater than or equal to DSAF_MAX_PORT_NUM, the function returns." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:35.409Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b" }, { "url": "https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1" }, { "url": "https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff" }, { "url": "https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d" }, { "url": "https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803" }, { "url": "https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627" }, { "url": "https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114" } ], "title": "ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47548", "datePublished": "2024-05-24T15:09:52.634Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:35.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47507
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix nsfd startup race (again)
Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first")
has re-opened rpc_pipefs_event() race against nfsd_net_id registration
(register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76
("nfsd: fix nsfd startup race triggering BUG_ON").
Restore the order of register_pernet_subsys() vs register_cld_notifier().
Add WARN_ON() to prevent a future regression.
Crash info:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000012
CPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1
pc : rpc_pipefs_event+0x54/0x120 [nfsd]
lr : rpc_pipefs_event+0x48/0x120 [nfsd]
Call trace:
rpc_pipefs_event+0x54/0x120 [nfsd]
blocking_notifier_call_chain
rpc_fill_super
get_tree_keyed
rpc_fs_get_tree
vfs_get_tree
do_mount
ksys_mount
__arm64_sys_mount
el0_svc_handler
el0_svc
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.833Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f5734b1714ca355703e9ea8fb61d04beff1790b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c520943a00ad5015704969ad3304c956bcd49d25" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8bf902fee5893cfc2f04a698abab47629699ae9a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b10252c7ae9c9d7c90552f88b544a44ee773af64" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47507", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:42.793649Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nfsd/nfs4recover.c", "fs/nfsd/nfsctl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f5734b1714ca355703e9ea8fb61d04beff1790b9", "status": "affected", "version": "8677e99150b0830d29cc1318b4cc559e176940bb", "versionType": "git" }, { "lessThan": "c520943a00ad5015704969ad3304c956bcd49d25", "status": "affected", "version": "7c7cb07d4affcf41749234fe9dc4d90cd3959e32", "versionType": "git" }, { "lessThan": "8bf902fee5893cfc2f04a698abab47629699ae9a", "status": "affected", "version": "bd5ae9288d6451bd346a1b4a59d4fe7e62ba29b7", "versionType": "git" }, { "lessThan": "b10252c7ae9c9d7c90552f88b544a44ee773af64", "status": "affected", "version": "bd5ae9288d6451bd346a1b4a59d4fe7e62ba29b7", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nfsd/nfs4recover.c", "fs/nfsd/nfsctl.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix nsfd startup race (again)\n\nCommit bd5ae9288d64 (\"nfsd: register pernet ops last, unregister first\")\nhas re-opened rpc_pipefs_event() race against nfsd_net_id registration\n(register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76\n(\"nfsd: fix nsfd startup race triggering BUG_ON\").\n\nRestore the order of register_pernet_subsys() vs register_cld_notifier().\nAdd WARN_ON() to prevent a future regression.\n\nCrash info:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000012\nCPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1\npc : rpc_pipefs_event+0x54/0x120 [nfsd]\nlr : rpc_pipefs_event+0x48/0x120 [nfsd]\nCall trace:\n rpc_pipefs_event+0x54/0x120 [nfsd]\n blocking_notifier_call_chain\n rpc_fill_super\n get_tree_keyed\n rpc_fs_get_tree\n vfs_get_tree\n do_mount\n ksys_mount\n __arm64_sys_mount\n el0_svc_handler\n el0_svc" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:47.496Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f5734b1714ca355703e9ea8fb61d04beff1790b9" }, { "url": "https://git.kernel.org/stable/c/c520943a00ad5015704969ad3304c956bcd49d25" }, { "url": "https://git.kernel.org/stable/c/8bf902fee5893cfc2f04a698abab47629699ae9a" }, { "url": "https://git.kernel.org/stable/c/b10252c7ae9c9d7c90552f88b544a44ee773af64" } ], "title": "nfsd: Fix nsfd startup race (again)", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47507", "datePublished": "2024-05-24T15:01:53.401Z", "dateReserved": "2024-05-22T06:20:56.206Z", "dateUpdated": "2024-12-19T07:43:47.496Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47519
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_read_fifo: fix memory leak in error branch
In m_can_read_fifo(), if the second call to m_can_fifo_read() fails,
the function jump to the out_fail label and returns without calling
m_can_receive_skb(). This means that the skb previously allocated by
alloc_can_skb() is not freed. In other terms, this is a memory leak.
This patch adds a goto label to destroy the skb if an error occurs.
Issue was found with GCC -fanalyzer, please follow the link below for
details.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "75a422165477", "status": "affected", "version": "e39381770ec9", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "31cb32a590d6", "status": "affected", "version": "e39381770ec9", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.16", "status": "unaffected", "version": "5.15.8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "5.16" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "5.15" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47519", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T16:07:08.194411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T19:59:00.023Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/can/m_can/m_can.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "75a422165477dd12d2d20aa7c9ee7c9a281c9908", "status": "affected", "version": "e39381770ec9ca3c51d8b9bd9cc6e01d78ea974a", "versionType": "git" }, { "lessThan": "31cb32a590d62b18f69a9a6d433f4e69c74fdd56", "status": "affected", "version": "e39381770ec9ca3c51d8b9bd9cc6e01d78ea974a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/can/m_can/m_can.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: m_can_read_fifo: fix memory leak in error branch\n\nIn m_can_read_fifo(), if the second call to m_can_fifo_read() fails,\nthe function jump to the out_fail label and returns without calling\nm_can_receive_skb(). This means that the skb previously allocated by\nalloc_can_skb() is not freed. In other terms, this is a memory leak.\n\nThis patch adds a goto label to destroy the skb if an error occurs.\n\nIssue was found with GCC -fanalyzer, please follow the link below for\ndetails." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:02.774Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/75a422165477dd12d2d20aa7c9ee7c9a281c9908" }, { "url": "https://git.kernel.org/stable/c/31cb32a590d62b18f69a9a6d433f4e69c74fdd56" } ], "title": "can: m_can: m_can_read_fifo: fix memory leak in error branch", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47519", "datePublished": "2024-05-24T15:09:33.118Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:44:02.774Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47533
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: kms: Clear the HVS FIFO commit pointer once done
Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a
commit") introduced a wait on the previous commit done on a given HVS
FIFO.
However, we never cleared that pointer once done. Since
drm_crtc_commit_put can free the drm_crtc_commit structure directly if
we were the last user, this means that it can lead to a use-after free
if we were to duplicate the state, and that stale pointer would even be
copied to the new state.
Set the pointer to NULL once we're done with the wait so that we don't
carry over a pointer to a free'd structure.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47533", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:17:49.041066Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:15:00.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/vc4/vc4_kms.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2931db9a5ed219546cf2ae0546698faf78281b89", "status": "affected", "version": "9ec03d7f1ed394897891319a4dda75f52c5d292d", "versionType": "git" }, { "lessThan": "d134c5ff71c7f2320fc7997f2fbbdedf0c76889a", "status": "affected", "version": "9ec03d7f1ed394897891319a4dda75f52c5d292d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/vc4/vc4_kms.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: kms: Clear the HVS FIFO commit pointer once done\n\nCommit 9ec03d7f1ed3 (\"drm/vc4: kms: Wait on previous FIFO users before a\ncommit\") introduced a wait on the previous commit done on a given HVS\nFIFO.\n\nHowever, we never cleared that pointer once done. Since\ndrm_crtc_commit_put can free the drm_crtc_commit structure directly if\nwe were the last user, this means that it can lead to a use-after free\nif we were to duplicate the state, and that stale pointer would even be\ncopied to the new state.\n\nSet the pointer to NULL once we\u0027re done with the wait so that we don\u0027t\ncarry over a pointer to a free\u0027d structure." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:19.504Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89" }, { "url": "https://git.kernel.org/stable/c/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a" } ], "title": "drm/vc4: kms: Clear the HVS FIFO commit pointer once done", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47533", "datePublished": "2024-05-24T15:09:42.683Z", "dateReserved": "2024-05-24T15:02:54.826Z", "dateUpdated": "2024-12-19T07:44:19.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47524
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: liteuart: fix minor-number leak on probe errors
Make sure to release the allocated minor number before returning on
probe errors.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.754Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/888fc81107cacd2a4f681bac7bb785cef868214f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dd5e90b16cca8a697cbe17b72e2a5f49291cabb2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47524", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:26.786876Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:51.218Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "888fc81107cacd2a4f681bac7bb785cef868214f", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" }, { "lessThan": "dd5e90b16cca8a697cbe17b72e2a5f49291cabb2", "status": "affected", "version": "1da81e5562fac8286567422cc56a7fbd0dc646d4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/tty/serial/liteuart.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: liteuart: fix minor-number leak on probe errors\n\nMake sure to release the allocated minor number before returning on\nprobe errors." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:08.888Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/888fc81107cacd2a4f681bac7bb785cef868214f" }, { "url": "https://git.kernel.org/stable/c/dd5e90b16cca8a697cbe17b72e2a5f49291cabb2" } ], "title": "serial: liteuart: fix minor-number leak on probe errors", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47524", "datePublished": "2024-05-24T15:09:36.706Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:08.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47506
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix use-after-free due to delegation race
A delegation break could arrive as soon as we've called vfs_setlease. A
delegation break runs a callback which immediately (in
nfsd4_cb_recall_prepare) adds the delegation to del_recall_lru. If we
then exit nfs4_set_delegation without hashing the delegation, it will be
freed as soon as the callback is done with it, without ever being
removed from del_recall_lru.
Symptoms show up later as use-after-free or list corruption warnings,
usually in the laundromat thread.
