6095 matches found
CVE-2021-47051
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspipreparexferhardware pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with...
CVE-2021-47049 Drivers: hv: vmbus: Use after free in __vmbus_open()
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in vmbusopen The "openinfo" variable is added to the &vmbusconnection.chnmsglist, but the error handling frees "openinfo" without removing it from the list. This will result in a use after free...
CVE-2021-47050 memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platformgetresourcebyname can return NULL which would be immediately dereferenced by resourcesize. Instead dereference it after validating the resource...
CVE-2021-47046
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi14processtransaction The hdcpi2coffsets array did not have an entry for HDCPMESSAGEIDWRITECONTENTSTREAMTYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 valu...
CVE-2021-47044 sched/fair: Fix shift-out-of-bounds in load_balance()
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in loadbalance Syzbot reported a handful of occurrences where an sd-nrbalancefailed can grow to much higher values than one would expect. A successful loadbalance resets it to 0; a failed one...
CVE-2021-47045
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...
CVE-2021-47043 media: venus: core: Fix some resource leaks in the error path of 'venus_probe()'
In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...
CVE-2021-47042 drm/amd/display: Free local data after use
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dclinkconstruct: unreferenced object 0xffffa03e81471400 size 1024: comm "amdmoduleload", pid 2486, jiffies 4294946026 age 10.544s hex dump first 32...
CVE-2021-47042
CVE-2021-47042: Linux kernel drm/amd/display fixes a memory leak in dc_link_construct() by freeing local data after use. The description includes stack backtrace and memory object details; no connected documents with exploit specifics are provided, monitor for updates and apply upstream fix when ...
CVE-2021-47030 mt76: mt7615: fix memory leak in mt7615_coredump_work
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615coredumpwork Similar to the issue fixed in mt7921coredumpwork, fix a possible memory leak in mt7615coredumpwork routine...
CVE-2021-47024
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b "vsock/virtio: free packets during the socket...
CVE-2021-47019 mt76: mt7921: fix possible invalid register access
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensure the irq tasklet is not being scheduled after the suspend to avoid the possible invalid register access...
CVE-2021-47013 net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emacmactxbufsend In emacmactxbufsend, it calls emactxfilltpd..,skb,... If some error happens in emactxfilltpd, the skb will be freed via devkfreeskbskb in error branch of emactxfilltpd...
CVE-2021-47010 net: Only allow init netns to set default tcp cong to a restricted algo
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...
CVE-2021-47007 f2fs: fix panic during f2fs_resize_fs()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...
CVE-2021-47008
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEXIT path and it is known that the GHCB will be mapped. But there are two paths where it is possible the GHCB might not be mapped. The...
CVE-2021-47006
CVE-2021-47006 relates to the ARM hw_breakpoint path in the Linux kernel. The issue arises from perf_event_alloc() setting a default event->overflow_handler and replacing the overflow_handler check with is_default_overflow_handler(), but one condition remains missing: bp->overflow_handler m...
CVE-2021-47003
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxdcmdexec that pass a null status pointer however a recent commit has added an assignment to status that can end up with a null pointer...
CVE-2021-46999 sctp: do asoc update earlier in sctp_sf_do_dupcook_a
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...
CVE-2021-46999 sctp: do asoc update earlier in sctp_sf_do_dupcook_a
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...