6095 matches found
CVE-2021-46940
In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...
CVE-2021-46941
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...
CVE-2021-46943
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...
CVE-2021-46953
In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks...
CVE-2021-46945
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
CVE-2021-46975
Removed by vendor...
CVE-2021-46966
In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod: fix potential use-after-free issue In cmwrite, buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent cal...
CVE-2021-46963 scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxxmqueuecommand RIP: 0010:kmemcachefree+0xfa/0x1b0 Call Trace: qla2xxxmqueuecommand+0x2b5/0x2c0 qla2xxx scsiqueuerq+0x5e2/0xa40 blkmqtryissuedirectly+0x128/0x1d0 blkmqrequestissuedirectly+0x4e/0xb...
CVE-2021-46961 irqchip/gic-v3: Do not enable irqs when handling spurious interrups
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: 14.816231 ------------ cut here ------------ 14.8162...
CVE-2021-46957 riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sysread traced by kprobe The execution of sysread end up hitting a BUGON in findgetblock after installing kprobe at sysread, the BUG message like the following: 65.708663 ------------...
CVE-2021-46957 riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sysread traced by kprobe The execution of sysread end up hitting a BUGON in findgetblock after installing kprobe at sysread, the BUG message like the following: 65.708663 ------------...
CVE-2021-46954 net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
In the Linux kernel, the following vulnerability has been resolved: net/sched: schfrag: fix stack OOB read while fragmenting IPv4 packets when 'actmirred' tries to fragment IPv4 packets that had been previously re-assembled using 'actct', splats like the following can be observed on kernels built...
CVE-2021-46950 md/raid1: properly indicate failure when ending a failed write request
In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared. Since we...
CVE-2021-46947 sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues
In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...
CVE-2021-46945 ext4: always panic when errors=panic is specified
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...
CVE-2021-46943 media: staging/intel-ipu3: Fix set_fmt error handling
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...
CVE-2021-46942 io_uring: fix shared sqpoll cancellation hangs
In the Linux kernel, the following vulnerability has been resolved: iouring: fix shared sqpoll cancellation hangs 736.982891 INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. 736.982897 Call Trace: 736.982901 schedule+0x68/0xe0 736.982903 iouringcancelsqpoll+0xdb/0x110 736.982908...
CVE-2021-46941 usb: dwc3: core: Do core softreset when switch mode
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...