ALT-PU-2022-1240-2
Package kernel-image-std-def updated to version 5.15.22-alt1 for branch sisyphus in task 293878.
Closed vulnerabilities
Modified: 2024-12-12
BDU:2020-05795
Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-07
BDU:2021-00284
Уязвимость ядра операционной системы Linux, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-05-05
BDU:2021-01213
Уязвимость файла drivers/scsi/scsi_transport_iscsi.c ядра операционной системы Linux, позволяющая нарушителю подключаться к сокету iscsi NETLINK и отправлять команды ядру
Modified: 2025-05-05
BDU:2021-01218
Уязвимость функции show_transport_handle ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-06-02
BDU:2021-01266
(ДУБЛИКАТ)Уязвимость функции show_transport_handle ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2025-01-29
BDU:2021-01611
Уязвимость драйвера GPU Nouveau ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-05
BDU:2021-01649
Уязвимость реализации функции show_transport_handle() ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2025-06-02
BDU:2021-01650
(ДУБЛИКАТ)Уязвимость подсистемы iSCSI ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2025-06-02
BDU:2021-01666
(ДУБЛИКАТ)Уязвимость подсистемы iSCSI ядра операционных систем Linux, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность данных
Modified: 2024-06-18
BDU:2021-01824
Уязвимость драйвера Freescale Gianfar Ethernet ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-18
BDU:2021-01828
Уязвимость реализации функции usbip_sockfd_store ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-31
BDU:2021-01863
Уязвимость файла fs/io_uring.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-30
BDU:2021-01864
Уязвимость файла sound/soc/qcom/sdm845.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-05-31
BDU:2021-01865
Уязвимость файла kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить получить несанкционированный доступ к защищаемой информации
Modified: 2024-05-30
BDU:2021-01874
Уязвимость файла kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-05-31
BDU:2021-01875
Уязвимость файла fs/fuse/fuse_i.h ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-31
BDU:2021-01887
Уязвимость файла get_old_root in fs/btrfs/ctree.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2021-09-20
BDU:2021-01955
Уязвимость функции synic_get (arch/x86/kvm/hyperv.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-18
BDU:2021-01985
Уязвимость реализации функции video_usercopy (drivers/media/v4l2-core/v4l2-ioctl.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-05
BDU:2021-02100
Уязвимость подсистемы netfilter ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-05
BDU:2021-02101
Уязвимость функции rtr_recvmsg ядра операционной системы Linux, позволяющая нарушителю получить конфиденциальную информацию
Modified: 2024-05-30
BDU:2021-02102
Уязвимость подсистемы BPF функции map_create или check_btf_info ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение работы приложения
Modified: 2024-06-03
BDU:2021-02103
Уязвимость драйвера пользовательского режима (UMD) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-05
BDU:2021-02104
Уязвимость функции tipc_nl_retrieve_key ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-05-16
BDU:2021-02346
Уязвимость компонента kernel/bpf/verifier.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-09-16
BDU:2021-02663
Уязвимость набора стандартов связи для коммуникации IEEE 802.11 операционной системы Windows, позволяющая нарушителю внедрить произвольные сетевые пакеты
Modified: 2024-11-07
BDU:2021-02665
Уязвимость реализации алгоритмов WPA и WPA2 драйвера 6.1316.1209 Wi-Fi адаптера ALFA, позволяющая нарушителю внедрить и расшифровать пакеты в сетях WPA или WPA2
Modified: 2024-06-04
BDU:2021-02938
Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-09-16
BDU:2021-03088
Уязвимость реализации алгоритмов WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2024-09-16
BDU:2021-03095
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю внедрить произвольные сетевые пакеты и/или оказать воздействие на целостность защищаемой информации
Modified: 2024-11-07
BDU:2021-03175
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю внедрить произвольные сетевые пакеты независимо от конфигурации сети
Modified: 2024-09-16
BDU:2021-03177
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Modified: 2025-01-29
BDU:2021-03220
Уязвимость подсистемы BPF ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-06-04
BDU:2021-03230
Уязвимость компонента xen-netback ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или раскрыть защищаемую информацию
Modified: 2025-01-29
BDU:2021-03232
Уязвимость подсистемы еBPF ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-09-13
BDU:2021-03237
Уязвимость компонента arch/arm/mach-footbridge/personal-pci.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2024-06-03
BDU:2021-03942
Уязвимость ядра операционных систем Linux, связанная с недостатками проверки входных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-06-03
BDU:2021-04027
Уязвимость функции hso_free_net_device драйвера /net/usb/hso.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность
Modified: 2024-12-04
BDU:2021-04152
Уязвимость компонента net/nfc/llcp_sock.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-03
BDU:2021-04244
Уязвимость компонента drivers/net/ethernet/xilinx/ll_temac_main.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-03
BDU:2021-04561
Уязвимость ядра операционной системы Linux, связанная с ошибками инициализации памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-04
BDU:2021-04710
Уязвимость функции strlen компонента fs/nfsd/trace.h ядра операционной системы Linux, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-03
BDU:2021-04712
Уязвимость компонента arch/powerpc/perf/core-book3s.c ядра операционной системы Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-03
BDU:2021-04741
Уязвимость ядра операционной системы Linux , связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-29
BDU:2021-04802
Уязвимость криптодрайвера ccp-ops ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-08-19
BDU:2021-04804
Уязвимость функции vt_k_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2025-01-29
BDU:2021-04806
Уязвимость функции ccp_run_aes_gcm_cmd() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-13
BDU:2021-04826
Уязвимость компонента net/can/bcm.c ядра операционной системы Linux, позволяющая нарушителю прочитать часть памяти ядра
Modified: 2024-09-13
BDU:2021-04828
Уязвимость функции cipso_v4_genopt (net/ipv4/cipso_ipv4.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-06-03
BDU:2021-04829
Уязвимость ядра операционной системы Linux , связанная с записью за границами буфера в памяти, позволяющая нарушителю прочитать часть памяти ядра
Modified: 2024-06-03
BDU:2021-04831
Уязвимость функции intel_pmu_drain_pebs_nhm (arch/x86/events/intel/ds.c) ядра операционной системы Linux , связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-12-04
BDU:2021-04837
Уязвимость параметров NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, и NF_SYSCTL_CT_BUCKETS компонента net/netfilter/nf_conntrack_standalone.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-09-13
BDU:2021-04838
Уязвимость компонента net/bluetooth/hci_request.c операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-11
BDU:2021-04839
Уязвимость структуры hci_chan компонента net/bluetooth/hci_event.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-07
BDU:2021-04840
Уязвимость ядра операционной системы Linux , связанная с раскрытием информации через несоответствие, позволяющая нарушителю прочитать часть памяти ядра
Modified: 2024-06-03
BDU:2021-04841
Уязвимость драйвера Nosy драйвера ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-12-04
BDU:2021-04843
Уязвимость подсистемы io_uring ядра операционной системы Linux, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
Modified: 2024-09-30
BDU:2021-04844
Уязвимость модуля f2fs ядра операционной системы Linux, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-07
BDU:2021-04845
Уязвимость ядра операционной системы Linux , связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить конфиденциальную информацию
Modified: 2024-09-16
BDU:2021-04846
Уязвимость функции hci_sock_bound_ioctl () подсистемы HCI ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код в контексте ядра
Modified: 2025-02-11
BDU:2021-04849
Уязвимость компонента kernel/bpf/hashtab.c ядра операционной системы Linux , связанная с записью за границами буфера в памяти, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
Modified: 2024-09-13
BDU:2021-04850
Уязвимость ядра операционной системы Linux , связанная с недостаточной проверкой присвоения разрешений для критичного ресурса, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-04
BDU:2021-04851
Уязвимость компонента drivers/usb/host/max3421-hcd.c ядра операционной системы Linux , связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-04
BDU:2021-04852
Уязвимость компонента drivers/net/ethernet/xilinx/xilinx_emaclite.c ядра операционной системы Linux, позволяющая нарушителю взломать механизм защиты ASLR
Modified: 2024-06-04
BDU:2021-04853
Уязвимость функции ext4_write_inline_data_end (fs/ext4/inline.c) ядра операционной системы Linux, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
Modified: 2025-02-11
BDU:2021-04854
Уязвимость операционной системы Linux вызвана переполнением буфера, позволяющая нарушителю выполнить произвольную команду управления
Modified: 2025-01-29
BDU:2021-04855
Уязвимость компонента net/sctp/socket.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-09-16
BDU:2021-04856
Уязвимость сокетов nfc операционной системы Linux , связанная с использованием памяти после её освобождения, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-22
BDU:2021-04859
Уязвимость синтаксического анализатора radiotap подсистемы mac80211 ядра операционной системы Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-16
BDU:2021-04862
Уязвимость функции hci_dev_do_open() подсистемы инициализации устройства HCI ядра операционной системы Linux, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-13
BDU:2021-04864
Уязвимость реализации btrfs операционной системы Linux связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-07
BDU:2021-04867
Уязвимость KVM API операционной системы Linux, позволяющая нарушителю вызвать повреждение стека
Modified: 2024-09-13
BDU:2021-04883
Уязвимость компонента arch/x86/kvm/svm/nested.c операционной системы Linux , связанная с использованием памяти после её освобождения, позволяющая нарушителю повысить свои привилегии
Modified: 2023-11-21
BDU:2021-05198
Уязвимость спецификации Bluetooth Core Specification ядра операционной системы Linux, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Modified: 2024-05-28
BDU:2021-05472
Уязвимость функции mbochs_ioctl файла samples / vfio-mdev / mbochs.c ядра операционных систем семейства Linux, позволяющая нарушителю получить доступ к защищаемой информации
Modified: 2022-10-20
BDU:2021-05473
Уязвимость функции detach_capi_ctr драйвера /isdn/capi/kcapi.c ядра операционных систем семейства Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-11-11
BDU:2021-06349
Уязвимость функции mwifiex_usb_recv (drivers/net/wireless/marvell/mwifiex/usb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Modified: 2024-09-13
BDU:2021-06351
Уязвимость функции hw_atl_utils_fw_rpc_wait (drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2025-01-29
BDU:2022-00026
Уязвимость реализации системного вызова TEE_IOC_OPEN_SESSION или TEE_IOC_INVOKE ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-06-19
BDU:2022-00094
Уязвимость функции pep_sock_accept (net/phonet/pep.c) ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-06-04
BDU:2022-00102
Уязвимость функции __rds_conn_create() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-16
BDU:2022-00208
Уязвимость программной объектной сети хранения ceph, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2022-10-20
BDU:2022-00513
Уязвимость функции nf_tables_newset (net/netfilter/nf_tables_api.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-06-07
BDU:2022-00595
Уязвимость реализации протокола IPv6 ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-06-19
BDU:2022-00613
Уязвимость реализации протокола IPv4 ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-09-16
BDU:2022-00682
Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2025-02-11
BDU:2022-00683
Уязвимость ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2023-04-20
BDU:2022-00789
Уязвимость функции rtsx_usb_ms_drv_remove компонента memstick ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность информации
Modified: 2024-09-24
BDU:2022-00836
Уязвимость функции unix_scm_to_skb (af_unix.c) ядра операционной системы Android, позволяющая нарушителю повысить свои привилегии
Modified: 2026-01-20
BDU:2022-01121
Уязвимость функции __f2fs_setxattr ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-09-13
BDU:2022-01512
Уязвимость компонента fs/quota/quota_tree.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01725
Уязвимость функции add_partition ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2026-01-20
BDU:2022-02367
Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2025-01-29
BDU:2022-02442
Уязвимость функции block_invalidatepage() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-04-03
BDU:2022-02682
Уязвимость ядра драйвера FireDTV ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы и оказать воздействие на конфиденциальность и целостность защищаемой информации