I suspect aba2072f4523 "nfsd: grant read delegations to clients holding
writes" made this bug easier to hit, but I looked as far back as v3.0
and it looks to me it already had the same problem. So I'm not sure
where the bug was introduced; it may have been there from the beginning.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47506", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T17:04:47.932390Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:44.394Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/348714018139c39533c55661a0c7c990671396b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/33645d3e22720cac1e4548f8fef57bf0649536ee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2becaa990b93cbd2928292c0b669d3abb6cf06d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e0759696de6851d7536efddfdd2dfed4c4df1f09" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eeb0711801f5e19ef654371b627682aed3b11373" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/148c816f10fd11df27ca6a9b3238cdd42fa72cd3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/548ec0805c399c65ed66c6641be467f717833ab5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nfsd/nfs4state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "04a8d07f3d58308b92630045560799a3faa3ebce", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "348714018139c39533c55661a0c7c990671396b4", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "33645d3e22720cac1e4548f8fef57bf0649536ee", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2becaa990b93cbd2928292c0b669d3abb6cf06d4", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e0759696de6851d7536efddfdd2dfed4c4df1f09", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "eeb0711801f5e19ef654371b627682aed3b11373", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "148c816f10fd11df27ca6a9b3238cdd42fa72cd3", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "548ec0805c399c65ed66c6641be467f717833ab5", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nfsd/nfs4state.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.296", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.294", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.259", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.222", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.168", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix use-after-free due to delegation race\n\nA delegation break could arrive as soon as we\u0027ve called vfs_setlease. A\ndelegation break runs a callback which immediately (in\nnfsd4_cb_recall_prepare) adds the delegation to del_recall_lru. If we\nthen exit nfs4_set_delegation without hashing the delegation, it will be\nfreed as soon as the callback is done with it, without ever being\nremoved from del_recall_lru.\n\nSymptoms show up later as use-after-free or list corruption warnings,\nusually in the laundromat thread.\n\nI suspect aba2072f4523 \"nfsd: grant read delegations to clients holding\nwrites\" made this bug easier to hit, but I looked as far back as v3.0\nand it looks to me it already had the same problem. So I\u0027m not sure\nwhere the bug was introduced; it may have been there from the beginning." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:46.365Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/04a8d07f3d58308b92630045560799a3faa3ebce" }, { "url": "https://git.kernel.org/stable/c/348714018139c39533c55661a0c7c990671396b4" }, { "url": "https://git.kernel.org/stable/c/33645d3e22720cac1e4548f8fef57bf0649536ee" }, { "url": "https://git.kernel.org/stable/c/2becaa990b93cbd2928292c0b669d3abb6cf06d4" }, { "url": "https://git.kernel.org/stable/c/e0759696de6851d7536efddfdd2dfed4c4df1f09" }, { "url": "https://git.kernel.org/stable/c/eeb0711801f5e19ef654371b627682aed3b11373" }, { "url": "https://git.kernel.org/stable/c/148c816f10fd11df27ca6a9b3238cdd42fa72cd3" }, { "url": "https://git.kernel.org/stable/c/548ec0805c399c65ed66c6641be467f717833ab5" } ], "title": "nfsd: fix use-after-free due to delegation race", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47506", "datePublished": "2024-05-24T15:01:52.746Z", "dateReserved": "2024-05-22T06:20:56.205Z", "dateUpdated": "2024-12-19T07:43:46.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47508
Vulnerability from cvelistv5
Published
2024-05-24 15:01
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: free exchange changeset on failures
Fstests runs on my VMs have show several kmemleak reports like the following.
unreferenced object 0xffff88811ae59080 (size 64):
comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s)
hex dump (first 32 bytes):
00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................
90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................
backtrace:
[<00000000ac0176d2>] ulist_add_merge+0x60/0x150 [btrfs]
[<0000000076e9f312>] set_state_bits+0x86/0xc0 [btrfs]
[<0000000014fe73d6>] set_extent_bit+0x270/0x690 [btrfs]
[<000000004f675208>] set_record_extent_bits+0x19/0x20 [btrfs]
[<00000000b96137b1>] qgroup_reserve_data+0x274/0x310 [btrfs]
[<0000000057e9dcbb>] btrfs_check_data_free_space+0x5c/0xa0 [btrfs]
[<0000000019c4511d>] btrfs_delalloc_reserve_space+0x1b/0xa0 [btrfs]
[<000000006d37e007>] btrfs_dio_iomap_begin+0x415/0x970 [btrfs]
[<00000000fb8a74b8>] iomap_iter+0x161/0x1e0
[<0000000071dff6ff>] __iomap_dio_rw+0x1df/0x700
[<000000002567ba53>] iomap_dio_rw+0x5/0x20
[<0000000072e555f8>] btrfs_file_write_iter+0x290/0x530 [btrfs]
[<000000005eb3d845>] new_sync_write+0x106/0x180
[<000000003fb505bf>] vfs_write+0x24d/0x2f0
[<000000009bb57d37>] __x64_sys_pwrite64+0x69/0xa0
[<000000003eba3fdf>] do_syscall_64+0x43/0x90
In case brtfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata()
fail the allocated extent_changeset will not be freed.
So in btrfs_check_data_free_space() and btrfs_delalloc_reserve_space()
free the allocated extent_changeset to get rid of the allocated memory.
The issue currently only happens in the direct IO write path, but only
after 65b3c08606e5 ("btrfs: fix ENOSPC failure when attempting direct IO
write into NOCOW range"), and also at defrag_one_locked_target(). Every
other place is always calling extent_changeset_free() even if its call
to btrfs_delalloc_reserve_space() or btrfs_check_data_free_space() has
failed.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/da5e817d9d75422eaaa05490d0b9a5e328fc1a51" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47508", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:39.656794Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:22.299Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/delalloc-space.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ca06c5cb1b6dbfe67655b33c02fc394d65824519", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "da5e817d9d75422eaaa05490d0b9a5e328fc1a51", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/delalloc-space.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: free exchange changeset on failures\n\nFstests runs on my VMs have show several kmemleak reports like the following.\n\n unreferenced object 0xffff88811ae59080 (size 64):\n comm \"xfs_io\", pid 12124, jiffies 4294987392 (age 6.368s)\n hex dump (first 32 bytes):\n 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................\n 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................\n backtrace:\n [\u003c00000000ac0176d2\u003e] ulist_add_merge+0x60/0x150 [btrfs]\n [\u003c0000000076e9f312\u003e] set_state_bits+0x86/0xc0 [btrfs]\n [\u003c0000000014fe73d6\u003e] set_extent_bit+0x270/0x690 [btrfs]\n [\u003c000000004f675208\u003e] set_record_extent_bits+0x19/0x20 [btrfs]\n [\u003c00000000b96137b1\u003e] qgroup_reserve_data+0x274/0x310 [btrfs]\n [\u003c0000000057e9dcbb\u003e] btrfs_check_data_free_space+0x5c/0xa0 [btrfs]\n [\u003c0000000019c4511d\u003e] btrfs_delalloc_reserve_space+0x1b/0xa0 [btrfs]\n [\u003c000000006d37e007\u003e] btrfs_dio_iomap_begin+0x415/0x970 [btrfs]\n [\u003c00000000fb8a74b8\u003e] iomap_iter+0x161/0x1e0\n [\u003c0000000071dff6ff\u003e] __iomap_dio_rw+0x1df/0x700\n [\u003c000000002567ba53\u003e] iomap_dio_rw+0x5/0x20\n [\u003c0000000072e555f8\u003e] btrfs_file_write_iter+0x290/0x530 [btrfs]\n [\u003c000000005eb3d845\u003e] new_sync_write+0x106/0x180\n [\u003c000000003fb505bf\u003e] vfs_write+0x24d/0x2f0\n [\u003c000000009bb57d37\u003e] __x64_sys_pwrite64+0x69/0xa0\n [\u003c000000003eba3fdf\u003e] do_syscall_64+0x43/0x90\n\nIn case brtfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata()\nfail the allocated extent_changeset will not be freed.\n\nSo in btrfs_check_data_free_space() and btrfs_delalloc_reserve_space()\nfree the allocated extent_changeset to get rid of the allocated memory.\n\nThe issue currently only happens in the direct IO write path, but only\nafter 65b3c08606e5 (\"btrfs: fix ENOSPC failure when attempting direct IO\nwrite into NOCOW range\"), and also at defrag_one_locked_target(). Every\nother place is always calling extent_changeset_free() even if its call\nto btrfs_delalloc_reserve_space() or btrfs_check_data_free_space() has\nfailed." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:48.778Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ca06c5cb1b6dbfe67655b33c02fc394d65824519" }, { "url": "https://git.kernel.org/stable/c/da5e817d9d75422eaaa05490d0b9a5e328fc1a51" } ], "title": "btrfs: free exchange changeset on failures", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47508", "datePublished": "2024-05-24T15:01:54.048Z", "dateReserved": "2024-05-22T06:20:56.206Z", "dateUpdated": "2024-12-19T07:43:48.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47542
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
In qlcnic_83xx_add_rings(), the indirect function of
ahw->hw_ops->alloc_mbx_args will be called to allocate memory for
cmd.req.arg, and there is a dereference of it in qlcnic_83xx_add_rings(),
which could lead to a NULL pointer dereference on failure of the
indirect function like qlcnic_83xx_alloc_mbx_args().
Fix this bug by adding a check of alloc_mbx_args(), this patch
imitates the logic of mbx_cmd()'s failure handling.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_QLCNIC=m show no new warnings, and our
static analyzer no longer warns about this code.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 Version: 7f9664525f9cb507de9198a395a111371413f230 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47542", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T17:04:13.533892Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:29.864Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d2183bb5853" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3a061d54e260b701b538873b43e399d9b8b83e03", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "b4f217d6fcc00c3fdc0921a7691f30be7490b073", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "550658a2d61e4eaf522c8ebc7fad76dc376bfb45", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "57af54a56024435d83e44c78449513b414eb6edf", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "15fa12c119f869173f9b710cbe6a4a14071d2105", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "c5ef33c1489b2cd74368057fa00b5d2183bb5853", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" }, { "lessThan": "e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572", "status": "affected", "version": "7f9664525f9cb507de9198a395a111371413f230", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.9" }, { "lessThan": "3.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.294", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()\n\nIn qlcnic_83xx_add_rings(), the indirect function of\nahw-\u003ehw_ops-\u003ealloc_mbx_args will be called to allocate memory for\ncmd.req.arg, and there is a dereference of it in qlcnic_83xx_add_rings(),\nwhich could lead to a NULL pointer dereference on failure of the\nindirect function like qlcnic_83xx_alloc_mbx_args().\n\nFix this bug by adding a check of alloc_mbx_args(), this patch\nimitates the logic of mbx_cmd()\u0027s failure handling.\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_QLCNIC=m show no new warnings, and our\nstatic analyzer no longer warns about this code." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:30.567Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03" }, { "url": "https://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073" }, { "url": "https://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45" }, { "url": "https://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf" }, { "url": "https://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f" }, { "url": "https://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105" }, { "url": "https://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d2183bb5853" }, { "url": "https://git.kernel.org/stable/c/e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572" } ], "title": "net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47542", "datePublished": "2024-05-24T15:09:48.578Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:30.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47512
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: fq_pie: prevent dismantle issue
For some reason, fq_pie_destroy() did not copy
working code from pie_destroy() and other qdiscs,
thus causing elusive bug.