Modified: 2024-09-16
BDU:2022-03028
Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-09-16
BDU:2022-03139
Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-09-16
BDU:2022-03141
Уязвимость функции llcp_sock_connect() протокола nfc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-29
BDU:2022-03142
Уязвимость реализации протокола ICMP ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации
Modified: 2026-01-20
BDU:2022-03143
Уязвимость функции prealloc_elems_and_freelist (kernel/bpf/stackmap.c) ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Modified: 2024-09-13
BDU:2022-03402
Уязвимость функции sock_getsockopt() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-29
BDU:2022-03403
Уязвимость реализации io-workqueue ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-01-31
BDU:2022-03703
Уязвимость интерфейса асинхронного ввода/вывода io_uring ядра операционной системы Linux, позволяющая нарушителю аварийно завершить работу или повысить свои привилегии
Modified: 2024-11-07
BDU:2022-03928
Уязвимость функции btrfs_alloc_tree_b (fs/btrfs/extent-tree.c) файловой системы btrfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-08-14
BDU:2022-04444
Уязвимость драйвера netback ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-08-14
BDU:2022-05378
Уязвимость драйвера netback ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-10-08
BDU:2022-05414
Уязвимость компонентов arch/x86/kvm/lapic.c, kvm_free_lapic подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-01-29
BDU:2022-05648
Уязвимость функции sctp_make_strreset_req (net/sctp/sm_make_chunk.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-07
BDU:2022-05655
Уязвимость драйвера vmwgfx (drivers/gpu/vmxgfx/vmxgfx_kms.c) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
Modified: 2023-07-19
BDU:2022-05684
Уязвимость подсистемы OverlayFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-30
BDU:2022-05770
Уязвимость ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2025-01-29
BDU:2022-05780
Уязвимость функции btrfs_rm_device компонента fs/btrfs/volumes.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-09-30
BDU:2022-05829
Уязвимость ioctl cmd PIO_FONT ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями
Modified: 2025-01-29
BDU:2022-05842
Уязвимость функции aspeed_lpc_ctrl_mmap компонента drivers/soc/aspeed/aspeed-lpc-ctrl.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-04-03
BDU:2022-05887
Уязвимость верификатора ebpf компонента bpf_map_update_elem и bpf_map_freeze (kernel/bpf/syscall.c) ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2022-05888
Уязвимость компонента bpf_jit_insn (arch/s390/net/bpf_jit_comp.c) ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-09-13
BDU:2022-06017
Уязвимость реализации функции take_rmap_locks() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-13
BDU:2023-00158
Уязвимость подсистемы io_uring ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2025-01-29
BDU:2023-00159
Уязвимость компонента fs/io_uring.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-09-12
BDU:2023-00362
Уязвимость функции filelock_init механизма блокировок (fs/locks.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-04-20
BDU:2023-01194
Уязвимость подсистемы беспроводной связи в модуле net/mac802154/llsec.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-03-01
BDU:2023-01196
Уязвимость модуля io_uring.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-01-31
BDU:2023-01197
Уязвимость подсистемы io_uring в модуле fs/io_uring.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2025-02-24
BDU:2023-01216
Уязвимость функции dr_domain_init_resources() в модуле drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Modified: 2025-06-03
BDU:2023-01771
Уязвимость функции ib_copy_ah_attr_to_user() менеджера соединений RDMA ядра операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2025-08-19
BDU:2023-01797
Уязвимость функции tun_free_netdev() виртуальных сетевых драйверов TUN/TAP ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-09-30
BDU:2023-02304
Уязвимость подсистемы LightNVM ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
Modified: 2024-11-07
BDU:2023-02450
Уязвимость реализации протокола SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании (закрыть соединение)
Modified: 2024-09-30
BDU:2023-02533
Уязвимость функции inode_init_owner() в модуле fs/inode.c файловой системы XFS ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации, а так же вызвать отказ в обслуживании
Modified: 2024-12-05
BDU:2023-03726
Уязвимость подсистемы io_uring ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии до уровня root
Modified: 2024-11-11
BDU:2023-06162
Уязвимость функции vringh_kiov_advance() в модуле drivers/vhost/vringh.c драйвера vhost ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2023-12-20
BDU:2023-06419
Уязвимость функции pfn_swap_entry_to_page() модуля include/linux/swapops.h ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-08149
Уязвимость функции mremap() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Modified: 2024-10-24
BDU:2024-01033
Уязвимость компонента Kernel Samepage Merging (KSM) ядра операционной системы Linux, позволяющая нарушителю получить доступ к странице пользователя
Modified: 2024-12-05
BDU:2024-01682
Уязвимость драйвера Q6afe-clocks ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-10-10
BDU:2024-06298
Уязвимость компонента intel-sdw-acpi ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-26
BDU:2024-06492
Уязвимость компонента pm80xx ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-10-18
BDU:2024-06800
Уязвимость компонентов arch/x86/kvm/x86.c, lapic_shutdown подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-08
BDU:2024-06994
Уязвимость функции smc_setsockopt ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-05
BDU:2024-08341
Уязвимость функции create_snapshot() (fs/btrfs/ioctl.c) файловой системы btrfs ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2025-02-25
BDU:2024-08378
Уязвимость компонента mmu ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2025-02-18
BDU:2024-08396
Уязвимость компонента xsk ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии
Modified: 2026-01-20
BDU:2024-08404
Уязвимость компонента asix ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2026-01-20
BDU:2024-08405
Уязвимость компонента inet ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2026-01-20
BDU:2024-08406
Уязвимость компонента tun ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии
Modified: 2024-11-27
BDU:2024-09138
Уязвимость компонента mlx5 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-02-11
BDU:2024-09139
Уязвимость компонента mlx5e ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-27
BDU:2024-09140
Уязвимость компонента ufs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-27
BDU:2024-09141
Уязвимость компонента lpfc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-27
BDU:2024-09142
Уязвимость компонента scsi ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-27
BDU:2024-09143
Уязвимость компонента usb-audio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-21
BDU:2024-09172
Уязвимость компонента media ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-09-05
BDU:2024-09222
Уязвимость компонента drm ядра операционной системы Linux, позволяющая нарушителю повысить привилегии в системе
Modified: 2024-11-27
BDU:2024-09227
Уязвимость компонента clk ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10581
Уязвимость компонента btrfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10585
Уязвимость компонента io_uring ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-10-29
BDU:2024-10631
Уязвимость компонентов drm/amdgpu ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10635
Уязвимость компонента octeontx2-af ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10671
Уязвимость компонента stmmac ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10729
Уязвимость компонента blk-mq ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10948
Уязвимость компонента hdmi-codec ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10956
Уязвимость компонентов net/smc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-10970
Уязвимость компонента ARM ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-08-19
BDU:2024-11536
Уязвимость компонента core ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-11539
Уязвимость компонента io-wq ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-11560
Уязвимость компонента btrfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-11562
Уязвимость компонентов drm/msm ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-00805
Уязвимость компонента drivers/net/wireless/mediatek/mt76/mt7915/mcu.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-03663
Уязвимость функции start_io_acct() модуля drivers/md/dm.c - драйвера поддержки нескольких устройств (RAID и LVM) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Modified: 2025-09-24
BDU:2025-04383
Уязвимость функции ptp_clock_register() модуля drivers/ptp/ptp_clock.c - драйвера поддержки часов PTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-05166
Уязвимость функции get_ccwgroupdev_by_busid() модуля arch/s390/include/asm/ccwgroup.h ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-26
BDU:2025-05171
Уязвимость функции hv_uio_probe() модуля drivers/uio/uio_hv_generic.c ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации
Modified: 2025-12-26
BDU:2025-05174
Уязвимость функции do_read() модуля drivers/infiniband/sw/rxe/rxe_comp.c - драйвера поддержки InfiniBand ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-05310
Уязвимость функции tcf_ct_handle_fragments() модуля net/sched/act_ct.c подсистемы управления трафиком net/sched ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-12-26
BDU:2025-06526
Уязвимость функции btrfs_truncate_inode_items() модуля fs/btrfs/ctree.h поддержки файловой системы btrfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
BDU:2025-06532
Уязвимость функции svc_rqst_free() модуля net/sunrpc/svc.c реализации протокола RPC ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-07255
Уязвимость функции udp_gro_receive() модуля net/ipv4/udp_offload.c реализации протокола IPv4 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2025-07341
Уязвимость функции mlx5e_rep_neigh_update() модуля drivers/net/ethernet/mellanox/mlx5/core/en/rep/neigh.c - драйвера поддержки сетевых адаптеров Ethernet Mellanox ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-07514
Уязвимость функции cifs_close_deferred_file() модуля fs/cifs/misc.c поддержки файловой системы ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-07521
Уязвимость функции amd_mp2_pci_probe() модуля drivers/hid/amd-sfh-hid/amd_sfh_pcie.c - драйвера подсистемы устройств пользовательского интерфейса ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2026-02-17
BDU:2025-11630
Уязвимость функции fib_check_nh_v6_gw() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14237
Уязвимость функции nft_netdev_event() модуля net/netfilter/nft_chain_filter.c компонента netfilter ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2026-03-12
BDU:2025-14240
Уязвимость функции dm_mq_queue_rq() модуля drivers/md/dm-rq.c драйвера поддержки нескольких устройств (RAID и LVM) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14254
Уязвимость функции ovl_copy_fileattr() модуля fs/overlayfs/copy_up.c поддержки файловой системы Overlayfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14336
Уязвимость функции bio_endio() модуля block/bio.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-12-26
BDU:2025-14357
Уязвимость функции amdgpu_pci_error_detected() модуля drivers/gpu/drm/amd/amdgpu/amdgpu_device.c драйвера поддержки инфраструктуры прямого рендеринга (DRI) AMD GPU ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14359
Уязвимость функции ib_uverbs_ex_create_flow() модуля drivers/infiniband/core/uverbs_cmd.c драйвера поддержки InfiniBand ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14367
Уязвимость функции cached_dev_cache_miss() модуля drivers/md/bcache/request.c драйвера поддержки нескольких устройств (RAID и LVM) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14374
Уязвимость функции add_dma_entry() модуля kernel/dma/debug.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14375
Уязвимость функции xtensa_stack() модуля sound/soc/sof/xtensa/core.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2025-14376
Уязвимость функции cma_cancel_operation() модуля drivers/infiniband/core/cma.c драйвера поддержки InfiniBand ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14565
Уязвимость функции video_get_user() модуля drivers/media/v4l2-core/v4l2-ioctl.c драйвера поддержки мультимедийных устройств ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2025-14567
Уязвимость функции svm_migrate_init() модуля drivers/gpu/drm/amd/amdkfd/kfd_migrate.c драйвера поддержки инфраструктуры прямого рендеринга (DRI) видеокарт AMD ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-14598
Уязвимость функции afs_fileserver_probe_result() модуля fs/afs/fs_probe.c поддержки файловой системы Andrew (AFS) ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2025-14616
Уязвимость функции mptcp_check_data_fin() модуля net/mptcp/protocol.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-16120
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.
- https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8
- https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f
- https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d
- https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84
- https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52
- https://launchpad.net/bugs/1894980
- https://launchpad.net/bugs/1900141
- https://ubuntu.com/USN-4576-1
- https://ubuntu.com/USN-4577-1
- https://ubuntu.com/USN-4578-1
- https://www.openwall.com/lists/oss-security/2020/10/14/2
- https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8
- https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f
- https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d
- https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84
- https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52
- https://launchpad.net/bugs/1894980
- https://launchpad.net/bugs/1900141
- https://ubuntu.com/USN-4576-1
- https://ubuntu.com/USN-4577-1
- https://ubuntu.com/USN-4578-1
- https://www.openwall.com/lists/oss-security/2020/10/14/2
Modified: 2024-11-21
CVE-2020-24586
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Modified: 2024-11-21
CVE-2020-24587
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Modified: 2026-04-14
CVE-2020-24588
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
Modified: 2024-11-21
CVE-2020-25639
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=1876995
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5/
- https://bugzilla.redhat.com/show_bug.cgi?id=1876995
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5/
Modified: 2024-11-21
CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2021/05/11/4
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2021/05/11/4
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2024-11-21
CVE-2020-25672
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- http://www.openwall.com/lists/oss-security/2020/11/01/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://www.openwall.com/lists/oss-security/2020/11/01/1
Modified: 2026-04-14
CVE-2020-26141
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
Modified: 2026-04-14
CVE-2020-26145
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
Modified: 2026-04-14
CVE-2020-26147
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://cert-portal.siemens.com/productcert/html/ssa-019200.html
- https://cert-portal.siemens.com/productcert/html/ssa-913875.html
Modified: 2024-11-21
CVE-2020-26541
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Modified: 2025-11-04
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
- https://kb.cert.org/vuls/id/799380
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
- https://security.gentoo.org/glsa/202209-16
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
- https://www.debian.org/security/2021/dsa-4951
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
- https://kb.cert.org/vuls/id/799380
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
- https://security.gentoo.org/glsa/202209-16
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
- https://www.debian.org/security/2021/dsa-4951
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html
- https://www.kb.cert.org/vuls/id/799380
Modified: 2024-11-21
CVE-2020-27170
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/24/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://www.openwall.com/lists/oss-security/2021/03/19/2
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/24/4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://www.openwall.com/lists/oss-security/2021/03/19/2
Modified: 2024-11-21
CVE-2020-27171
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/24/5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://www.openwall.com/lists/oss-security/2021/03/19/3
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/24/5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://www.openwall.com/lists/oss-security/2021/03/19/3
Modified: 2024-11-21
CVE-2020-35508
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
- https://bugzilla.redhat.com/show_bug.cgi?id=1902724
- https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
- https://security.netapp.com/advisory/ntap-20210513-0006/
- https://bugzilla.redhat.com/show_bug.cgi?id=1902724
- https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
- https://security.netapp.com/advisory/ntap-20210513-0006/
Modified: 2025-10-23
CVE-2021-0920
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://source.android.com/security/bulletin/2021-11-01
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://source.android.com/security/bulletin/2021-11-01
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-0920
Modified: 2024-11-21
CVE-2021-20288
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1938031
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/362CEPPYF3YMJZBEJQUT3KDE2EHYYIYQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BPIAYTRCWAU4XWCDBK2THEFVXSC4XGK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVWUKUUS5BCIFWRV3JCUQMAPJ4HIWSED/
- https://security.gentoo.org/glsa/202105-39
- https://bugzilla.redhat.com/show_bug.cgi?id=1938031
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/362CEPPYF3YMJZBEJQUT3KDE2EHYYIYQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BPIAYTRCWAU4XWCDBK2THEFVXSC4XGK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVWUKUUS5BCIFWRV3JCUQMAPJ4HIWSED/
- https://security.gentoo.org/glsa/202105-39
Modified: 2024-11-21
CVE-2021-20320
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
Modified: 2024-11-21
CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2013242
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/all/20211011134508.748956131%40linuxfoundation.org/
- https://www.debian.org/security/2022/dsa-5096
- https://bugzilla.redhat.com/show_bug.cgi?id=2013242
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/all/20211011134508.748956131%40linuxfoundation.org/
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-20322
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
- https://bugzilla.redhat.com/show_bug.cgi?id=2014230
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://security.netapp.com/advisory/ntap-20220303-0002/
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2014230
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://security.netapp.com/advisory/ntap-20220303-0002/
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-22543
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
- http://www.openwall.com/lists/oss-security/2021/06/26/1
- https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/
- https://security.netapp.com/advisory/ntap-20210708-0002/
- http://www.openwall.com/lists/oss-security/2021/06/26/1
- https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/
- https://security.netapp.com/advisory/ntap-20210708-0002/
Modified: 2024-11-21
CVE-2021-23133
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
- http://www.openwall.com/lists/oss-security/2021/05/10/1
- http://www.openwall.com/lists/oss-security/2021/05/10/2
- http://www.openwall.com/lists/oss-security/2021/05/10/3
- http://www.openwall.com/lists/oss-security/2021/05/10/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
- https://security.netapp.com/advisory/ntap-20210611-0008/
- https://www.openwall.com/lists/oss-security/2021/04/18/2
- http://www.openwall.com/lists/oss-security/2021/05/10/1
- http://www.openwall.com/lists/oss-security/2021/05/10/2
- http://www.openwall.com/lists/oss-security/2021/05/10/3
- http://www.openwall.com/lists/oss-security/2021/05/10/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
- https://security.netapp.com/advisory/ntap-20210611-0008/
- https://www.openwall.com/lists/oss-security/2021/04/18/2
Modified: 2024-11-21
CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/
- https://security.netapp.com/advisory/ntap-20210625-0007/
- https://www.openwall.com/lists/oss-security/2021/05/11/4
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/
- https://security.netapp.com/advisory/ntap-20210625-0007/
- https://www.openwall.com/lists/oss-security/2021/05/11/4
Modified: 2024-11-21
CVE-2021-27363
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/06/1
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182716
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- http://www.openwall.com/lists/oss-security/2021/03/06/1
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182716
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
Modified: 2024-11-21
CVE-2021-27364
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182717
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
- https://www.openwall.com/lists/oss-security/2021/03/06/1
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182717
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
- https://www.openwall.com/lists/oss-security/2021/03/06/1
- https://www.oracle.com/security-alerts/cpuoct2021.html
Modified: 2024-11-21
CVE-2021-27365
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182715
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
- https://www.openwall.com/lists/oss-security/2021/03/06/1
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
- https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
- https://bugzilla.suse.com/show_bug.cgi?id=1182715
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
- https://security.netapp.com/advisory/ntap-20210409-0001/
- https://www.openwall.com/lists/oss-security/2021/03/06/1
- https://www.oracle.com/security-alerts/cpuoct2021.html
Modified: 2024-11-21
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.
Modified: 2024-11-21
CVE-2021-28714
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://xenbits.xenproject.org/xsa/advisory-392.txt
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://xenbits.xenproject.org/xsa/advisory-392.txt
Modified: 2025-05-22
CVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://xenbits.xenproject.org/xsa/advisory-392.txt
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://xenbits.xenproject.org/xsa/advisory-392.txt
Modified: 2024-11-21
CVE-2021-28950
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://www.debian.org/security/2022/dsa-5096
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-28951
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
Modified: 2024-11-21
CVE-2021-28952
An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla%40linaro.org/
- https://security.netapp.com/advisory/ntap-20210430-0003/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla%40linaro.org/
- https://security.netapp.com/advisory/ntap-20210430-0003/
Modified: 2024-11-21
CVE-2021-28964
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
Modified: 2024-11-21
CVE-2021-28971
In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
- https://security.netapp.com/advisory/ntap-20210430-0003/
Modified: 2024-11-21
CVE-2021-29155
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
- https://www.kernel.org
- https://www.openwall.com/lists/oss-security/2021/04/18/4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073815b756c51ba9d8384d924c5d1c03ca3d1ae4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=24c109bb1537c12c02aeed2d51a347b4d6a9b76e
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f55b2f2a1178856c19bbce2f71449926e731914
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9601148392520e2e134936e76788fc2a6371e7be
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6aaece00a57fa6f22575364b3903dfbccf5345d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b658bbb844e28f1862867f37e8ca11a8e2aa94a3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f528819334881fd622fdadeddb3f7edaed8b7c9b
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/
- https://www.kernel.org
- https://www.openwall.com/lists/oss-security/2021/04/18/4
Modified: 2024-11-21
CVE-2021-29264
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Modified: 2024-11-21
CVE-2021-29265
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Modified: 2024-11-21
CVE-2021-29646
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Modified: 2024-11-21
CVE-2021-29647
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Modified: 2024-11-21
CVE-2021-29648
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Modified: 2024-11-21
CVE-2021-29649
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Modified: 2024-11-21
CVE-2021-29650
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=175e476b8cdf2a4de7432583b49c871345e4f8a1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=175e476b8cdf2a4de7432583b49c871345e4f8a1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/
Modified: 2024-11-21
CVE-2021-29657
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.
- http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2177
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134
- https://security.netapp.com/advisory/ntap-20210902-0008/
- http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2177
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134
- https://security.netapp.com/advisory/ntap-20210902-0008/
Modified: 2024-11-21
CVE-2021-30002
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
- https://bugzilla.suse.com/show_bug.cgi?id=1184120
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://bugzilla.suse.com/show_bug.cgi?id=1184120
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Modified: 2024-11-21
CVE-2021-30178
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ5GEETMX3ERQ4DF3GSS2XPNSOOK44OB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGQDVYCDM3F5VXUZIADIV2ERL3AJXNJS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5YFGIIF24475A2LNW3UWHW2SNCS3G7M/
Modified: 2024-11-21
CVE-2021-31829
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
- http://www.openwall.com/lists/oss-security/2021/05/04/4
- http://www.openwall.com/lists/oss-security/2021/05/04/4
- https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/
- http://www.openwall.com/lists/oss-security/2021/05/04/4
- http://www.openwall.com/lists/oss-security/2021/05/04/4
- https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI7OBCJQDNWMKLBP6MZ5NV4EUTDAMX6Q/
Modified: 2024-11-21
CVE-2021-31916
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1946965
- https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://seclists.org/oss-sec/2021/q1/268
- https://bugzilla.redhat.com/show_bug.cgi?id=1946965
- https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://seclists.org/oss-sec/2021/q1/268
Modified: 2024-11-21
CVE-2021-32078
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://security.netapp.com/advisory/ntap-20210813-0002/
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f
- https://kirtikumarar.com/CVE-2021-32078.txt
- https://security.netapp.com/advisory/ntap-20210813-0002/
Modified: 2024-11-21
CVE-2021-32399
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
- http://www.openwall.com/lists/oss-security/2021/05/11/2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80
- https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://security.netapp.com/advisory/ntap-20210622-0006/
- http://www.openwall.com/lists/oss-security/2021/05/11/2
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80
- https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://security.netapp.com/advisory/ntap-20210622-0006/
Modified: 2024-11-21
CVE-2021-33033
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
- https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
- https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e
Modified: 2024-11-21
CVE-2021-33034
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
- https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/
- https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
- https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1
Modified: 2025-11-11
CVE-2021-33624
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
- http://www.openwall.com/lists/oss-security/2021/06/21/1
- https://github.com/benschlueter/CVE-2021-33624
- https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner
- http://www.openwall.com/lists/oss-security/2021/06/21/1
- https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner
Modified: 2025-04-02
CVE-2021-33656
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
- http://www.openwall.com/lists/oss-security/2022/07/19/3
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch
- https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
- https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel
- http://www.openwall.com/lists/oss-security/2022/07/19/3
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch
- https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
- https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656&packageName=kernel
Modified: 2024-11-21
CVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
- http://www.openwall.com/lists/oss-security/2021/08/01/3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/
- http://www.openwall.com/lists/oss-security/2021/08/01/3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/
Modified: 2024-11-21
CVE-2021-34693
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
- http://www.openwall.com/lists/oss-security/2021/06/15/1
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
- https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html
- https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/
- https://www.debian.org/security/2021/dsa-4941
- http://www.openwall.com/lists/oss-security/2021/06/15/1
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5e87ddbe3942e27e939bdc02deb8579b0cbd8ecc
- https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html
- https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076%403c-app-gmx-bs04/T/
- https://www.debian.org/security/2021/dsa-4941
Modified: 2024-11-21
CVE-2021-3483
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected
- http://www.openwall.com/lists/oss-security/2021/04/07/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1948045
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://security.netapp.com/advisory/ntap-20210629-0002/
- http://www.openwall.com/lists/oss-security/2021/04/07/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1948045
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://security.netapp.com/advisory/ntap-20210629-0002/
Modified: 2024-11-21
CVE-2021-3491
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
- https://security.netapp.com/advisory/ntap-20210716-0004/
- https://ubuntu.com/security/notices/USN-4949-1
- https://ubuntu.com/security/notices/USN-4950-1
- https://www.openwall.com/lists/oss-security/2021/05/11/13
- https://www.zerodayinitiative.com/advisories/ZDI-21-589/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
- https://security.netapp.com/advisory/ntap-20210716-0004/
- https://ubuntu.com/security/notices/USN-4949-1
- https://ubuntu.com/security/notices/USN-4950-1
- https://www.openwall.com/lists/oss-security/2021/05/11/13
- https://www.zerodayinitiative.com/advisories/ZDI-21-589/
Modified: 2024-11-21
CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1950136
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
- https://security.netapp.com/advisory/ntap-20210618-0008/
- https://bugzilla.redhat.com/show_bug.cgi?id=1950136
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
- https://security.netapp.com/advisory/ntap-20210618-0008/
Modified: 2024-11-21
CVE-2021-3506
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
- http://www.openwall.com/lists/oss-security/2021/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1944298
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://security.netapp.com/advisory/ntap-20210611-0007/
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2520013.html
- https://www.openwall.com/lists/oss-security/2021/03/28/2
- http://www.openwall.com/lists/oss-security/2021/05/08/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1944298
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://security.netapp.com/advisory/ntap-20210611-0007/
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2520013.html
- https://www.openwall.com/lists/oss-security/2021/03/28/2
Modified: 2024-11-21
CVE-2021-35477
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/
- https://www.openwall.com/lists/oss-security/2021/08/01/3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QVYOKGVJ2BHFZAP5EX/
- https://www.openwall.com/lists/oss-security/2021/08/01/3
Modified: 2024-11-21
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
- http://www.openwall.com/lists/oss-security/2021/05/25/1
- http://www.openwall.com/lists/oss-security/2021/06/01/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1964139
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://www.openwall.com/lists/oss-security/2021/05/25/1
- http://www.openwall.com/lists/oss-security/2021/05/25/1
- http://www.openwall.com/lists/oss-security/2021/06/01/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1964139
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://www.openwall.com/lists/oss-security/2021/05/25/1
Modified: 2024-11-21
CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
- http://www.openwall.com/lists/oss-security/2023/07/02/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- https://www.openwall.com/lists/oss-security/2021/06/08/2
- http://www.openwall.com/lists/oss-security/2023/07/02/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- https://www.openwall.com/lists/oss-security/2021/06/08/2
Modified: 2024-11-21
CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1983686
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://www.openwall.com/lists/oss-security/2021/08/16/1
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1983686
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://www.openwall.com/lists/oss-security/2021/08/16/1
Modified: 2024-11-21
CVE-2021-3655
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
- https://bugzilla.redhat.com/show_bug.cgi?id=1984024
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1984024
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Modified: 2024-11-21
CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
- https://bugzilla.redhat.com/show_bug.cgi?id=1983988
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
- https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
- https://www.openwall.com/lists/oss-security/2021/08/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1983988
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
- https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
- https://www.openwall.com/lists/oss-security/2021/08/16/1
Modified: 2024-11-21
CVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
- https://access.redhat.com/security/cve/CVE-2021-3659
- https://bugzilla.redhat.com/show_bug.cgi?id=1975949
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
- https://access.redhat.com/security/cve/CVE-2021-3659
- https://bugzilla.redhat.com/show_bug.cgi?id=1975949
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8
Modified: 2024-11-21
CVE-2021-3679
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
- https://bugzilla.redhat.com/show_bug.cgi?id=1989165
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://www.debian.org/security/2021/dsa-4978
- https://bugzilla.redhat.com/show_bug.cgi?id=1989165
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://www.debian.org/security/2021/dsa-4978
Modified: 2024-11-21
CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
- https://bugzilla.suse.com/show_bug.cgi?id=1188601
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210819-0003/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.spinics.net/lists/linux-usb/msg202228.html
- https://bugzilla.suse.com/show_bug.cgi?id=1188601
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210819-0003/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.spinics.net/lists/linux-usb/msg202228.html
Modified: 2024-11-21
CVE-2021-3732
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
- https://bugzilla.redhat.com/show_bug.cgi?id=1995249
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=427215d85e8d1476da1a86b8d67aceb485eb3631
- https://github.com/torvalds/linux/commit/427215d85e8d1476da1a86b8d67aceb485eb3631
- https://ubuntu.com/security/CVE-2021-3732
- https://bugzilla.redhat.com/show_bug.cgi?id=1995249
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=427215d85e8d1476da1a86b8d67aceb485eb3631
- https://github.com/torvalds/linux/commit/427215d85e8d1476da1a86b8d67aceb485eb3631
- https://ubuntu.com/security/CVE-2021-3732
Modified: 2024-11-21
CVE-2021-3736
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.