Before calling del_timer_sync(&q->adapt_timer),
we need to ensure timer will not rearm itself.
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579
(t=10501 jiffies g=13085 q=3989)
NMI backtrace for cpu 0
CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343
print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]
rcu_pending kernel/rcu/tree.c:3878 [inline]
rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597
update_process_times+0x16d/0x200 kernel/time/timer.c:1785
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
__sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:write_comp_data kernel/kcov.c:221 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273
Code: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 <e8> 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00
RSP: 0018:ffffc90000d27b28 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000
RDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003
RBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000
pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418
fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
expire_timers kernel/time/timer.c:1466 [inline]
__run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
__run_timers kernel/time/timer.c:1715 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913
smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47512", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T17:36:33.443173Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T17:36:39.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a51edaf5cc563574878b93d7ef3d5955dda7030" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d86216dfda7c98375f809e26a30bfdaaba21d46e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/61c2402665f1e10c5742033fce18392e369931d7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/sch_fq_pie.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2a51edaf5cc563574878b93d7ef3d5955dda7030", "status": "affected", "version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "versionType": "git" }, { "lessThan": "d86216dfda7c98375f809e26a30bfdaaba21d46e", "status": "affected", "version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "versionType": "git" }, { "lessThan": "61c2402665f1e10c5742033fce18392e369931d7", "status": "affected", "version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/sch_fq_pie.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.6" }, { "lessThan": "5.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: prevent dismantle issue\n\nFor some reason, fq_pie_destroy() did not copy\nworking code from pie_destroy() and other qdiscs,\nthus causing elusive bug.\n\nBefore calling del_timer_sync(\u0026q-\u003eadapt_timer),\nwe need to ensure timer will not rearm itself.\n\nrcu: INFO: rcu_preempt self-detected stall on CPU\nrcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579\n (t=10501 jiffies g=13085 q=3989)\nNMI backtrace for cpu 0\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111\n nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62\n trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]\n rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343\n print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]\n check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]\n rcu_pending kernel/rcu/tree.c:3878 [inline]\n rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597\n update_process_times+0x16d/0x200 kernel/time/timer.c:1785\n tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226\n tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428\n __run_hrtimer kernel/time/hrtimer.c:1685 [inline]\n __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749\n hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811\n local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]\n __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103\n sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638\nRIP: 0010:write_comp_data kernel/kcov.c:221 [inline]\nRIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273\nCode: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 \u003ce8\u003e 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00\nRSP: 0018:ffffc90000d27b28 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000\nRDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003\nRBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000\n pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418\n fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383\n call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421\n expire_timers kernel/time/timer.c:1466 [inline]\n __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734\n __run_timers kernel/time/timer.c:1715 [inline]\n run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747\n __do_softirq+0x29b/0x9c2 kernel/softirq.c:558\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164\n kthread+0x405/0x4f0 kernel/kthread.c:327\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:53.805Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2a51edaf5cc563574878b93d7ef3d5955dda7030" }, { "url": "https://git.kernel.org/stable/c/d86216dfda7c98375f809e26a30bfdaaba21d46e" }, { "url": "https://git.kernel.org/stable/c/61c2402665f1e10c5742033fce18392e369931d7" } ], "title": "net/sched: fq_pie: prevent dismantle issue", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47512", "datePublished": "2024-05-24T15:09:27.356Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:43:53.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47557
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_ets: don't peek at classes beyond 'nbands'
when the number of DRR classes decreases, the round-robin active list can
contain elements that have already been freed in ets_qdisc_change(). As a
consequence, it's possible to see a NULL dereference crash, caused by the
attempt to call cl->qdisc->ops->peek(cl->qdisc) when cl->qdisc is NULL:
BUG: kernel NULL pointer dereference, address: 0000000000000018
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 910 Comm: mausezahn Not tainted 5.16.0-rc1+ #475
Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
RIP: 0010:ets_qdisc_dequeue+0x129/0x2c0 [sch_ets]
Code: c5 01 41 39 ad e4 02 00 00 0f 87 18 ff ff ff 49 8b 85 c0 02 00 00 49 39 c4 0f 84 ba 00 00 00 49 8b ad c0 02 00 00 48 8b 7d 10 <48> 8b 47 18 48 8b 40 38 0f ae e8 ff d0 48 89 c3 48 85 c0 0f 84 9d
RSP: 0000:ffffbb36c0b5fdd8 EFLAGS: 00010287
RAX: ffff956678efed30 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff9b938dc9 RDI: 0000000000000000
RBP: ffff956678efed30 R08: e2f3207fe360129c R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff956678efeac0
R13: ffff956678efe800 R14: ffff956611545000 R15: ffff95667ac8f100
FS: 00007f2aa9120740(0000) GS:ffff95667b800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 000000011070c000 CR4: 0000000000350ee0
Call Trace:
<TASK>
qdisc_peek_dequeued+0x29/0x70 [sch_ets]
tbf_dequeue+0x22/0x260 [sch_tbf]
__qdisc_run+0x7f/0x630
net_tx_action+0x290/0x4c0
__do_softirq+0xee/0x4f8
irq_exit_rcu+0xf4/0x130
sysvec_apic_timer_interrupt+0x52/0xc0
asm_sysvec_apic_timer_interrupt+0x12/0x20
RIP: 0033:0x7f2aa7fc9ad4
Code: b9 ff ff 48 8b 54 24 18 48 83 c4 08 48 89 ee 48 89 df 5b 5d e9 ed fc ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa <53> 48 83 ec 10 48 8b 05 10 64 33 00 48 8b 00 48 85 c0 0f 85 84 00
RSP: 002b:00007ffe5d33fab8 EFLAGS: 00000202
RAX: 0000000000000002 RBX: 0000561f72c31460 RCX: 0000561f72c31720
RDX: 0000000000000002 RSI: 0000561f72c31722 RDI: 0000561f72c31720
RBP: 000000000000002a R08: 00007ffe5d33fa40 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 0000561f7187e380
R13: 0000000000000000 R14: 0000000000000000 R15: 0000561f72c31460
</TASK>
Modules linked in: sch_ets sch_tbf dummy rfkill iTCO_wdt intel_rapl_msr iTCO_vendor_support intel_rapl_common joydev virtio_balloon lpc_ich i2c_i801 i2c_smbus pcspkr ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ahci libahci ghash_clmulni_intel serio_raw libata virtio_blk virtio_console virtio_net net_failover failover sunrpc dm_mirror dm_region_hash dm_log dm_mod
CR2: 0000000000000018
Ensuring that 'alist' was never zeroed [1] was not sufficient, we need to
remove from the active list those elements that are no more SP nor DRR.
[1] https://lore.kernel.org/netdev/60d274838bf09777f0371253416e8af71360bc08.1633609148.git.dcaratti@redhat.com/
v3: fix race between ets_qdisc_change() and ets_qdisc_dequeue() delisting
DRR classes beyond 'nbands' in ets_qdisc_change() with the qdisc lock
acquired, thanks to Cong Wang.
v2: when a NULL qdisc is found in the DRR active list, try to dequeue skb
from the next list item.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47557", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:15:45.533433Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:22.387Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ae2659d2c670252759ee9c823c4e039c0e05a6f2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e25bdbc7e951ae5728fee1f4c09485df113d013c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/de6d25924c2a8c2988c6a385990cafbe742061bf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/sch_ets.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ae2659d2c670252759ee9c823c4e039c0e05a6f2", "status": "affected", "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33", "versionType": "git" }, { "lessThan": "e25bdbc7e951ae5728fee1f4c09485df113d013c", "status": "affected", "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33", "versionType": "git" }, { "lessThan": "de6d25924c2a8c2988c6a385990cafbe742061bf", "status": "affected", "version": "dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/sch_ets.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.6" }, { "lessThan": "5.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_ets: don\u0027t peek at classes beyond \u0027nbands\u0027\n\nwhen the number of DRR classes decreases, the round-robin active list can\ncontain elements that have already been freed in ets_qdisc_change(). As a\nconsequence, it\u0027s possible to see a NULL dereference crash, caused by the\nattempt to call cl-\u003eqdisc-\u003eops-\u003epeek(cl-\u003eqdisc) when cl-\u003eqdisc is NULL:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 910 Comm: mausezahn Not tainted 5.16.0-rc1+ #475\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n RIP: 0010:ets_qdisc_dequeue+0x129/0x2c0 [sch_ets]\n Code: c5 01 41 39 ad e4 02 00 00 0f 87 18 ff ff ff 49 8b 85 c0 02 00 00 49 39 c4 0f 84 ba 00 00 00 49 8b ad c0 02 00 00 48 8b 7d 10 \u003c48\u003e 8b 47 18 48 8b 40 38 0f ae e8 ff d0 48 89 c3 48 85 c0 0f 84 9d\n RSP: 0000:ffffbb36c0b5fdd8 EFLAGS: 00010287\n RAX: ffff956678efed30 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: ffffffff9b938dc9 RDI: 0000000000000000\n RBP: ffff956678efed30 R08: e2f3207fe360129c R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000001 R12: ffff956678efeac0\n R13: ffff956678efe800 R14: ffff956611545000 R15: ffff95667ac8f100\n FS: 00007f2aa9120740(0000) GS:ffff95667b800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000011070c000 CR4: 0000000000350ee0\n Call Trace:\n \u003cTASK\u003e\n qdisc_peek_dequeued+0x29/0x70 [sch_ets]\n tbf_dequeue+0x22/0x260 [sch_tbf]\n __qdisc_run+0x7f/0x630\n net_tx_action+0x290/0x4c0\n __do_softirq+0xee/0x4f8\n irq_exit_rcu+0xf4/0x130\n sysvec_apic_timer_interrupt+0x52/0xc0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n RIP: 0033:0x7f2aa7fc9ad4\n Code: b9 ff ff 48 8b 54 24 18 48 83 c4 08 48 89 ee 48 89 df 5b 5d e9 ed fc ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa \u003c53\u003e 48 83 ec 10 48 8b 05 10 64 33 00 48 8b 00 48 85 c0 0f 85 84 00\n RSP: 002b:00007ffe5d33fab8 EFLAGS: 00000202\n RAX: 0000000000000002 RBX: 0000561f72c31460 RCX: 0000561f72c31720\n RDX: 0000000000000002 RSI: 0000561f72c31722 RDI: 0000561f72c31720\n RBP: 000000000000002a R08: 00007ffe5d33fa40 R09: 0000000000000014\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000561f7187e380\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000561f72c31460\n \u003c/TASK\u003e\n Modules linked in: sch_ets sch_tbf dummy rfkill iTCO_wdt intel_rapl_msr iTCO_vendor_support intel_rapl_common joydev virtio_balloon lpc_ich i2c_i801 i2c_smbus pcspkr ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ahci libahci ghash_clmulni_intel serio_raw libata virtio_blk virtio_console virtio_net net_failover failover sunrpc dm_mirror dm_region_hash dm_log dm_mod\n CR2: 0000000000000018\n\nEnsuring that \u0027alist\u0027 was never zeroed [1] was not sufficient, we need to\nremove from the active list those elements that are no more SP nor DRR.\n\n[1] https://lore.kernel.org/netdev/60d274838bf09777f0371253416e8af71360bc08.1633609148.git.dcaratti@redhat.com/\n\nv3: fix race between ets_qdisc_change() and ets_qdisc_dequeue() delisting\n DRR classes beyond \u0027nbands\u0027 in ets_qdisc_change() with the qdisc lock\n acquired, thanks to Cong Wang.\n\nv2: when a NULL qdisc is found in the DRR active list, try to dequeue skb\n from the next list item." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:46.540Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ae2659d2c670252759ee9c823c4e039c0e05a6f2" }, { "url": "https://git.kernel.org/stable/c/e25bdbc7e951ae5728fee1f4c09485df113d013c" }, { "url": "https://git.kernel.org/stable/c/de6d25924c2a8c2988c6a385990cafbe742061bf" } ], "title": "net/sched: sch_ets: don\u0027t peek at classes beyond \u0027nbands\u0027", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47557", "datePublished": "2024-05-24T15:09:58.655Z", "dateReserved": "2024-05-24T15:02:54.834Z", "dateUpdated": "2024-12-19T07:44:46.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47558
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: Disable Tx queues when reconfiguring the interface
The Tx queues were not disabled in situations where the driver needed to
stop the interface to apply a new configuration. This could result in a
kernel panic when doing any of the 3 following actions:
* reconfiguring the number of queues (ethtool -L)
* reconfiguring the size of the ring buffers (ethtool -G)
* installing/removing an XDP program (ip l set dev ethX xdp)
Prevent the panic by making sure netif_tx_disable is called when stopping
an interface.