- https://access.redhat.com/security/cve/CVE-2021-3736
- https://bugzilla.redhat.com/show_bug.cgi?id=1995570
- https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f
- https://access.redhat.com/security/cve/CVE-2021-3736
- https://bugzilla.redhat.com/show_bug.cgi?id=1995570
- https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f
Modified: 2024-11-21
CVE-2021-3739
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1997958
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://security.netapp.com/advisory/ntap-20220407-0006/
- https://ubuntu.com/security/CVE-2021-3739
- https://www.openwall.com/lists/oss-security/2021/08/25/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1997958
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
- https://security.netapp.com/advisory/ntap-20220407-0006/
- https://ubuntu.com/security/CVE-2021-3739
- https://www.openwall.com/lists/oss-security/2021/08/25/3
Modified: 2024-11-21
CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
- http://www.openwall.com/lists/oss-security/2021/09/14/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2000627
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
- https://seclists.org/oss-sec/2021/q3/164
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2021/09/14/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2000627
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
- https://seclists.org/oss-sec/2021/q3/164
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-3753
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
- https://bugzilla.redhat.com/show_bug.cgi?id=1999589
- https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7
- https://security.netapp.com/advisory/ntap-20221028-0003/
- https://www.openwall.com/lists/oss-security/2021/09/01/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1999589
- https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7
- https://security.netapp.com/advisory/ntap-20221028-0003/
- https://www.openwall.com/lists/oss-security/2021/09/01/4
Modified: 2024-11-21
CVE-2021-3764
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- https://access.redhat.com/security/cve/CVE-2021-3764
- https://bugzilla.redhat.com/show_bug.cgi?id=1997467
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://security-tracker.debian.org/tracker/CVE-2021-3764
- https://access.redhat.com/security/cve/CVE-2021-3764
- https://bugzilla.redhat.com/show_bug.cgi?id=1997467
- https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
- https://security-tracker.debian.org/tracker/CVE-2021-3764
Modified: 2024-11-21
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
- https://bugzilla.redhat.com/show_bug.cgi?id=2000694
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://security.netapp.com/advisory/ntap-20221007-0001/
- https://ubuntu.com/security/CVE-2021-3772
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2000694
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://security.netapp.com/advisory/ntap-20221007-0001/
- https://ubuntu.com/security/CVE-2021-3772
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2025-03-28
CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
- https://bugzilla.redhat.com/show_bug.cgi?id=2004949
- https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2004949
- https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/
- https://security.netapp.com/advisory/ntap-20250328-0004/
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-38166
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO/
- https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu%40gmail.com/
- https://security.netapp.com/advisory/ntap-20210909-0001/
- https://www.debian.org/security/2021/dsa-4978
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO/
- https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu%40gmail.com/
- https://security.netapp.com/advisory/ntap-20210909-0001/
- https://www.debian.org/security/2021/dsa-4978
Modified: 2024-11-21
CVE-2021-38198
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
- https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
- https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Modified: 2024-11-21
CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
Modified: 2024-11-21
CVE-2021-38200
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
Modified: 2024-11-21
CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6
- https://security.netapp.com/advisory/ntap-20210902-0010/
Modified: 2024-11-21
CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947
- https://security.netapp.com/advisory/ntap-20210902-0010/
Modified: 2024-11-21
CVE-2021-38204
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6
- https://github.com/torvalds/linux/commit/b5fdf5c6e6bee35837e160c00ac89327bdad031b
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6
- https://github.com/torvalds/linux/commit/b5fdf5c6e6bee35837e160c00ac89327bdad031b
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Modified: 2024-11-21
CVE-2021-38205
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://github.com/torvalds/linux/commit/d0d62baa7f505bd4c59cd169692ff07ec49dde37
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://github.com/torvalds/linux/commit/d0d62baa7f505bd4c59cd169692ff07ec49dde37
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Modified: 2024-11-21
CVE-2021-38206
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
Modified: 2024-11-21
CVE-2021-38207
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://github.com/torvalds/linux/commit/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
- https://security.netapp.com/advisory/ntap-20210902-0007/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://github.com/torvalds/linux/commit/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
- https://security.netapp.com/advisory/ntap-20210902-0007/
Modified: 2024-11-21
CVE-2021-38208
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
- http://www.openwall.com/lists/oss-security/2021/08/17/1
- http://www.openwall.com/lists/oss-security/2021/08/17/2
- http://www.openwall.com/lists/oss-security/2021/08/24/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba
- http://www.openwall.com/lists/oss-security/2021/08/17/1
- http://www.openwall.com/lists/oss-security/2021/08/17/2
- http://www.openwall.com/lists/oss-security/2021/08/24/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba
Modified: 2024-11-21
CVE-2021-38209
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
Modified: 2025-02-24
CVE-2021-3923
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Modified: 2024-11-21
CVE-2021-4001
A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2.
- https://bugzilla.redhat.com/show_bug.cgi?id=2025645
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
- https://bugzilla.redhat.com/show_bug.cgi?id=2025645
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=353050be4c19e102178ccc05988101887c25ae53
Modified: 2024-11-21
CVE-2021-4023
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.
Modified: 2024-11-21
CVE-2021-4032
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.
- https://bugzilla.redhat.com/show_bug.cgi?id=2027403
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee
- https://lkml.org/lkml/2021/9/8/587
- https://bugzilla.redhat.com/show_bug.cgi?id=2027403
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee
- https://lkml.org/lkml/2021/9/8/587
Modified: 2024-11-21
CVE-2021-4037
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
- https://access.redhat.com/security/cve/CVE-2021-4037
- https://bugzilla.redhat.com/show_bug.cgi?id=2004810
- https://bugzilla.redhat.com/show_bug.cgi?id=2027239
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848
- https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
- https://www.debian.org/security/2022/dsa-5257
- https://access.redhat.com/security/cve/CVE-2021-4037
- https://bugzilla.redhat.com/show_bug.cgi?id=2004810
- https://bugzilla.redhat.com/show_bug.cgi?id=2027239
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848
- https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
- https://www.debian.org/security/2022/dsa-5257
Modified: 2024-11-21
CVE-2021-40490
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/
- https://security.netapp.com/advisory/ntap-20211004-0001/
- https://www.debian.org/security/2021/dsa-4978
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/
- https://security.netapp.com/advisory/ntap-20211004-0001/
- https://www.debian.org/security/2021/dsa-4978
Modified: 2024-11-21
CVE-2021-4148
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.
Modified: 2024-11-21
CVE-2021-4149
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
- https://bugzilla.redhat.com/show_bug.cgi?id=2026485
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lkml.org/lkml/2021/10/18/885
- https://lkml.org/lkml/2021/9/13/2565
- https://bugzilla.redhat.com/show_bug.cgi?id=2026485
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://lkml.org/lkml/2021/10/18/885
- https://lkml.org/lkml/2021/9/13/2565
Modified: 2024-11-21
CVE-2021-4150
A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk.