Without this patch, the following kernel panic can be observed when doing
any of the actions above:
Unable to handle kernel paging request at virtual address ffff80001238d040
[....]
Call trace:
dwmac4_set_addr+0x8/0x10
dev_hard_start_xmit+0xe4/0x1ac
sch_direct_xmit+0xe8/0x39c
__dev_queue_xmit+0x3ec/0xaf0
dev_queue_xmit+0x14/0x20
[...]
[ end trace 0000000000000002 ]---
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47558", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:51:23.012354Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:51:31.116Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.721Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a92f0eebb8dc008b9e8c51c6f7b8c93b27a29a43" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b270bfe697367776eca2e6759a71d700fb8d82a2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a92f0eebb8dc008b9e8c51c6f7b8c93b27a29a43", "status": "affected", "version": "0366f7e06a6bee7eace3946a6b67fb88b828bc5c", "versionType": "git" }, { "lessThan": "b270bfe697367776eca2e6759a71d700fb8d82a2", "status": "affected", "version": "0366f7e06a6bee7eace3946a6b67fb88b828bc5c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Disable Tx queues when reconfiguring the interface\n\nThe Tx queues were not disabled in situations where the driver needed to\nstop the interface to apply a new configuration. This could result in a\nkernel panic when doing any of the 3 following actions:\n* reconfiguring the number of queues (ethtool -L)\n* reconfiguring the size of the ring buffers (ethtool -G)\n* installing/removing an XDP program (ip l set dev ethX xdp)\n\nPrevent the panic by making sure netif_tx_disable is called when stopping\nan interface.\n\nWithout this patch, the following kernel panic can be observed when doing\nany of the actions above:\n\nUnable to handle kernel paging request at virtual address ffff80001238d040\n[....]\n Call trace:\n dwmac4_set_addr+0x8/0x10\n dev_hard_start_xmit+0xe4/0x1ac\n sch_direct_xmit+0xe8/0x39c\n __dev_queue_xmit+0x3ec/0xaf0\n dev_queue_xmit+0x14/0x20\n[...]\n[ end trace 0000000000000002 ]---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:47.794Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a92f0eebb8dc008b9e8c51c6f7b8c93b27a29a43" }, { "url": "https://git.kernel.org/stable/c/b270bfe697367776eca2e6759a71d700fb8d82a2" } ], "title": "net: stmmac: Disable Tx queues when reconfiguring the interface", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47558", "datePublished": "2024-05-24T15:09:59.315Z", "dateReserved": "2024-05-24T15:02:54.834Z", "dateUpdated": "2024-12-19T07:44:47.794Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47562
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix vsi->txq_map sizing
The approach of having XDP queue per CPU regardless of user's setting
exposed a hidden bug that could occur in case when Rx queue count differ
from Tx queue count. Currently vsi->txq_map's size is equal to the
doubled vsi->alloc_txq, which is not correct due to the fact that XDP
rings were previously based on the Rx queue count. Below splat can be
seen when ethtool -L is used and XDP rings are configured:
[ 682.875339] BUG: kernel NULL pointer dereference, address: 000000000000000f
[ 682.883403] #PF: supervisor read access in kernel mode
[ 682.889345] #PF: error_code(0x0000) - not-present page
[ 682.895289] PGD 0 P4D 0
[ 682.898218] Oops: 0000 [#1] PREEMPT SMP PTI
[ 682.903055] CPU: 42 PID: 2878 Comm: ethtool Tainted: G OE 5.15.0-rc5+ #1
[ 682.912214] Hardware name: Intel Corp. GRANTLEY/GRANTLEY, BIOS GRRFCRB1.86B.0276.D07.1605190235 05/19/2016
[ 682.923380] RIP: 0010:devres_remove+0x44/0x130
[ 682.928527] Code: 49 89 f4 55 48 89 fd 4c 89 ff 53 48 83 ec 10 e8 92 b9 49 00 48 8b 9d a8 02 00 00 48 8d 8d a0 02 00 00 49 89 c2 48 39 cb 74 0f <4c> 3b 63 10 74 25 48 8b 5b 08 48 39 cb 75 f1 4c 89 ff 4c 89 d6 e8
[ 682.950237] RSP: 0018:ffffc90006a679f0 EFLAGS: 00010002
[ 682.956285] RAX: 0000000000000286 RBX: ffffffffffffffff RCX: ffff88908343a370
[ 682.964538] RDX: 0000000000000001 RSI: ffffffff81690d60 RDI: 0000000000000000
[ 682.972789] RBP: ffff88908343a0d0 R08: 0000000000000000 R09: 0000000000000000
[ 682.981040] R10: 0000000000000286 R11: 3fffffffffffffff R12: ffffffff81690d60
[ 682.989282] R13: ffffffff81690a00 R14: ffff8890819807a8 R15: ffff88908343a36c
[ 682.997535] FS: 00007f08c7bfa740(0000) GS:ffff88a03fd00000(0000) knlGS:0000000000000000
[ 683.006910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 683.013557] CR2: 000000000000000f CR3: 0000001080a66003 CR4: 00000000003706e0
[ 683.021819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 683.030075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 683.038336] Call Trace:
[ 683.041167] devm_kfree+0x33/0x50
[ 683.045004] ice_vsi_free_arrays+0x5e/0xc0 [ice]
[ 683.050380] ice_vsi_rebuild+0x4c8/0x750 [ice]
[ 683.055543] ice_vsi_recfg_qs+0x9a/0x110 [ice]
[ 683.060697] ice_set_channels+0x14f/0x290 [ice]
[ 683.065962] ethnl_set_channels+0x333/0x3f0
[ 683.070807] genl_family_rcv_msg_doit+0xea/0x150
[ 683.076152] genl_rcv_msg+0xde/0x1d0
[ 683.080289] ? channels_prepare_data+0x60/0x60
[ 683.085432] ? genl_get_cmd+0xd0/0xd0
[ 683.089667] netlink_rcv_skb+0x50/0xf0
[ 683.094006] genl_rcv+0x24/0x40
[ 683.097638] netlink_unicast+0x239/0x340
[ 683.102177] netlink_sendmsg+0x22e/0x470
[ 683.106717] sock_sendmsg+0x5e/0x60
[ 683.110756] __sys_sendto+0xee/0x150
[ 683.114894] ? handle_mm_fault+0xd0/0x2a0
[ 683.119535] ? do_user_addr_fault+0x1f3/0x690
[ 683.134173] __x64_sys_sendto+0x25/0x30
[ 683.148231] do_syscall_64+0x3b/0xc0
[ 683.161992] entry_SYSCALL_64_after_hwframe+0x44/0xae
Fix this by taking into account the value that num_possible_cpus()
yields in addition to vsi->alloc_txq instead of doubling the latter.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47562", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T17:03:56.784042Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:36.415Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.826Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1eb5395add786613c7c5579d3947aa0b8f0ec241" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/992ba40a67638dfe2772b84dfc8168dc328d5c4c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/792b2086584f25d84081a526beee80d103c2a913" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_lib.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1eb5395add786613c7c5579d3947aa0b8f0ec241", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" }, { "lessThan": "992ba40a67638dfe2772b84dfc8168dc328d5c4c", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" }, { "lessThan": "792b2086584f25d84081a526beee80d103c2a913", "status": "affected", "version": "efc2214b6047b6f5b4ca53151eba62521b9452d6", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/intel/ice/ice_lib.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix vsi-\u003etxq_map sizing\n\nThe approach of having XDP queue per CPU regardless of user\u0027s setting\nexposed a hidden bug that could occur in case when Rx queue count differ\nfrom Tx queue count. Currently vsi-\u003etxq_map\u0027s size is equal to the\ndoubled vsi-\u003ealloc_txq, which is not correct due to the fact that XDP\nrings were previously based on the Rx queue count. Below splat can be\nseen when ethtool -L is used and XDP rings are configured:\n\n[ 682.875339] BUG: kernel NULL pointer dereference, address: 000000000000000f\n[ 682.883403] #PF: supervisor read access in kernel mode\n[ 682.889345] #PF: error_code(0x0000) - not-present page\n[ 682.895289] PGD 0 P4D 0\n[ 682.898218] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 682.903055] CPU: 42 PID: 2878 Comm: ethtool Tainted: G OE 5.15.0-rc5+ #1\n[ 682.912214] Hardware name: Intel Corp. GRANTLEY/GRANTLEY, BIOS GRRFCRB1.86B.0276.D07.1605190235 05/19/2016\n[ 682.923380] RIP: 0010:devres_remove+0x44/0x130\n[ 682.928527] Code: 49 89 f4 55 48 89 fd 4c 89 ff 53 48 83 ec 10 e8 92 b9 49 00 48 8b 9d a8 02 00 00 48 8d 8d a0 02 00 00 49 89 c2 48 39 cb 74 0f \u003c4c\u003e 3b 63 10 74 25 48 8b 5b 08 48 39 cb 75 f1 4c 89 ff 4c 89 d6 e8\n[ 682.950237] RSP: 0018:ffffc90006a679f0 EFLAGS: 00010002\n[ 682.956285] RAX: 0000000000000286 RBX: ffffffffffffffff RCX: ffff88908343a370\n[ 682.964538] RDX: 0000000000000001 RSI: ffffffff81690d60 RDI: 0000000000000000\n[ 682.972789] RBP: ffff88908343a0d0 R08: 0000000000000000 R09: 0000000000000000\n[ 682.981040] R10: 0000000000000286 R11: 3fffffffffffffff R12: ffffffff81690d60\n[ 682.989282] R13: ffffffff81690a00 R14: ffff8890819807a8 R15: ffff88908343a36c\n[ 682.997535] FS: 00007f08c7bfa740(0000) GS:ffff88a03fd00000(0000) knlGS:0000000000000000\n[ 683.006910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 683.013557] CR2: 000000000000000f CR3: 0000001080a66003 CR4: 00000000003706e0\n[ 683.021819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 683.030075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 683.038336] Call Trace:\n[ 683.041167] devm_kfree+0x33/0x50\n[ 683.045004] ice_vsi_free_arrays+0x5e/0xc0 [ice]\n[ 683.050380] ice_vsi_rebuild+0x4c8/0x750 [ice]\n[ 683.055543] ice_vsi_recfg_qs+0x9a/0x110 [ice]\n[ 683.060697] ice_set_channels+0x14f/0x290 [ice]\n[ 683.065962] ethnl_set_channels+0x333/0x3f0\n[ 683.070807] genl_family_rcv_msg_doit+0xea/0x150\n[ 683.076152] genl_rcv_msg+0xde/0x1d0\n[ 683.080289] ? channels_prepare_data+0x60/0x60\n[ 683.085432] ? genl_get_cmd+0xd0/0xd0\n[ 683.089667] netlink_rcv_skb+0x50/0xf0\n[ 683.094006] genl_rcv+0x24/0x40\n[ 683.097638] netlink_unicast+0x239/0x340\n[ 683.102177] netlink_sendmsg+0x22e/0x470\n[ 683.106717] sock_sendmsg+0x5e/0x60\n[ 683.110756] __sys_sendto+0xee/0x150\n[ 683.114894] ? handle_mm_fault+0xd0/0x2a0\n[ 683.119535] ? do_user_addr_fault+0x1f3/0x690\n[ 683.134173] __x64_sys_sendto+0x25/0x30\n[ 683.148231] do_syscall_64+0x3b/0xc0\n[ 683.161992] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFix this by taking into account the value that num_possible_cpus()\nyields in addition to vsi-\u003ealloc_txq instead of doubling the latter." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:52.444Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1eb5395add786613c7c5579d3947aa0b8f0ec241" }, { "url": "https://git.kernel.org/stable/c/992ba40a67638dfe2772b84dfc8168dc328d5c4c" }, { "url": "https://git.kernel.org/stable/c/792b2086584f25d84081a526beee80d103c2a913" } ], "title": "ice: fix vsi-\u003etxq_map sizing", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47562", "datePublished": "2024-05-24T15:12:50.733Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:52.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47509