Modified: 2024-11-21
CVE-2021-41864
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
- https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
- https://security.netapp.com/advisory/ntap-20211029-0004/
- https://www.debian.org/security/2022/dsa-5096
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
- https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
- https://security.netapp.com/advisory/ntap-20211029-0004/
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-4197
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20220602-0006/
- https://www.debian.org/security/2022/dsa-5127
- https://www.debian.org/security/2022/dsa-5173
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20220602-0006/
- https://www.debian.org/security/2022/dsa-5127
- https://www.debian.org/security/2022/dsa-5173
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-4203
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1
- https://bugzilla.redhat.com/show_bug.cgi?id=2036934
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814
- https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/
- https://security.netapp.com/advisory/ntap-20221111-0003/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1
- https://bugzilla.redhat.com/show_bug.cgi?id=2036934
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814
- https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/
- https://security.netapp.com/advisory/ntap-20221111-0003/
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-42252
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96
- https://security.netapp.com/advisory/ntap-20211112-0006/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96
- https://security.netapp.com/advisory/ntap-20211112-0006/
Modified: 2024-11-21
CVE-2021-42327
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/
- https://security.netapp.com/advisory/ntap-20211118-0005/
- https://www.mail-archive.com/amd-gfx%40lists.freedesktop.org/msg69080.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/
- https://security.netapp.com/advisory/ntap-20211118-0005/
- https://www.mail-archive.com/amd-gfx%40lists.freedesktop.org/msg69080.html
Modified: 2024-11-21
CVE-2021-42739
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
- https://bugzilla.redhat.com/show_bug.cgi?id=1951739
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
- https://seclists.org/oss-sec/2021/q2/46
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220804-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1951739
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e
- https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ%40mwanda/
- https://seclists.org/oss-sec/2021/q2/46
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220804-0001/
Modified: 2024-11-21
CVE-2021-43389
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
- http://www.openwall.com/lists/oss-security/2021/11/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2013180
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA%40mail.gmail.com/
- https://seclists.org/oss-sec/2021/q4/39
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2021/11/05/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2013180
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA%40mail.gmail.com/
- https://seclists.org/oss-sec/2021/q4/39
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/
- https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20211210-0001/
- https://www.debian.org/security/2022/dsa-5096
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/
- https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20211210-0001/
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/
- https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+%40Zekuns-MBP-16.fios-router.home/
- https://security.netapp.com/advisory/ntap-20211210-0001/
- https://www.debian.org/security/2022/dsa-5092
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/
- https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+%40Zekuns-MBP-16.fios-router.home/
- https://security.netapp.com/advisory/ntap-20211210-0001/
- https://www.debian.org/security/2022/dsa-5092
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-44733
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
- https://github.com/pjlantz/optee-qemu/blob/main/README.md
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5096
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
- https://github.com/pjlantz/optee-qemu/blob/main/README.md
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander%40linaro.org/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-45095
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0
- https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0
- https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-45469
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
- http://www.openwall.com/lists/oss-security/2021/12/25/1
- https://bugzilla.kernel.org/show_bug.cgi?id=215235
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- http://www.openwall.com/lists/oss-security/2021/12/25/1
- https://bugzilla.kernel.org/show_bug.cgi?id=215235
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-45480
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://github.com/torvalds/linux/commit/5f9562ebe710c307adc5f666bf1a2162ee7977c0
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
- https://arxiv.org/pdf/2112.09604.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://security.netapp.com/advisory/ntap-20220121-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://arxiv.org/pdf/2112.09604.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://security.netapp.com/advisory/ntap-20220121-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-45486
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
- https://arxiv.org/pdf/2112.09604.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://arxiv.org/pdf/2112.09604.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2021-45868
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
- https://bugzilla.kernel.org/show_bug.cgi?id=214655
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bf3d20331295b1ecb81f4ed9ef358c51699a050
- https://security.netapp.com/advisory/ntap-20220419-0003/
- https://www.openwall.com/lists/oss-security/2022/03/17/1
- https://www.openwall.com/lists/oss-security/2022/03/17/2
- https://bugzilla.kernel.org/show_bug.cgi?id=214655
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bf3d20331295b1ecb81f4ed9ef358c51699a050
- https://security.netapp.com/advisory/ntap-20220419-0003/
- https://www.openwall.com/lists/oss-security/2022/03/17/1
- https://www.openwall.com/lists/oss-security/2022/03/17/2
Modified: 2024-11-21
CVE-2021-46283
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9f151e560b016b6ad3280b48e42fa11e1a5440
- https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9f151e560b016b6ad3280b48e42fa11e1a5440
- https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345
Modified: 2024-11-21
CVE-2021-46926
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found.
Modified: 2025-11-03
CVE-2021-46987
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we end up starting a transaction while having a dirty page for the destination inode and while having the range locked in the destination's inode iotree too. Because when reserving metadata space for a transaction we may need to flush existing delalloc in case there is not enough free space, we have a mechanism in place to prevent a deadlock, which was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock when cloning inline extent and low on free metadata space"). However when using qgroups, a transaction also reserves metadata qgroup space, which can also result in flushing delalloc in case there is not enough available space at the moment. When this happens we deadlock, since flushing delalloc requires locking the file range in the inode's iotree and the range was already locked at the very beginning of the clone operation, before attempting to start the transaction. When this issue happens, stack traces like the following are reported: [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000 [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142) [72747.556271] Call Trace: [72747.556273] __schedule+0x296/0x760 [72747.556277] schedule+0x3c/0xa0 [72747.556279] io_schedule+0x12/0x40 [72747.556284] __lock_page+0x13c/0x280 [72747.556287] ? generic_file_readonly_mmap+0x70/0x70 [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs] [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160 [72747.556358] ? set_extent_buffer_dirty+0x5e/0x80 [btrfs] [72747.556362] ? update_group_capacity+0x25/0x210 [72747.556366] ? cpumask_next_and+0x1a/0x20 [72747.556391] extent_writepages+0x44/0xa0 [btrfs] [72747.556394] do_writepages+0x41/0xd0 [72747.556398] __writeback_single_inode+0x39/0x2a0 [72747.556403] writeback_sb_inodes+0x1ea/0x440 [72747.556407] __writeback_inodes_wb+0x5f/0xc0 [72747.556410] wb_writeback+0x235/0x2b0 [72747.556414] ? get_nr_inodes+0x35/0x50 [72747.556417] wb_workfn+0x354/0x490 [72747.556420] ? newidle_balance+0x2c5/0x3e0 [72747.556424] process_one_work+0x1aa/0x340 [72747.556426] worker_thread+0x30/0x390 [72747.556429] ? create_worker+0x1a0/0x1a0 [72747.556432] kthread+0x116/0x130 [72747.556435] ? kthread_park+0x80/0x80 [72747.556438] ret_from_fork+0x1f/0x30 [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs] [72747.566961] Call Trace: [72747.566964] __schedule+0x296/0x760 [72747.566968] ? finish_wait+0x80/0x80 [72747.566970] schedule+0x3c/0xa0 [72747.566995] wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs] [72747.566999] ? finish_wait+0x80/0x80 [72747.567024] lock_extent_bits+0x37/0x90 [btrfs] [72747.567047] btrfs_invalidatepage+0x299/0x2c0 [btrfs] [72747.567051] ? find_get_pages_range_tag+0x2cd/0x380 [72747.567076] __extent_writepage+0x203/0x320 [btrfs] [72747.567102] extent_write_cache_pages+0x2bb/0x440 [btrfs] [72747.567106] ? update_load_avg+0x7e/0x5f0 [72747.567109] ? enqueue_entity+0xf4/0x6f0 [72747.567134] extent_writepages+0x44/0xa0 [btrfs] [72747.567137] ? enqueue_task_fair+0x93/0x6f0 [72747.567140] do_writepages+0x41/0xd0 [72747.567144] __filemap_fdatawrite_range+0xc7/0x100 [72747.567167] btrfs_run_delalloc_work+0x17/0x40 [btrfs] [72747.567195] btrfs_work_helper+0xc2/0x300 [btrfs] [72747.567200] process_one_work+0x1aa/0x340 [72747.567202] worker_thread+0x30/0x390 [72747.567205] ? create_worker+0x1a0/0x1a0 [72747.567208] kthread+0x116/0x130 [72747.567211] ? kthread_park+0x80/0x80 [72747.567214] ret_from_fork+0x1f/0x30 [72747.569686] task:fsstress state:D stack: ---truncated---
- https://git.kernel.org/stable/c/96157707c0420e3d3edfe046f1cc797fee117ade
- https://git.kernel.org/stable/c/d5347827d0b4b2250cbce6eccaa1c81dc78d8651
- https://git.kernel.org/stable/c/f8fbbd06fab9b75dcd68d850fe318ac3bc128974
- https://git.kernel.org/stable/c/f9baa501b4fd6962257853d46ddffbc21f27e344
- https://git.kernel.org/stable/c/96157707c0420e3d3edfe046f1cc797fee117ade
- https://git.kernel.org/stable/c/d5347827d0b4b2250cbce6eccaa1c81dc78d8651
- https://git.kernel.org/stable/c/f9baa501b4fd6962257853d46ddffbc21f27e344
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2024-12-09
CVE-2021-47002
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scratch_page pointer will be dereferenced when calling put_page() in svc_rqst_free(). Fix it by adding a null check. Addresses-Coverity: ("Dereference after null check")
- https://git.kernel.org/stable/c/1e10f58f1c9a6b667b045513c7a4e6111c24fe7c
- https://git.kernel.org/stable/c/3de81c1e84bf84803308da3272a829a7655c5336
- https://git.kernel.org/stable/c/b9f83ffaa0c096b4c832a43964fe6bff3acffe10
- https://git.kernel.org/stable/c/c664aaec9aee544538a78ba4893a44bc73a6d742
- https://git.kernel.org/stable/c/1e10f58f1c9a6b667b045513c7a4e6111c24fe7c
- https://git.kernel.org/stable/c/3de81c1e84bf84803308da3272a829a7655c5336
- https://git.kernel.org/stable/c/b9f83ffaa0c096b4c832a43964fe6bff3acffe10
- https://git.kernel.org/stable/c/c664aaec9aee544538a78ba4893a44bc73a6d742
Modified: 2025-01-08
CVE-2021-47014
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ct: fix wild memory access when clearing fragments
while testing re-assembly/re-fragmentation using act_ct, it's possible to
observe a crash like the following one:
KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]
CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424
Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017
RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0
Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48
RSP: 0018:ffff888c31449db8 EFLAGS: 00010203
RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960
RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e
RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350
R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000
R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160
FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modified: 2024-12-06
CVE-2021-47028
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace: [ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211] [ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211] [ 1215.175624] ieee80211_tx_status_ext+0x508/0x838 [mac80211] [ 1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e] [ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e] [ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e] [ 1215.196582] mt76_dma_cleanup+0x7b0/0x11d0 [mt76] [ 1215.201276] __napi_poll+0x38/0xf8 [ 1215.204668] napi_workfn+0x40/0x80 [ 1215.208062] process_one_work+0x1fc/0x390 [ 1215.212062] worker_thread+0x48/0x4d0 [ 1215.215715] kthread+0x120/0x128 [ 1215.218935] ret_from_fork+0x10/0x1c
- https://git.kernel.org/stable/c/4bd926e5ca88eac4d95eacb806b229f8729bc62e
- https://git.kernel.org/stable/c/dfc8a71448c7d4fec38fb22bdc8a76d79c14b6da
- https://git.kernel.org/stable/c/f43b941fd61003659a3f0e039595e5e525917aa8
- https://git.kernel.org/stable/c/4bd926e5ca88eac4d95eacb806b229f8729bc62e
- https://git.kernel.org/stable/c/dfc8a71448c7d4fec38fb22bdc8a76d79c14b6da
- https://git.kernel.org/stable/c/f43b941fd61003659a3f0e039595e5e525917aa8
Modified: 2025-01-10
CVE-2021-47036
In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and there are UDP tunnels available in the system, udp_gro_receive() could end-up doing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at the outer UDP tunnel level for packets effectively carrying and UDP tunnel header. That could cause inner protocol corruption. If e.g. the relevant packets carry a vxlan header, different vxlan ids will be ignored/ aggregated to the same GSO packet. Inner headers will be ignored, too, so that e.g. TCP over vxlan push packets will be held in the GRO engine till the next flush, etc. Just skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if the current packet could land in a UDP tunnel, and let udp_gro_receive() do GRO via udp_sk(sk)->gro_receive. The check implemented in this patch is broader than what is strictly needed, as the existing UDP tunnel could be e.g. configured on top of a different device: we could end-up skipping GRO at-all for some packets. Anyhow, that is a very thin corner case and covering it will add quite a bit of complexity. v1 -> v2: - hopefully clarify the commit message
Modified: 2025-11-03
CVE-2021-47037
In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will get cleared during first _probe call. Rewrite the driver to fill the clock data at runtime rather than using big static array of clocks.
- https://git.kernel.org/stable/c/2202e87fc19440cecfd4f7b4f60a7d48bc2e236c
- https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74
- https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492
- https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd
- https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74
- https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492
- https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-11-03
CVE-2021-47070
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function.
- https://git.kernel.org/stable/c/0b0226be3a52dadd965644bc52a807961c2c26df
- https://git.kernel.org/stable/c/261bbd90cc53d2835343f056770156cf1e82cf03
- https://git.kernel.org/stable/c/5f59240cf25b2f7a0fdffc2701482a70310fec07
- https://git.kernel.org/stable/c/0b0226be3a52dadd965644bc52a807961c2c26df
- https://git.kernel.org/stable/c/5f59240cf25b2f7a0fdffc2701482a70310fec07
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-11-03
CVE-2021-47076
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. [leonro@vm ~]$ mkt test test_atomic_invalid_lkey (tests.test_atomic.AtomicTest) ... WARNING: CPU: 5 PID: 263 at drivers/infiniband/sw/rxe/rxe_comp.c:740 rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Modules linked in: crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel rdma_ucm rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core ptp pps_core CPU: 5 PID: 263 Comm: python3 Not tainted 5.13.0-rc1+ #2936 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rxe_completer+0x1a6d/0x2e30 [rdma_rxe] Code: 03 0f 8e 65 0e 00 00 3b 93 10 06 00 00 0f 84 82 0a 00 00 4c 89 ff 4c 89 44 24 38 e8 2d 74 a9 e1 4c 8b 44 24 38 e9 1c f5 ff ff <0f> 0b e9 0c e8 ff ff b8 05 00 00 00 41 bf 05 00 00 00 e9 ab e7 ff RSP: 0018:ffff8880158af090 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888016a78000 RCX: ffffffffa0cf1652 RDX: 1ffff9200004b442 RSI: 0000000000000004 RDI: ffffc9000025a210 RBP: dffffc0000000000 R08: 00000000ffffffea R09: ffff88801617740b R10: ffffed1002c2ee81 R11: 0000000000000007 R12: ffff88800f3b63e8 R13: ffff888016a78008 R14: ffffc9000025a180 R15: 000000000000000c FS: 00007f88b622a740(0000) GS:ffff88806d540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f88b5a1fa10 CR3: 000000000d848004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0xb11/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_responder+0x5532/0x7620 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_rcv+0x9c8/0x1df0 [rdma_rxe] rxe_loopback+0x157/0x1e0 [rdma_rxe] rxe_requester+0x1efd/0x58c0 [rdma_rxe] rxe_do_task+0x130/0x230 [rdma_rxe] rxe_post_send+0x998/0x1860 [rdma_rxe] ib_uverbs_post_send+0xd5f/0x1220 [ib_uverbs] ib_uverbs_write+0x847/0xc80 [ib_uverbs] vfs_write+0x1c5/0x840 ksys_write+0x176/0x1d0 do_syscall_64+0x3f/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae
- https://git.kernel.org/stable/c/a81e72d49b0648f68ab201163dbfc7841056d7a2
- https://git.kernel.org/stable/c/abe31d25facdb9109fe2cf69890748295291570c
- https://git.kernel.org/stable/c/dc07628bd2bbc1da768e265192c28ebd301f509d
- https://git.kernel.org/stable/c/abe31d25facdb9109fe2cf69890748295291570c
- https://git.kernel.org/stable/c/dc07628bd2bbc1da768e265192c28ebd301f509d
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-01-14
CVE-2021-47082
In the Linux kernel, the following vulnerability has been resolved:
tun: avoid double free in tun_free_netdev
Avoid double free in tun_free_netdev() by moving the
dev->tstats and tun->security allocs to a new ndo_init routine
(tun_net_init()) that will be called by register_netdevice().
ndo_init is paired with the desctructor (tun_free_netdev()),
so if there's an error in register_netdevice() the destructor
will handle the frees.
BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605
CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1
Hardware name: Red Hat KVM, BIOS
Call Trace:
- https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681
- https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df
- https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5
- https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757
- https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904
- https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681
- https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df
- https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5
- https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757
- https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904
Modified: 2025-04-08
CVE-2021-47094
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Don't advance iterator after restart due to yielding
After dropping mmu_lock in the TDP MMU, restart the iterator during
tdp_iter_next() and do not advance the iterator. Advancing the iterator
results in skipping the top-level SPTE and all its children, which is
fatal if any of the skipped SPTEs were not visited before yielding.
When zapping all SPTEs, i.e. when min_level == root_level, restarting the
iter and then invoking tdp_iter_next() is always fatal if the current gfn
has as a valid SPTE, as advancing the iterator results in try_step_side()
skipping the current gfn, which wasn't visited before yielding.
Sprinkle WARNs on iter->yielded being true in various helpers that are
often used in conjunction with yielding, and tag the helper with
__must_check to reduce the probabily of improper usage.
Failing to zap a top-level SPTE manifests in one of two ways. If a valid
SPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(),
the shadow page will be leaked and KVM will WARN accordingly.
WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm]
RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm]
Call Trace:
Modified: 2025-02-03
CVE-2021-47101
In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497
Modified: 2025-02-14
CVE-2021-47103
In the Linux kernel, the following vulnerability has been resolved:
inet: fully convert sk->sk_rx_dst to RCU rules
syzbot reported various issues around early demux,
one being included in this changelog [1]
sk->sk_rx_dst is using RCU protection without clearly
documenting it.
And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv()
are not following standard RCU rules.
[a] dst_release(dst);
[b] sk->sk_rx_dst = NULL;
They look wrong because a delete operation of RCU protected
pointer is supposed to clear the pointer before
the call_rcu()/synchronize_rcu() guarding actual memory freeing.
In some cases indeed, dst could be freed before [b] is done.
We could cheat by clearing sk_rx_dst before calling
dst_release(), but this seems the right time to stick
to standard RCU annotations and debugging facilities.
[1]
BUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline]
BUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792
Read of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204
CPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
- https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
- https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100
- https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412
- https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105
- https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449
- https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e
- https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0
- https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4
- https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100
- https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412
- https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105
- https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449
- https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e
- https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0
Modified: 2025-02-14
CVE-2021-47105
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdp_buff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of the buff pool and never be used again. Add missing xsk_buff_free() call to the routine that is supposed to clean the entries that are left in the ring so that these buffers in the umem can be used by other sockets. Also, only go through the space that is actually left to be cleaned instead of a whole ring.
Modified: 2025-03-21
CVE-2021-47182
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was.
Modified: 2025-11-03
CVE-2021-47183
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed.
- https://git.kernel.org/stable/c/04c1af683270e4709a594bb1691b8800b945035a
- https://git.kernel.org/stable/c/1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6
- https://git.kernel.org/stable/c/28de48a7cea495ab48082d9ff4ef63f7cb4e563a
- https://git.kernel.org/stable/c/1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6
- https://git.kernel.org/stable/c/28de48a7cea495ab48082d9ff4ef63f7cb4e563a
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-03-04
CVE-2021-47188
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler.
Modified: 2025-11-03
CVE-2021-47193
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed.
- https://git.kernel.org/stable/c/0c4398f2ee030d5753f6b0ad83f0ed9077851d9a
- https://git.kernel.org/stable/c/269a4311b15f68d24e816f43f123888f241ed13d
- https://git.kernel.org/stable/c/51e6ed83bb4ade7c360551fa4ae55c4eacea354b
- https://git.kernel.org/stable/c/269a4311b15f68d24e816f43f123888f241ed13d
- https://git.kernel.org/stable/c/51e6ed83bb4ade7c360551fa4ae55c4eacea354b
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-01-14
CVE-2021-47199
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow's original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]
Modified: 2025-01-07
CVE-2021-47200
In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that drop will free the gem object, and the subsequent drm_gem_object_get() will be a UAF. Fix by grabbing a reference before calling the mmap helper. This issue was forseen when the reference dropping was adding in commit 9786b65bc61ac ("drm/ttm: fix mmap refcounting"): "For that to work properly the drm_gem_object_get() call in drm_gem_ttm_mmap() must be moved so it happens before calling obj->funcs->mmap(), otherwise the gem refcount would go down to zero."
Modified: 2025-03-04
CVE-2021-47205
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe.
Modified: 2025-01-14
CVE-2021-47211
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference.
Modified: 2025-03-27
CVE-2021-47212
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process - [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] ---[ end trace 10b4fe52945e544d ]---
Modified: 2025-11-14
CVE-2021-47247
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free: [23827.464923] ================================================================== [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635 [23827.472251] [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5 [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core] [23827.476731] Call Trace: [23827.477260] dump_stack+0xbb/0x107 [23827.477906] print_address_description.constprop.0+0x18/0x140 [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.480905] kasan_report.cold+0x7c/0xd8 [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.482744] kasan_check_range+0x145/0x1a0 [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core] [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core] [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core] [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core] [23827.497486] ? read_word_at_a_time+0xe/0x20 [23827.498250] ? strscpy+0xa0/0x2a0 [23827.498889] process_one_work+0x8ac/0x14e0 [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400 [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [23827.501359] ? rwlock_bug.part.0+0x90/0x90 [23827.502116] worker_thread+0x53b/0x1220 [23827.502831] ? process_one_work+0x14e0/0x14e0 [23827.503627] kthread+0x328/0x3f0 [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40 [23827.505065] ? __kthread_bind_mask+0x90/0x90 [23827.505912] ret_from_fork+0x1f/0x30 [23827.506621] [23827.506987] Allocated by task 28248: [23827.507694] kasan_save_stack+0x1b/0x40 [23827.508476] __kasan_kmalloc+0x7c/0x90 [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core] [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core] [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core] [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core] [23827.513298] tc_setup_cb_add+0x1d5/0x420 [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower] [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower] [23827.515821] tc_new_tfilter+0x89a/0x2070 [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0 [23827.517300] netlink_rcv_skb+0x11d/0x340 [23827.518021] netlink_unicast+0x42b/0x700 [23827.518742] netlink_sendmsg+0x743/0xc20 [23827.519467] sock_sendmsg+0xb2/0xe0 [23827.520131] ____sys_sendmsg+0x590/0x770 [23827.520851] ___sys_sendmsg+0xd8/0x160 [23827.521552] __sys_sendmsg+0xb7/0x140 [23827.522238] do_syscall_64+0x3a/0x70 [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae [23827.523797] [23827.524163] Freed by task 25948: [23827.524780] kasan_save_stack+0x1b/0x40 [23827.525488] kasan_set_track+0x1c/0x30 [23827.526187] kasan_set_free_info+0x20/0x30 [23827.526968] __kasan_slab_free+0xed/0x130 [23827.527709] slab_free_freelist_hook+0xcf/0x1d0 [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0 [23827.529317] kfree_rcu_work+0x55f/0xb70 [23827.530024] process_one_work+0x8ac/0x14e0 [23827.530770] worker_thread+0x53b/0x1220 [23827.531480] kthread+0x328/0x3f0 [23827.532114] ret_from_fork+0x1f/0x30 [23827.532785] [23827.533147] Last potentially related work creation: [23827.534007] kasan_save_stack+0x1b/0x40 [23827.534710] kasan_record_aux_stack+0xab/0xc0 [23827.535492] kvfree_call_rcu+0x31/0x7b0 [23827.536206] mlx5e_tc_del ---truncated---
- https://git.kernel.org/stable/c/0d1e7a7964ce6abb28883a3906bbc20fe0009f03
- https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93
- https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3
- https://git.kernel.org/stable/c/b6447b72aca571632e71bb73a797118d5ce46a93
- https://git.kernel.org/stable/c/fb1a3132ee1ac968316e45d21a48703a6db0b6c3
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Modified: 2025-04-30
CVE-2021-47265
In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the below oops. Call trace: _create_flow_rule+0x2d4/0xf28 [mlx5_ib] mlx5_ib_create_flow+0x2d0/0x5b0 [mlx5_ib] ib_uverbs_ex_create_flow+0x4cc/0x624 [ib_uverbs] ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0xd4/0x150 [ib_uverbs] ib_uverbs_cmd_verbs.isra.7+0xb28/0xc50 [ib_uverbs] ib_uverbs_ioctl+0x158/0x1d0 [ib_uverbs] do_vfs_ioctl+0xd0/0xaf0 ksys_ioctl+0x84/0xb4 __arm64_sys_ioctl+0x28/0xc4 el0_svc_common.constprop.3+0xa4/0x254 el0_svc_handler+0x84/0xa0 el0_svc+0x10/0x26c Code: b9401260 f9615681 51000400 8b001c20 (f9403c1a)
Modified: 2025-04-30
CVE-2021-47275
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached_dev_cache_miss() will be called in cache_lookup_fn() in the following code block, [code block 1] 526 unsigned int sectors = KEY_INODE(k) == s->iop.inode 527 ? min_t(uint64_t, INT_MAX, 528 KEY_START(k) - bio->bi_iter.bi_sector) 529 : INT_MAX; 530 int ret = s->d->cache_miss(b, s, bio, sectors); Here s->d->cache_miss() is the call backfunction pointer initialized as cached_dev_cache_miss(), the last parameter 'sectors' is an important hint to calculate the size of read request to backing device of the missing cache data. Current calculation in above code block may generate oversized value of 'sectors', which consequently may trigger 2 different potential kernel panics by BUG() or BUG_ON() as listed below, 1) BUG_ON() inside bch_btree_insert_key(), [code block 2] 886 BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); 2) BUG() inside biovec_slab(), [code block 3] 51 default: 52 BUG(); 53 return NULL; All the above panics are original from cached_dev_cache_miss() by the oversized parameter 'sectors'. Inside cached_dev_cache_miss(), parameter 'sectors' is used to calculate the size of data read from backing device for the cache missing. This size is stored in s->insert_bio_sectors by the following lines of code, [code block 4] 909 s->insert_bio_sectors = min(sectors, bio_sectors(bio) + reada); Then the actual key inserting to the internal B+ tree is generated and stored in s->iop.replace_key by the following lines of code, [code block 5] 911 s->iop.replace_key = KEY(s->iop.inode, 912 bio->bi_iter.bi_sector + s->insert_bio_sectors, 913 s->insert_bio_sectors); The oversized parameter 'sectors' may trigger panic 1) by BUG_ON() from the above code block. And the bio sending to backing device for the missing data is allocated with hint from s->insert_bio_sectors by the following lines of code, [code block 6] 926 cache_bio = bio_alloc_bioset(GFP_NOWAIT, 927 DIV_ROUND_UP(s->insert_bio_sectors, PAGE_SECTORS), 928 &dc->disk.bio_split); The oversized parameter 'sectors' may trigger panic 2) by BUG() from the agove code block. Now let me explain how the panics happen with the oversized 'sectors'. In code block 5, replace_key is generated by macro KEY(). From the definition of macro KEY(), [code block 7] 71 #define KEY(inode, offset, size) \ 72 ((struct bkey) { \ 73 .high = (1ULL << 63) | ((__u64) (size) << 20) | (inode), \ 74 .low = (offset) \ 75 }) Here 'size' is 16bits width embedded in 64bits member 'high' of struct bkey. But in code block 1, if "KEY_START(k) - bio->bi_iter.bi_sector" is very probably to be larger than (1<<16) - 1, which makes the bkey size calculation in code block 5 is overflowed. In one bug report the value of parameter 'sectors' is 131072 (= 1 << 17), the overflowed 'sectors' results the overflowed s->insert_bio_sectors in code block 4, then makes size field of s->iop.replace_key to be 0 in code block 5. Then the 0- sized s->iop.replace_key is inserted into the internal B+ tree as cache missing check key (a special key to detect and avoid a racing between normal write request and cache missing read request) as, [code block 8] 915 ret = bch_btree_insert_check_key(b, &s->op, &s->iop.replace_key); Then the 0-sized s->iop.replace_key as 3rd parameter triggers the bkey size check BUG_ON() in code block 2, and causes the kernel panic 1). Another ke ---truncated---
Modified: 2025-03-06
CVE-2021-47339
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers. The reported bug is now fixed, but it's possible that other related bugs are still present or get added in the future. As the drivers need to check user input already, the possible impact is fairly low, but it might still cause an information leak. To be on the safe side, always clear the entire ioctl buffer before calling the conversion handler functions that are meant to initialize them.