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Limit the period size to 16MB
Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.
As of this patch, we set to 16MB limit, which should cover all use
cases.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47509", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T17:05:25.970699Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T17:32:21.679Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.773Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/core/oss/pcm_oss.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d1bb703ad050de9095f10b2d3416c32921ac6bcc", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "b02a41eebcc36d4f07196780f2e165ca2c499257", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "be55f306396cd62c6889286a7194fd8b53363aeb", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2e54cf6794bf82a54aaefc78da13819aea9cd28a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "76f19e4cbb548e28547f8c328aa0bfb3a10222d3", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "ad45babf7886e7a212ee1d5eda9ef49f696db43c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "35a3e511032146941085f87dd9fb5b82ea5c00a2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/core/oss/pcm_oss.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Limit the period size to 16MB\n\nSet the practical limit to the period size (the fragment shift in OSS)\ninstead of a full 31bit; a too large value could lead to the exhaust\nof memory as we allocate temporary buffers of the period size, too.\n\nAs of this patch, we set to 16MB limit, which should cover all use\ncases." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:50.028Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc" }, { "url": "https://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257" }, { "url": "https://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb" }, { "url": "https://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a" }, { "url": "https://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3" }, { "url": "https://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c" }, { "url": "https://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2" }, { "url": "https://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2" } ], "title": "ALSA: pcm: oss: Limit the period size to 16MB", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47509", "datePublished": "2024-05-24T15:09:25.349Z", "dateReserved": "2024-05-24T15:02:54.823Z", "dateUpdated": "2024-12-19T07:43:50.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47527
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: core: fix transmit-buffer reset and memleak
Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use
tty_port_close") converted serial core to use tty_port_close() but
failed to notice that the transmit buffer still needs to be freed on
final close.
Not freeing the transmit buffer means that the buffer is no longer
cleared on next open so that any ioctl() waiting for the buffer to drain
might wait indefinitely (e.g. on termios changes) or that stale data can
end up being transmitted in case tx is restarted.
Furthermore, the buffer of any port that has been opened would leak on
driver unbind.
Note that the port lock is held when clearing the buffer pointer due to
the ldisc race worked around by commit a5ba1d95e46e ("uart: fix race
between uart_put_char() and uart_shutdown()").
Also note that the tty-port shutdown() callback is not called for
console ports so it is not strictly necessary to free the buffer page
after releasing the lock (cf. d72402145ace ("tty/serial: do not free
trasnmit buffer page under port lock")).
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 Version: 761ed4a94582ab291aa24dcbea4e01e8936488c8 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47527", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:53:22.735670Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:53:36.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.783Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/011f6c92b5bf6e1fbfdedc8b5232f64c1c493206" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e74d9663fd57640fc3394abb5c76fa95b9cc2f2e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1179b168fa3f3a6aae3bd140000455a0e58457db" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c5da8aa441053958594f94254592bb41264bdfbf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e1722acf4f0d4d67b60f57e08ce16f8b66cd4b8f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/64e491c1634b73d3bddc081d08620bdc92ab2c12" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00de977f9e0aa9760d9a79d1e41ff780f74e3424" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/tty/serial/serial_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "011f6c92b5bf6e1fbfdedc8b5232f64c1c493206", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "e74d9663fd57640fc3394abb5c76fa95b9cc2f2e", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "1179b168fa3f3a6aae3bd140000455a0e58457db", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "c5da8aa441053958594f94254592bb41264bdfbf", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "e1722acf4f0d4d67b60f57e08ce16f8b66cd4b8f", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "64e491c1634b73d3bddc081d08620bdc92ab2c12", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" }, { "lessThan": "00de977f9e0aa9760d9a79d1e41ff780f74e3424", "status": "affected", "version": "761ed4a94582ab291aa24dcbea4e01e8936488c8", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/tty/serial/serial_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.9" }, { "lessThan": "4.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.292", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: core: fix transmit-buffer reset and memleak\n\nCommit 761ed4a94582 (\"tty: serial_core: convert uart_close to use\ntty_port_close\") converted serial core to use tty_port_close() but\nfailed to notice that the transmit buffer still needs to be freed on\nfinal close.\n\nNot freeing the transmit buffer means that the buffer is no longer\ncleared on next open so that any ioctl() waiting for the buffer to drain\nmight wait indefinitely (e.g. on termios changes) or that stale data can\nend up being transmitted in case tx is restarted.\n\nFurthermore, the buffer of any port that has been opened would leak on\ndriver unbind.\n\nNote that the port lock is held when clearing the buffer pointer due to\nthe ldisc race worked around by commit a5ba1d95e46e (\"uart: fix race\nbetween uart_put_char() and uart_shutdown()\").\n\nAlso note that the tty-port shutdown() callback is not called for\nconsole ports so it is not strictly necessary to free the buffer page\nafter releasing the lock (cf. d72402145ace (\"tty/serial: do not free\ntrasnmit buffer page under port lock\"))." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:12.510Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/011f6c92b5bf6e1fbfdedc8b5232f64c1c493206" }, { "url": "https://git.kernel.org/stable/c/e74d9663fd57640fc3394abb5c76fa95b9cc2f2e" }, { "url": "https://git.kernel.org/stable/c/1179b168fa3f3a6aae3bd140000455a0e58457db" }, { "url": "https://git.kernel.org/stable/c/c5da8aa441053958594f94254592bb41264bdfbf" }, { "url": "https://git.kernel.org/stable/c/e1722acf4f0d4d67b60f57e08ce16f8b66cd4b8f" }, { "url": "https://git.kernel.org/stable/c/64e491c1634b73d3bddc081d08620bdc92ab2c12" }, { "url": "https://git.kernel.org/stable/c/00de977f9e0aa9760d9a79d1e41ff780f74e3424" } ], "title": "serial: core: fix transmit-buffer reset and memleak", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47527", "datePublished": "2024-05-24T15:09:38.690Z", "dateReserved": "2024-05-24T15:02:54.825Z", "dateUpdated": "2024-12-19T07:44:12.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47568
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix memleak in get_file_stream_info()
Fix memleak in get_file_stream_info()
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47568", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-20T19:25:13.311391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T19:25:21.892Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ksmbd/smb2pdu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "11e659827c3a2facb3a04e08cc97ff14d5091f51", "status": "affected", "version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "versionType": "git" }, { "lessThan": "178ca6f85aa3231094467691f5ea1ff2f398aa8d", "status": "affected", "version": "34061d6b76a41b1e43c19e1e50d98e5d77f77d4e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ksmbd/smb2pdu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix memleak in get_file_stream_info()\n\nFix memleak in get_file_stream_info()" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:59.991Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/11e659827c3a2facb3a04e08cc97ff14d5091f51" }, { "url": "https://git.kernel.org/stable/c/178ca6f85aa3231094467691f5ea1ff2f398aa8d" } ], "title": "ksmbd: fix memleak in get_file_stream_info()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47568", "datePublished": "2024-05-24T15:12:54.742Z", "dateReserved": "2024-05-24T15:11:00.728Z", "dateUpdated": "2024-12-19T07:44:59.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47541
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and
tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv().