- https://git.kernel.org/stable/c/7b53cca764f9b291b7907fcd39d9e66ad728ee0b
- https://git.kernel.org/stable/c/bfb48b54db25c3b4ef4bef5e0691464ebc4aa335
- https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8
- https://git.kernel.org/stable/c/7b53cca764f9b291b7907fcd39d9e66ad728ee0b
- https://git.kernel.org/stable/c/bfb48b54db25c3b4ef4bef5e0691464ebc4aa335
- https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8
Modified: 2024-12-24
CVE-2021-47359
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung. [ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s!
Modified: 2025-05-12
CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read size, the file position or the sum of the two have the upper 32 bits set of the 64-bit value. This is a problem, however, since the file position and length fields of FS.FetchData are *signed* 32-bit values. Fix this by capturing the capability bits obtained from the fileserver when it's sent an FS.GetCapabilities RPC, rather than just discarding them, and then picking out the VICED_CAPABILITY_64BITFILES flag. This can then be used to decide whether to use FS.FetchData or FS.FetchData64 - and also FS.StoreData or FS.StoreData64 - rather than using upper_32_bits() to switch on the parameter values. This capabilities flag could also be used to limit the maximum size of the file, but all servers must be checked for that. Note that the issue does not exist with FS.StoreData - that uses *unsigned* 32-bit values. It's also not a problem with Auristor servers as its YFS.FetchData64 op uses unsigned 64-bit values. This can be tested by cloning a git repo through an OpenAFS client to an OpenAFS server and then doing "git status" on it from a Linux afs client[1]. Provided the clone has a pack file that's in the 2G-4G range, the git status will show errors like: error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index error: packfile .git/objects/pack/pack-5e813c51d12b6847bbc0fcd97c2bca66da50079c.pack does not match index This can be observed in the server's FileLog with something like the following appearing: Sun Aug 29 19:31:39 2021 SRXAFS_FetchData, Fid = 2303380852.491776.3263114, Host 192.168.11.201:7001, Id 1001 Sun Aug 29 19:31:39 2021 CheckRights: len=0, for host=192.168.11.201:7001 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: Pos 18446744071815340032, Len 3154 Sun Aug 29 19:31:39 2021 FetchData_RXStyle: file size 2400758866 ... Sun Aug 29 19:31:40 2021 SRXAFS_FetchData returns 5 Note the file position of 18446744071815340032. This is the requested file position sign-extended.
Modified: 2025-05-12
CVE-2021-47374
In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and bringing the CPU usage up to 100% (so, it should be rate limited). However, since there is at least one driver that is in the mainline and suffers from the error condition, it is more useful to err_printk() here instead of just rate limiting the error message (in hopes that it will make it easier for other drivers that suffer from this issue to be spotted).
Modified: 2024-12-23
CVE-2021-47380
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset(). Found by Linux Driver Verification project (linuxtesting.org). [jkosina@suse.cz: rebase]
Modified: 2025-09-25
CVE-2021-47381
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address used in dump error output.
Modified: 2024-12-23
CVE-2021-47382
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed taking discipline_mutex inside qeth_do_reset(), fixing potential deadlocks. An error path was missed though, that still takes discipline_mutex and thus has the original deadlock potential. Intermittent deadlocks were seen when a qeth channel path is configured offline, causing a race between qeth_do_reset and ccwgroup_remove. Call qeth_set_offline() directly in the qeth_do_reset() error case and then a new variant of ccwgroup_set_offline(), without taking discipline_mutex.
Modified: 2025-09-23
CVE-2021-47391
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests The FSM can run in a circle allowing rdma_resolve_ip() to be called twice on the same id_priv. While this cannot happen without going through the work, it violates the invariant that the same address resolution background request cannot be active twice. CPU 1 CPU 2 rdma_resolve_addr(): RDMA_CM_IDLE -> RDMA_CM_ADDR_QUERY rdma_resolve_ip(addr_handler) #1 process_one_req(): for #1 addr_handler(): RDMA_CM_ADDR_QUERY -> RDMA_CM_ADDR_BOUND mutex_unlock(&id_priv->handler_mutex); [.. handler still running ..] rdma_resolve_addr(): RDMA_CM_ADDR_BOUND -> RDMA_CM_ADDR_QUERY rdma_resolve_ip(addr_handler) !! two requests are now on the req_list rdma_destroy_id(): destroy_id_handler_unlock(): _destroy_id(): cma_cancel_operation(): rdma_addr_cancel() // process_one_req() self removes it spin_lock_bh(&lock); cancel_delayed_work(&req->work); if (!list_empty(&req->list)) == true ! rdma_addr_cancel() returns after process_on_req #1 is done kfree(id_priv) process_one_req(): for #2 addr_handler(): mutex_lock(&id_priv->handler_mutex); !! Use after free on id_priv rdma_addr_cancel() expects there to be one req on the list and only cancels the first one. The self-removal behavior of the work only happens after the handler has returned. This yields a situations where the req_list can have two reqs for the same "handle" but rdma_addr_cancel() only cancels the first one. The second req remains active beyond rdma_destroy_id() and will use-after-free id_priv once it inevitably triggers. Fix this by remembering if the id_priv has called rdma_resolve_ip() and always cancel before calling it again. This ensures the req_list never gets more than one item in it and doesn't cost anything in the normal flow that never uses this strange error path.
- https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589
- https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808
- https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a
- https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589
- https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808
- https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a
Modified: 2025-09-25
CVE-2021-47410
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a device, devm_memunmap_pages and devm_release_mem_region calls in svm_migrate_fini are redundant. It causes below warning trace after patch "drm/amdgpu: Split amdgpu_device_fini into early and late", so remove function svm_migrate_fini. BUG: https://gitlab.freedesktop.org/drm/amd/-/issues/1718 WARNING: CPU: 1 PID: 3646 at drivers/base/devres.c:795 devm_release_action+0x51/0x60 Call Trace: ? memunmap_pages+0x360/0x360 svm_migrate_fini+0x2d/0x60 [amdgpu] kgd2kfd_device_exit+0x23/0xa0 [amdgpu] amdgpu_amdkfd_device_fini_sw+0x1d/0x30 [amdgpu] amdgpu_device_fini_sw+0x45/0x290 [amdgpu] amdgpu_driver_release_kms+0x12/0x30 [amdgpu] drm_dev_release+0x20/0x40 [drm] release_nodes+0x196/0x1e0 device_release_driver_internal+0x104/0x1d0 driver_detach+0x47/0x90 bus_remove_driver+0x7a/0xd0 pci_unregister_driver+0x3d/0x90 amdgpu_exit+0x11/0x20 [amdgpu]
Modified: 2025-11-03
CVE-2021-47412
In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bio_endio(): 1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases 2) q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio() Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.
- https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
- https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
- https://git.kernel.org/stable/c/db60edbfff332a6a5477c367af8125f034570989
- https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
- https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-11-03
CVE-2021-47421
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd, it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCI driver will continue the execution of PCI resume callback report_resume by pci_walk_bridge, and the callback will go into amdgpu_pci_resume finally, where write lock is releasd unconditionally without acquiring such lock first. In this case, a deadlock will happen when other threads start to acquire the read lock. To fix this, add a member in amdgpu_device strucutre to cache pci_channel_state, and only continue the execution in amdgpu_pci_resume when it's pci_channel_io_frozen.
- https://git.kernel.org/stable/c/248b061689a40f4fed05252ee2c89f87cf26d7d8
- https://git.kernel.org/stable/c/72e9a1bf9b722628c28092e0c2cd8717edd201dc
- https://git.kernel.org/stable/c/785cc093b6b5a93cc350421a55f3f1eda6585156
- https://git.kernel.org/stable/c/248b061689a40f4fed05252ee2c89f87cf26d7d8
- https://git.kernel.org/stable/c/72e9a1bf9b722628c28092e0c2cd8717edd201dc
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-01-31
CVE-2021-47435
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to mempool->elements being NULL: task1 task2 do_resume ->do_suspend ->dm_wait_for_completion bio_endio ->clone_endio ->dm_io_dec_pending ->end_io_acct ->wakeup task1 ->dm_swap_table ->__bind ->__bind_mempools ->bioset_exit ->mempool_exit ->free_io [ 67.330330] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ...... [ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO) [ 67.330510] pc : mempool_free+0x70/0xa0 [ 67.330515] lr : mempool_free+0x4c/0xa0 [ 67.330520] sp : ffffff8008013b20 [ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004 [ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8 [ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800 [ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800 [ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80 [ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c [ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd [ 67.330563] x15: 000000000093b41e x14: 0000000000000010 [ 67.330569] x13: 0000000000007f7a x12: 0000000034155555 [ 67.330574] x11: 0000000000000001 x10: 0000000000000001 [ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000 [ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a [ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001 [ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8 [ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970 [ 67.330609] Call trace: [ 67.330616] mempool_free+0x70/0xa0 [ 67.330627] bio_put+0xf8/0x110 [ 67.330638] dec_pending+0x13c/0x230 [ 67.330644] clone_endio+0x90/0x180 [ 67.330649] bio_endio+0x198/0x1b8 [ 67.330655] dec_pending+0x190/0x230 [ 67.330660] clone_endio+0x90/0x180 [ 67.330665] bio_endio+0x198/0x1b8 [ 67.330673] blk_update_request+0x214/0x428 [ 67.330683] scsi_end_request+0x2c/0x300 [ 67.330688] scsi_io_completion+0xa0/0x710 [ 67.330695] scsi_finish_command+0xd8/0x110 [ 67.330700] scsi_softirq_done+0x114/0x148 [ 67.330708] blk_done_softirq+0x74/0xd0 [ 67.330716] __do_softirq+0x18c/0x374 [ 67.330724] irq_exit+0xb4/0xb8 [ 67.330732] __handle_domain_irq+0x84/0xc0 [ 67.330737] gic_handle_irq+0x148/0x1b0 [ 67.330744] el1_irq+0xe8/0x190 [ 67.330753] lpm_cpuidle_enter+0x4f8/0x538 [ 67.330759] cpuidle_enter_state+0x1fc/0x398 [ 67.330764] cpuidle_enter+0x18/0x20 [ 67.330772] do_idle+0x1b4/0x290 [ 67.330778] cpu_startup_entry+0x20/0x28 [ 67.330786] secondary_start_kernel+0x160/0x170 Fix this by: 1) Establishing pointers to 'struct dm_io' members in dm_io_dec_pending() so that they may be passed into end_io_acct() _after_ free_io() is called. 2) Moving end_io_acct() after free_io().