After that mlx4_en_alloc_resources() is called and there is a dereference
of &tmp->tx_cq[t][i] in mlx4_en_alloc_resources(), which could lead to
a use after free problem on failure of mlx4_en_copy_priv().
Fix this bug by adding a check of mlx4_en_copy_priv()
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_MLX4_EN=m show no new warnings,
and our static analyzer no longer warns about this code.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 Version: ec25bc04ed8e12947738468cbe2191f1529f9e39 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47541", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:52:32.131525Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-10T18:52:41.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be12572c5ddc8ad7453bada4eec8fa46967dc757" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/676dc7d9b15bf8733233a2db1ec3f9091ab34275" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e461a9816a1ac5b4aeb61621b817225b61e46a68" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f1d43efa59f1edd3e7eca0e94559b4c6b1cd4e2b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/75917372eef0dbfb290ae45474314d35f97aea18" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/addad7643142f500080417dd7272f49b7a185570" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx4/en_netdev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "be12572c5ddc8ad7453bada4eec8fa46967dc757", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" }, { "lessThan": "676dc7d9b15bf8733233a2db1ec3f9091ab34275", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" }, { "lessThan": "e461a9816a1ac5b4aeb61621b817225b61e46a68", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" }, { "lessThan": "f1d43efa59f1edd3e7eca0e94559b4c6b1cd4e2b", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" }, { "lessThan": "75917372eef0dbfb290ae45474314d35f97aea18", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" }, { "lessThan": "addad7643142f500080417dd7272f49b7a185570", "status": "affected", "version": "ec25bc04ed8e12947738468cbe2191f1529f9e39", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx4/en_netdev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.7" }, { "lessThan": "4.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.257", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()\n\nIn mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and\ntmp-\u003etx_cq will be freed on the error path of mlx4_en_copy_priv().\nAfter that mlx4_en_alloc_resources() is called and there is a dereference\nof \u0026tmp-\u003etx_cq[t][i] in mlx4_en_alloc_resources(), which could lead to\na use after free problem on failure of mlx4_en_copy_priv().\n\nFix this bug by adding a check of mlx4_en_copy_priv()\n\nThis bug was found by a static analyzer. The analysis employs\ndifferential checking to identify inconsistent security operations\n(e.g., checks or kfrees) between two code paths and confirms that the\ninconsistent operations are not recovered in the current function or\nthe callers, so they constitute bugs.\n\nNote that, as a bug found by static analysis, it can be a false\npositive or hard to trigger. Multiple researchers have cross-reviewed\nthe bug.\n\nBuilds with CONFIG_MLX4_EN=m show no new warnings,\nand our static analyzer no longer warns about this code." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:29.387Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/be12572c5ddc8ad7453bada4eec8fa46967dc757" }, { "url": "https://git.kernel.org/stable/c/676dc7d9b15bf8733233a2db1ec3f9091ab34275" }, { "url": "https://git.kernel.org/stable/c/e461a9816a1ac5b4aeb61621b817225b61e46a68" }, { "url": "https://git.kernel.org/stable/c/f1d43efa59f1edd3e7eca0e94559b4c6b1cd4e2b" }, { "url": "https://git.kernel.org/stable/c/75917372eef0dbfb290ae45474314d35f97aea18" }, { "url": "https://git.kernel.org/stable/c/addad7643142f500080417dd7272f49b7a185570" } ], "title": "net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47541", "datePublished": "2024-05-24T15:09:47.916Z", "dateReserved": "2024-05-24T15:02:54.829Z", "dateUpdated": "2024-12-19T07:44:29.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47517
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ethtool: do not perform operations on net devices being unregistered
There is a short period between a net device starts to be unregistered
and when it is actually gone. In that time frame ethtool operations
could still be performed, which might end up in unwanted or undefined
behaviours[1].
Do not allow ethtool operations after a net device starts its
unregistration. This patch targets the netlink part as the ioctl one
isn't affected: the reference to the net device is taken and the
operation is executed within an rtnl lock section and the net device
won't be found after unregister.
[1] For example adding Tx queues after unregister ends up in NULL
pointer exceptions and UaFs, such as:
BUG: KASAN: use-after-free in kobject_get+0x14/0x90
Read of size 1 at addr ffff88801961248c by task ethtool/755
CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014
Call Trace:
dump_stack_lvl+0x57/0x72
print_address_description.constprop.0+0x1f/0x140
kasan_report.cold+0x7f/0x11b
kobject_get+0x14/0x90
kobject_add_internal+0x3d1/0x450
kobject_init_and_add+0xba/0xf0
netdev_queue_update_kobjects+0xcf/0x200
netif_set_real_num_tx_queues+0xb4/0x310
veth_set_channels+0x1c3/0x550
ethnl_set_channels+0x524/0x610
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47517", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:18:28.551288Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:13:57.373Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.610Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ethtool/netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7c26da3be1e9843a15b5318f90db8a564479d2ac", "status": "affected", "version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b", "versionType": "git" }, { "lessThan": "cfd719f04267108f5f5bf802b9d7de69e99a99f9", "status": "affected", "version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b", "versionType": "git" }, { "lessThan": "dde91ccfa25fd58f64c397d91b81a4b393100ffa", "status": "affected", "version": "041b1c5d4a53e97fc9e029ae32469552ca12cb9b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ethtool/netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.6" }, { "lessThan": "5.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.87", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: do not perform operations on net devices being unregistered\n\nThere is a short period between a net device starts to be unregistered\nand when it is actually gone. In that time frame ethtool operations\ncould still be performed, which might end up in unwanted or undefined\nbehaviours[1].\n\nDo not allow ethtool operations after a net device starts its\nunregistration. This patch targets the netlink part as the ioctl one\nisn\u0027t affected: the reference to the net device is taken and the\noperation is executed within an rtnl lock section and the net device\nwon\u0027t be found after unregister.\n\n[1] For example adding Tx queues after unregister ends up in NULL\n pointer exceptions and UaFs, such as:\n\n BUG: KASAN: use-after-free in kobject_get+0x14/0x90\n Read of size 1 at addr ffff88801961248c by task ethtool/755\n\n CPU: 0 PID: 755 Comm: ethtool Not tainted 5.15.0-rc6+ #778\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/014\n Call Trace:\n dump_stack_lvl+0x57/0x72\n print_address_description.constprop.0+0x1f/0x140\n kasan_report.cold+0x7f/0x11b\n kobject_get+0x14/0x90\n kobject_add_internal+0x3d1/0x450\n kobject_init_and_add+0xba/0xf0\n netdev_queue_update_kobjects+0xcf/0x200\n netif_set_real_num_tx_queues+0xb4/0x310\n veth_set_channels+0x1c3/0x550\n ethnl_set_channels+0x524/0x610" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:00.291Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7c26da3be1e9843a15b5318f90db8a564479d2ac" }, { "url": "https://git.kernel.org/stable/c/cfd719f04267108f5f5bf802b9d7de69e99a99f9" }, { "url": "https://git.kernel.org/stable/c/dde91ccfa25fd58f64c397d91b81a4b393100ffa" } ], "title": "ethtool: do not perform operations on net devices being unregistered", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47517", "datePublished": "2024-05-24T15:09:30.675Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:44:00.291Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47555
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: vlan: fix underflow for the real_dev refcnt
Inject error before dev_hold(real_dev) in register_vlan_dev(),
and execute the following testcase:
ip link add dev dummy1 type dummy
ip link add name dummy1.100 link dummy1 type vlan id 100
ip link del dev dummy1
When the dummy netdevice is removed, we will get a WARNING as following:
=======================================================================
refcount_t: decrement hit 0; leaking memory.
WARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0
and an endless loop of:
=======================================================================
unregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824
That is because dev_put(real_dev) in vlan_dev_free() be called without
dev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev
underflow.
Move the dev_hold(real_dev) to vlan_dev_init() which is the call-back of
ndo_init(). That makes dev_hold() and dev_put() for vlan's real_dev
symmetrical.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 700602b662d7eaa816b1a3cb0abe7a85de358fd4 Version: e04a7a84bb77f9cdf4475340fe931389bc72331c Version: 21032425c36ff85f16e72ca92193a8c401e4acd5 Version: 563bcbae3ba233c275c244bfce2efe12938f5363 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-47555", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T16:50:13.639283Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T20:18:51.592Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/8021q/vlan.c", "net/8021q/vlan_dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5e44178864b38dd70b877985abd7d86fdb95f27d", "status": "affected", "version": "700602b662d7eaa816b1a3cb0abe7a85de358fd4", "versionType": "git" }, { "lessThan": "6e800ee43218a56acc93676bbb3d93b74779e555", "status": "affected", "version": "e04a7a84bb77f9cdf4475340fe931389bc72331c", "versionType": "git" }, { "lessThan": "f7fc72a508cf115c273a7a29350069def1041890", "status": "affected", "version": "21032425c36ff85f16e72ca92193a8c401e4acd5", "versionType": "git" }, { "lessThan": "01d9cc2dea3fde3bad6d27f464eff463496e2b00", "status": "affected", "version": "563bcbae3ba233c275c244bfce2efe12938f5363", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/8021q/vlan.c", "net/8021q/vlan_dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5.4.163", "status": "affected", "version": "5.4.160", "versionType": "semver" }, { "lessThan": "5.10.83", "status": "affected", "version": "5.10.80", "versionType": "semver" }, { "lessThan": "5.15.6", "status": "affected", "version": "5.15.3", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vlan: fix underflow for the real_dev refcnt\n\nInject error before dev_hold(real_dev) in register_vlan_dev(),\nand execute the following testcase:\n\nip link add dev dummy1 type dummy\nip link add name dummy1.100 link dummy1 type vlan id 100\nip link del dev dummy1\n\nWhen the dummy netdevice is removed, we will get a WARNING as following:\n\n=======================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 2 PID: 0 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0\n\nand an endless loop of:\n\n=======================================================================\nunregister_netdevice: waiting for dummy1 to become free. Usage count = -1073741824\n\nThat is because dev_put(real_dev) in vlan_dev_free() be called without\ndev_hold(real_dev) in register_vlan_dev(). It makes the refcnt of real_dev\nunderflow.\n\nMove the dev_hold(real_dev) to vlan_dev_init() which is the call-back of\nndo_init(). That makes dev_hold() and dev_put() for vlan\u0027s real_dev\nsymmetrical." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:43.699Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5e44178864b38dd70b877985abd7d86fdb95f27d" }, { "url": "https://git.kernel.org/stable/c/6e800ee43218a56acc93676bbb3d93b74779e555" }, { "url": "https://git.kernel.org/stable/c/f7fc72a508cf115c273a7a29350069def1041890" }, { "url": "https://git.kernel.org/stable/c/01d9cc2dea3fde3bad6d27f464eff463496e2b00" } ], "title": "net: vlan: fix underflow for the real_dev refcnt", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47555", "datePublished": "2024-05-24T15:09:57.302Z", "dateReserved": "2024-05-24T15:02:54.833Z", "dateUpdated": "2024-12-19T07:44:43.699Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47538
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
Need to call rxrpc_put_local() for peer candidate before kfree() as it
holds a ref to rxrpc_local.
[DH: v2: Changed to abstract the peer freeing code out into a function]
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: e8e51ce79c157188e209e5ea0afaf6b42dd76104 Version: 9ebeddef58c41bd700419cdcece24cf64ce32276 Version: 9ebeddef58c41bd700419cdcece24cf64ce32276 Version: 9ebeddef58c41bd700419cdcece24cf64ce32276 Version: 9ebeddef58c41bd700419cdcece24cf64ce32276 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47538", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:15:07.366329Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:56.132Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/913c24af2d13a3fd304462916ee98e298d56bdce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e70e3a72d80b16094faccbe438cd53761c3503a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60f0b9c42cb80833a03ca57c1c8b078d716e71d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9469273e616ca8f1b6e3773c5019f21b4c8d828c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/beacff50edbd6c9659a6f15fc7f6126909fade29" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/rxrpc/peer_object.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "913c24af2d13a3fd304462916ee98e298d56bdce", "status": "affected", "version": "e8e51ce79c157188e209e5ea0afaf6b42dd76104", "versionType": "git" }, { "lessThan": "3e70e3a72d80b16094faccbe438cd53761c3503a", "status": "affected", "version": "9ebeddef58c41bd700419cdcece24cf64ce32276", "versionType": "git" }, { "lessThan": "60f0b9c42cb80833a03ca57c1c8b078d716e71d1", "status": "affected", "version": "9ebeddef58c41bd700419cdcece24cf64ce32276", "versionType": "git" }, { "lessThan": "9469273e616ca8f1b6e3773c5019f21b4c8d828c", "status": "affected", "version": "9ebeddef58c41bd700419cdcece24cf64ce32276", "versionType": "git" }, { "lessThan": "beacff50edbd6c9659a6f15fc7f6126909fade29", "status": "affected", "version": "9ebeddef58c41bd700419cdcece24cf64ce32276", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/rxrpc/peer_object.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.220", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.164", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()\n\nNeed to call rxrpc_put_local() for peer candidate before kfree() as it\nholds a ref to rxrpc_local.\n\n[DH: v2: Changed to abstract the peer freeing code out into a function]" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:25.807Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/913c24af2d13a3fd304462916ee98e298d56bdce" }, { "url": "https://git.kernel.org/stable/c/3e70e3a72d80b16094faccbe438cd53761c3503a" }, { "url": "https://git.kernel.org/stable/c/60f0b9c42cb80833a03ca57c1c8b078d716e71d1" }, { "url": "https://git.kernel.org/stable/c/9469273e616ca8f1b6e3773c5019f21b4c8d828c" }, { "url": "https://git.kernel.org/stable/c/beacff50edbd6c9659a6f15fc7f6126909fade29" } ], "title": "rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47538", "datePublished": "2024-05-24T15:09:45.959Z", "dateReserved": "2024-05-24T15:02:54.828Z", "dateUpdated": "2024-12-19T07:44:25.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52880
Vulnerability from cvelistv5
Published
2024-05-24 15:33
Modified
2024-12-19 08:27
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
Any unprivileged user can attach N_GSM0710 ldisc, but it requires
CAP_NET_ADMIN to create a GSM network anyway.
Require initial namespace CAP_NET_ADMIN to do that.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52880", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:10:27.057428Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:23:31.686Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/tty/n_gsm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7d303dee473ba3529d75b63491e9963342107bed", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2b85977977cbd120591b23c2450e90a5806a7167", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/tty/n_gsm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.312", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.274", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.215", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.155", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.86", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that." } ], "providerMetadata": { "dateUpdated": "2024-12-19T08:27:48.045Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed" }, { "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58" }, { "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa" }, { "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a" }, { "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167" }, { "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88" } ], "title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2023-52880", "datePublished": "2024-05-24T15:33:17.439Z", "dateReserved": "2024-05-21T15:35:00.781Z", "dateUpdated": "2024-12-19T08:27:48.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47520
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: pch_can: pch_can_rx_normal: fix use after free
After calling netif_receive_skb(skb), dereferencing skb is unsafe.
Especially, the can_frame cf which aliases skb memory is dereferenced
just after the call netif_receive_skb(skb).
Reordering the lines solves the issue.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 Version: b21d18b51b31a24d17f883b678432fbdee3d5675 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47520", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T18:03:24.271974Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T18:03:39.525Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/can/pch_can.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "bafe343a885c70dddf358379cf0b2a1c07355d8d", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "3a3c46e2eff0577454860a203be1a8295f4acb76", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "affbad02bf80380a7403885b9fe4a1587d1bb4f3", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "abb4eff3dcd2e583060082a18a8dbf31f02689d4", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "703dde112021c93d6e89443c070e7dbd4dea612e", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "6c73fc931658d8cbc8a1714b326cb31eb71d16a7", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" }, { "lessThan": "94cddf1e9227a171b27292509d59691819c458db", "status": "affected", "version": "b21d18b51b31a24d17f883b678432fbdee3d5675", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/can/pch_can.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.37" }, { "lessThan": "2.6.37", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.4.*", "status": "unaffected", "version": "4.4.295", "versionType": "semver" }, { "lessThanOrEqual": "4.9.*", "status": "unaffected", "version": "4.9.293", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: pch_can: pch_can_rx_normal: fix use after free\n\nAfter calling netif_receive_skb(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is dereferenced\njust after the call netif_receive_skb(skb).\n\nReordering the lines solves the issue." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:04.073Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/bafe343a885c70dddf358379cf0b2a1c07355d8d" }, { "url": "https://git.kernel.org/stable/c/3a3c46e2eff0577454860a203be1a8295f4acb76" }, { "url": "https://git.kernel.org/stable/c/affbad02bf80380a7403885b9fe4a1587d1bb4f3" }, { "url": "https://git.kernel.org/stable/c/3e193ef4e0a3f5bf92ede83ef214cb09d01b00aa" }, { "url": "https://git.kernel.org/stable/c/abb4eff3dcd2e583060082a18a8dbf31f02689d4" }, { "url": "https://git.kernel.org/stable/c/703dde112021c93d6e89443c070e7dbd4dea612e" }, { "url": "https://git.kernel.org/stable/c/6c73fc931658d8cbc8a1714b326cb31eb71d16a7" }, { "url": "https://git.kernel.org/stable/c/94cddf1e9227a171b27292509d59691819c458db" } ], "title": "can: pch_can: pch_can_rx_normal: fix use after free", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47520", "datePublished": "2024-05-24T15:09:33.796Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:44:04.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47536
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix wrong list_del in smc_lgr_cleanup_early
smc_lgr_cleanup_early() meant to delete the link
group from the link group list, but it deleted
the list head by mistake.
This may cause memory corruption since we didn't
remove the real link group from the list and later
memseted the link group structure.
We got a list corruption panic when testing:
[ 231.277259] list_del corruption. prev->next should be ffff8881398a8000, but was 0000000000000000
[ 231.278222] ------------[ cut here ]------------
[ 231.278726] kernel BUG at lib/list_debug.c:53!
[ 231.279326] invalid opcode: 0000 [#1] SMP NOPTI
[ 231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435
[ 231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014
[ 231.281248] Workqueue: events smc_link_down_work
[ 231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90
[ 231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c
60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 <0f>
0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc
[ 231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292
[ 231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000
[ 231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040
[ 231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001
[ 231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001
[ 231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003
[ 231.288337] FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
[ 231.289160] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0
[ 231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 231.291940] Call Trace:
[ 231.292211] smc_lgr_terminate_sched+0x53/0xa0
[ 231.292677] smc_switch_conns+0x75/0x6b0
[ 231.293085] ? update_load_avg+0x1a6/0x590
[ 231.293517] ? ttwu_do_wakeup+0x17/0x150
[ 231.293907] ? update_load_avg+0x1a6/0x590
[ 231.294317] ? newidle_balance+0xca/0x3d0
[ 231.294716] smcr_link_down+0x50/0x1a0
[ 231.295090] ? __wake_up_common_lock+0x77/0x90
[ 231.295534] smc_link_down_work+0x46/0x60
[ 231.295933] process_one_work+0x18b/0x350
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47536", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-28T15:18:35.309729Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:10.859Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.717Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/77731fede297a23d26f2d169b4269466b2c82529" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/95518fe354d712dca6f431cf2a11b8f63bc9a66c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/789b6cc2a5f9123b9c549b886fdc47c865cfe0ba" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/smc/smc_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "77731fede297a23d26f2d169b4269466b2c82529", "status": "affected", "version": "a0a62ee15a829ebf8aeec55a4f1688230439b3e0", "versionType": "git" }, { "lessThan": "95518fe354d712dca6f431cf2a11b8f63bc9a66c", "status": "affected", "version": "a0a62ee15a829ebf8aeec55a4f1688230439b3e0", "versionType": "git" }, { "lessThan": "789b6cc2a5f9123b9c549b886fdc47c865cfe0ba", "status": "affected", "version": "a0a62ee15a829ebf8aeec55a4f1688230439b3e0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/smc/smc_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.5" }, { "lessThan": "5.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.84", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix wrong list_del in smc_lgr_cleanup_early\n\nsmc_lgr_cleanup_early() meant to delete the link\ngroup from the link group list, but it deleted\nthe list head by mistake.\n\nThis may cause memory corruption since we didn\u0027t\nremove the real link group from the list and later\nmemseted the link group structure.\nWe got a list corruption panic when testing:\n\n[ \u00a0231.277259] list_del corruption. prev-\u003enext should be ffff8881398a8000, but was 0000000000000000\n[ \u00a0231.278222] ------------[ cut here ]------------\n[ \u00a0231.278726] kernel BUG at lib/list_debug.c:53!\n[ \u00a0231.279326] invalid opcode: 0000 [#1] SMP NOPTI\n[ \u00a0231.279803] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.46+ #435\n[ \u00a0231.280466] Hardware name: Alibaba Cloud ECS, BIOS 8c24b4c 04/01/2014\n[ \u00a0231.281248] Workqueue: events smc_link_down_work\n[ \u00a0231.281732] RIP: 0010:__list_del_entry_valid+0x70/0x90\n[ \u00a0231.282258] Code: 4c 60 82 e8 7d cc 6a 00 0f 0b 48 89 fe 48 c7 c7 88 4c\n60 82 e8 6c cc 6a 00 0f 0b 48 89 fe 48 c7 c7 c0 4c 60 82 e8 5b cc 6a 00 \u003c0f\u003e\n0b 48 89 fe 48 c7 c7 00 4d 60 82 e8 4a cc 6a 00 0f 0b cc cc cc\n[ \u00a0231.284146] RSP: 0018:ffffc90000033d58 EFLAGS: 00010292\n[ \u00a0231.284685] RAX: 0000000000000054 RBX: ffff8881398a8000 RCX: 0000000000000000\n[ \u00a0231.285415] RDX: 0000000000000001 RSI: ffff88813bc18040 RDI: ffff88813bc18040\n[ \u00a0231.286141] RBP: ffffffff8305ad40 R08: 0000000000000003 R09: 0000000000000001\n[ \u00a0231.286873] R10: ffffffff82803da0 R11: ffffc90000033b90 R12: 0000000000000001\n[ \u00a0231.287606] R13: 0000000000000000 R14: ffff8881398a8000 R15: 0000000000000003\n[ \u00a0231.288337] FS: \u00a00000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\n[ \u00a0231.289160] CS: \u00a00010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ \u00a0231.289754] CR2: 0000000000e72058 CR3: 000000010fa96006 CR4: 00000000003706f0\n[ \u00a0231.290485] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ \u00a0231.291211] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ \u00a0231.291940] Call Trace:\n[ \u00a0231.292211] \u00a0smc_lgr_terminate_sched+0x53/0xa0\n[ \u00a0231.292677] \u00a0smc_switch_conns+0x75/0x6b0\n[ \u00a0231.293085] \u00a0? update_load_avg+0x1a6/0x590\n[ \u00a0231.293517] \u00a0? ttwu_do_wakeup+0x17/0x150\n[ \u00a0231.293907] \u00a0? update_load_avg+0x1a6/0x590\n[ \u00a0231.294317] \u00a0? newidle_balance+0xca/0x3d0\n[ \u00a0231.294716] \u00a0smcr_link_down+0x50/0x1a0\n[ \u00a0231.295090] \u00a0? __wake_up_common_lock+0x77/0x90\n[ \u00a0231.295534] \u00a0smc_link_down_work+0x46/0x60\n[ \u00a0231.295933] \u00a0process_one_work+0x18b/0x350" } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:23.218Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/77731fede297a23d26f2d169b4269466b2c82529" }, { "url": "https://git.kernel.org/stable/c/95518fe354d712dca6f431cf2a11b8f63bc9a66c" }, { "url": "https://git.kernel.org/stable/c/789b6cc2a5f9123b9c549b886fdc47c865cfe0ba" } ], "title": "net/smc: fix wrong list_del in smc_lgr_cleanup_early", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47536", "datePublished": "2024-05-24T15:09:44.651Z", "dateReserved": "2024-05-24T15:02:54.827Z", "dateUpdated": "2024-12-19T07:44:23.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47560
Vulnerability from cvelistv5
Published
2024-05-24 15:12
Modified
2024-12-19 07:44
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum: Protect driver from buggy firmware
When processing port up/down events generated by the device's firmware,
the driver protects itself from events reported for non-existent local
ports, but not the CPU port (local port 0), which exists, but lacks a
netdev.
This can result in a NULL pointer dereference when calling
netif_carrier_{on,off}().
Fix this by bailing early when processing an event reported for the CPU
port. Problem was only observed when running on top of a buggy emulator.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-47560", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-24T19:11:25.762617Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:14:04.132Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlxsw/spectrum.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "90d0736876c50ecde1a3275636a06b9ddb1cace9", "status": "affected", "version": "28b1987ef5064dd5c43538ba1168ef7b801f3cad", "versionType": "git" }, { "lessThan": "da4d70199e5d82da664a80077508d6c18f5e76df", "status": "affected", "version": "28b1987ef5064dd5c43538ba1168ef7b801f3cad", "versionType": "git" }, { "lessThan": "63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047", "status": "affected", "version": "28b1987ef5064dd5c43538ba1168ef7b801f3cad", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlxsw/spectrum.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.83", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum: Protect driver from buggy firmware\n\nWhen processing port up/down events generated by the device\u0027s firmware,\nthe driver protects itself from events reported for non-existent local\nports, but not the CPU port (local port 0), which exists, but lacks a\nnetdev.\n\nThis can result in a NULL pointer dereference when calling\nnetif_carrier_{on,off}().\n\nFix this by bailing early when processing an event reported for the CPU\nport. Problem was only observed when running on top of a buggy emulator." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:44:50.124Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9" }, { "url": "https://git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df" }, { "url": "https://git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047" } ], "title": "mlxsw: spectrum: Protect driver from buggy firmware", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47560", "datePublished": "2024-05-24T15:12:49.369Z", "dateReserved": "2024-05-24T15:11:00.727Z", "dateUpdated": "2024-12-19T07:44:50.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-47515
Vulnerability from cvelistv5
Published
2024-05-24 15:09
Modified
2024-12-19 07:43
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
seg6: fix the iif in the IPv6 socket control block
When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving
interface index into the IPv4 socket control block (v5.16-rc4,
net/ipv4/ip_input.c line 510):
IPCB(skb)->iif = skb->skb_iif;
If that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH
header, the seg6_do_srh_encap(...) performs the required encapsulation.
In this case, the seg6_do_srh_encap function clears the IPv6 socket control
block (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163):
memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
The memset(...) was introduced in commit ef489749aae5 ("ipv6: sr: clear
IP6CB(skb) on SRH ip4ip6 encapsulation") a long time ago (2019-01-29).
Since the IPv6 socket control block and the IPv4 socket control block share
the same memory area (skb->cb), the receiving interface index info is lost
(IP6CB(skb)->iif is set to zero).
As a side effect, that condition triggers a NULL pointer dereference if
commit 0857d6f8c759 ("ipv6: When forwarding count rx stats on the orig
netdev") is applied.
To fix that issue, we set the IP6CB(skb)->iif with the index of the
receiving interface once again.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: c630ec8bdadae9d557b1ceb9d6c06e149108a0d4 Version: 2f704348c93ff8119e642dae6a72327f90b82810 Version: ef489749aae508e6f17886775c075f12ff919fb1 Version: ef489749aae508e6f17886775c075f12ff919fb1 Version: ef489749aae508e6f17886775c075f12ff919fb1 Version: ef489749aae508e6f17886775c075f12ff919fb1 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T05:39:59.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-47515", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:35:33.340330Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.378Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv6/seg6_iptunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b16d412e5f79734033df04e97d7ea2f50a8e9fe3", "status": "affected", "version": "c630ec8bdadae9d557b1ceb9d6c06e149108a0d4", "versionType": "git" }, { "lessThan": "6431e71093f3da586a00c6d931481ffb0dc2db0e", "status": "affected", "version": "2f704348c93ff8119e642dae6a72327f90b82810", "versionType": "git" }, { "lessThan": "ef8804e47c0a44ae106ead1740408af5ea6c6ee9", "status": "affected", "version": "ef489749aae508e6f17886775c075f12ff919fb1", "versionType": "git" }, { "lessThan": "666521b3852d2b2f52d570f9122b1e4b50d96831", "status": "affected", "version": "ef489749aae508e6f17886775c075f12ff919fb1", "versionType": "git" }, { "lessThan": "98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1", "status": "affected", "version": "ef489749aae508e6f17886775c075f12ff919fb1", "versionType": "git" }, { "lessThan": "ae68d93354e5bf5191ee673982251864ea24dd5c", "status": "affected", "version": "ef489749aae508e6f17886775c075f12ff919fb1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv6/seg6_iptunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.0" }, { "lessThan": "5.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.14.*", "status": "unaffected", "version": "4.14.258", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.221", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.165", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.85", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.8", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix the iif in the IPv6 socket control block\n\nWhen an IPv4 packet is received, the ip_rcv_core(...) sets the receiving\ninterface index into the IPv4 socket control block (v5.16-rc4,\nnet/ipv4/ip_input.c line 510):\n\n IPCB(skb)-\u003eiif = skb-\u003eskb_iif;\n\nIf that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH\nheader, the seg6_do_srh_encap(...) performs the required encapsulation.\nIn this case, the seg6_do_srh_encap function clears the IPv6 socket control\nblock (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163):\n\n memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));\n\nThe memset(...) was introduced in commit ef489749aae5 (\"ipv6: sr: clear\nIP6CB(skb) on SRH ip4ip6 encapsulation\") a long time ago (2019-01-29).\n\nSince the IPv6 socket control block and the IPv4 socket control block share\nthe same memory area (skb-\u003ecb), the receiving interface index info is lost\n(IP6CB(skb)-\u003eiif is set to zero).\n\nAs a side effect, that condition triggers a NULL pointer dereference if\ncommit 0857d6f8c759 (\"ipv6: When forwarding count rx stats on the orig\nnetdev\") is applied.\n\nTo fix that issue, we set the IP6CB(skb)-\u003eiif with the index of the\nreceiving interface once again." } ], "providerMetadata": { "dateUpdated": "2024-12-19T07:43:57.801Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3" }, { "url": "https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e" }, { "url": "https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9" }, { "url": "https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831" }, { "url": "https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1" }, { "url": "https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c" } ], "title": "seg6: fix the iif in the IPv6 socket control block", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-47515", "datePublished": "2024-05-24T15:09:29.334Z", "dateReserved": "2024-05-24T15:02:54.824Z", "dateUpdated": "2024-12-19T07:43:57.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.