- https://git.kernel.org/stable/c/6e506f07c5b561d673dd0b0d8f7f420cc48024fb
- https://git.kernel.org/stable/c/9e07272cca2ed76f7f6073f4444b1143828c8d87
- https://git.kernel.org/stable/c/9fb7cd5c7fef0f1c982e3cd27745a0dec260eaed
- https://git.kernel.org/stable/c/ad1393b92e5059218d055bfec8f4946d85ad04c4
- https://git.kernel.org/stable/c/d208b89401e073de986dc891037c5a668f5d5d95
- https://git.kernel.org/stable/c/d29c78d3f9c5d2604548c1065bf1ec212728ea61
- https://git.kernel.org/stable/c/d35aef9c60d310eff3eaddacce301efe877e2b7c
- https://git.kernel.org/stable/c/6e506f07c5b561d673dd0b0d8f7f420cc48024fb
- https://git.kernel.org/stable/c/9e07272cca2ed76f7f6073f4444b1143828c8d87
- https://git.kernel.org/stable/c/9fb7cd5c7fef0f1c982e3cd27745a0dec260eaed
- https://git.kernel.org/stable/c/ad1393b92e5059218d055bfec8f4946d85ad04c4
- https://git.kernel.org/stable/c/d208b89401e073de986dc891037c5a668f5d5d95
- https://git.kernel.org/stable/c/d29c78d3f9c5d2604548c1065bf1ec212728ea61
- https://git.kernel.org/stable/c/d35aef9c60d310eff3eaddacce301efe877e2b7c
Modified: 2025-09-22
CVE-2021-47448
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg() recvmsg() can enter an infinite loop if the caller provides the MSG_WAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the peer. When the above happens, mptcp_wait_data() will always return with no wait, as the MPTCP_DATA_READY flag checked by such function is set and never cleared in such code path. Leveraging the above syzbot was able to trigger an RCU stall: rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-...!: (10499 ticks this GP) idle=0af/1/0x4000000000000000 softirq=10678/10678 fqs=1 (t=10500 jiffies g=13089 q=109) rcu: rcu_preempt kthread starved for 10497 jiffies! g13089 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28696 pid: 14 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4955 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6236 schedule+0xd3/0x270 kernel/sched/core.c:6315 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1955 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2128 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8510 Comm: syz-executor827 Not tainted 5.15.0-rc2-next-20210920-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:84 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xc8/0x180 mm/kasan/generic.c:189 Code: 38 00 74 ed 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 <48> 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 RSP: 0018:ffffc9000cd676c8 EFLAGS: 00000283 RAX: ffffed100e9a110e RBX: ffffed100e9a110f RCX: ffffffff88ea062a RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888074d08870 RBP: ffffed100e9a110e R08: 0000000000000001 R09: ffff888074d08877 R10: ffffed100e9a110e R11: 0000000000000000 R12: ffff888074d08000 R13: ffff888074d08000 R14: ffff888074d08088 R15: ffff888074d08000 FS: 0000555556d8e300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 S: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000180 CR3: 0000000068909000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: instrument_atomic_read_write include/linux/instrumented.h:101 [inline] test_and_clear_bit include/asm-generic/bitops/instrumented-atomic.h:83 [inline] mptcp_release_cb+0x14a/0x210 net/mptcp/protocol.c:3016 release_sock+0xb4/0x1b0 net/core/sock.c:3204 mptcp_wait_data net/mptcp/protocol.c:1770 [inline] mptcp_recvmsg+0xfd1/0x27b0 net/mptcp/protocol.c:2080 inet6_recvmsg+0x11b/0x5e0 net/ipv6/af_inet6.c:659 sock_recvmsg_nosec net/socket.c:944 [inline] ____sys_recvmsg+0x527/0x600 net/socket.c:2626 ___sys_recvmsg+0x127/0x200 net/socket.c:2670 do_recvmmsg+0x24d/0x6d0 net/socket.c:2764 __sys_recvmmsg net/socket.c:2843 [inline] __do_sys_recvmmsg net/socket.c:2866 [inline] __se_sys_recvmmsg net/socket.c:2859 [inline] __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc200d2 ---truncated---
Modified: 2025-09-29
CVE-2021-47452
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline] nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline] __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524 nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline] nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382 reproducer: unshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \ nft add chain netdev t ingress \{ type filter hook ingress device "br0" \ priority 0\; policy drop\; \}' Problem is that when netns device exit hooks create the UNREGISTER event, the .pre_exit hook for nf_tables core has already removed the base hook. Notifier attempts to do this again. The need to do base hook unregister unconditionally was needed in the past, because notifier was last stage where reg->dev dereference was safe. Now that nf_tables does the hook removal in .pre_exit, this isn't needed anymore.
Modified: 2025-11-03
CVE-2021-47455
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintf_const+0x60/0x190 [<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150 [<000000004e35abdd>] dev_set_name+0xc0/0x100 [<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33] When posix_clock_register() returns an error, the name allocated in dev_set_name() will be leaked, the put_device() should be used to give up the device reference, then the name will be freed in kobject_cleanup() and other memory will be freed in ptp_clock_release().
- https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
- https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8
- https://git.kernel.org/stable/c/f1c96d8085588e1b997a96214b409ac3be20b524
- https://git.kernel.org/stable/c/4225fea1cb28370086e17e82c0f69bec2779dca0
- https://git.kernel.org/stable/c/95c0a0c5ec8839f8f21672be786e87a100319ca8
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-04-01
CVE-2021-47484
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvu_debugfs.c" and "rvu_nix.c"
Modified: 2025-11-18
CVE-2021-47489
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix even more out of bound writes from debugfs
CVE-2021-42327 was fixed by:
commit f23750b5b3d98653b31d4469592935ef6364ad67
Author: Thelford Williams
- https://git.kernel.org/stable/c/1336b886b162fdc84708096ea152a61c0e1fc09c
- https://git.kernel.org/stable/c/3f4e54bd312d3dafb59daf2b97ffa08abebe60f5
- https://git.kernel.org/stable/c/9eb4bdd554fc31a5ef6bf645a20ff21618ce45a9
- https://git.kernel.org/stable/c/3f4e54bd312d3dafb59daf2b97ffa08abebe60f5
- https://git.kernel.org/stable/c/9eb4bdd554fc31a5ef6bf645a20ff21618ce45a9
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Modified: 2025-11-03
CVE-2021-47498
In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nr_requests or others, and request may come during suspend, so simply ask for blk-mq to requeue it. Fixes one kernel panic issue when running updating nr_requests and dm-mpath suspend/resume stress test.
- https://git.kernel.org/stable/c/8050652810bf38241edec8717393d2446e8036f1
- https://git.kernel.org/stable/c/8ca9745efe3528feb06ca4e117188038eea2d351
- https://git.kernel.org/stable/c/b4459b11e84092658fa195a2587aff3b9637f0e7
- https://git.kernel.org/stable/c/8ca9745efe3528feb06ca4e117188038eea2d351
- https://git.kernel.org/stable/c/b4459b11e84092658fa195a2587aff3b9637f0e7
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Modified: 2025-09-29
CVE-2021-47504
In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to be processed through task_work, then we can be sleeping uninterruptibly in io_uring_cancel_generic() and never process it. Hence we don't make forward progress and we end up with an uninterruptible sleep warning. While in there, correct a comment that should be IFF, not IIF.
Modified: 2025-09-24
CVE-2021-47508
In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64): comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s) hex dump (first 32 bytes): 00 c0 1c 00 00 00 00 00 ff cf 1c 00 00 00 00 00 ................ 90 97 e5 1a 81 88 ff ff 90 97 e5 1a 81 88 ff ff ................ backtrace: [<00000000ac0176d2>] ulist_add_merge+0x60/0x150 [btrfs] [<0000000076e9f312>] set_state_bits+0x86/0xc0 [btrfs] [<0000000014fe73d6>] set_extent_bit+0x270/0x690 [btrfs] [<000000004f675208>] set_record_extent_bits+0x19/0x20 [btrfs] [<00000000b96137b1>] qgroup_reserve_data+0x274/0x310 [btrfs] [<0000000057e9dcbb>] btrfs_check_data_free_space+0x5c/0xa0 [btrfs] [<0000000019c4511d>] btrfs_delalloc_reserve_space+0x1b/0xa0 [btrfs] [<000000006d37e007>] btrfs_dio_iomap_begin+0x415/0x970 [btrfs] [<00000000fb8a74b8>] iomap_iter+0x161/0x1e0 [<0000000071dff6ff>] __iomap_dio_rw+0x1df/0x700 [<000000002567ba53>] iomap_dio_rw+0x5/0x20 [<0000000072e555f8>] btrfs_file_write_iter+0x290/0x530 [btrfs] [<000000005eb3d845>] new_sync_write+0x106/0x180 [<000000003fb505bf>] vfs_write+0x24d/0x2f0 [<000000009bb57d37>] __x64_sys_pwrite64+0x69/0xa0 [<000000003eba3fdf>] do_syscall_64+0x43/0x90 In case brtfs_qgroup_reserve_data() or btrfs_delalloc_reserve_metadata() fail the allocated extent_changeset will not be freed. So in btrfs_check_data_free_space() and btrfs_delalloc_reserve_space() free the allocated extent_changeset to get rid of the allocated memory. The issue currently only happens in the direct IO write path, but only after 65b3c08606e5 ("btrfs: fix ENOSPC failure when attempting direct IO write into NOCOW range"), and also at defrag_one_locked_target(). Every other place is always calling extent_changeset_free() even if its call to btrfs_delalloc_reserve_space() or btrfs_check_data_free_space() has failed.
Modified: 2025-01-06
CVE-2021-47552
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
For avoiding to slow down queue destroy, we don't call
blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to
cancel dispatch work in blk_release_queue().
However, this way has caused kernel oops[1], reported by Changhui. The log
shows that scsi_device can be freed before running blk_release_queue(),
which is expected too since scsi_device is released after the scsi disk
is closed and the scsi_device is removed.
Fixes the issue by canceling blk-mq dispatch work in both blk_cleanup_queue()
and disk_release():
1) when disk_release() is run, the disk has been closed, and any sync
dispatch activities have been done, so canceling dispatch work is enough to
quiesce filesystem I/O dispatch activity.
2) in blk_cleanup_queue(), we only focus on passthrough request, and
passthrough request is always explicitly allocated & freed by
its caller, so once queue is frozen, all sync dispatch activity
for passthrough request has been done, then it is enough to just cancel
dispatch work for avoiding any dispatch activity.
[1] kernel panic log
[12622.769416] BUG: kernel NULL pointer dereference, address: 0000000000000300
[12622.777186] #PF: supervisor read access in kernel mode
[12622.782918] #PF: error_code(0x0000) - not-present page
[12622.788649] PGD 0 P4D 0
[12622.791474] Oops: 0000 [#1] PREEMPT SMP PTI
[12622.796138] CPU: 10 PID: 744 Comm: kworker/10:1H Kdump: loaded Not tainted 5.15.0+ #1
[12622.804877] Hardware name: Dell Inc. PowerEdge R730/0H21J3, BIOS 1.5.4 10/002/2015
[12622.813321] Workqueue: kblockd blk_mq_run_work_fn
[12622.818572] RIP: 0010:sbitmap_get+0x75/0x190
[12622.823336] Code: 85 80 00 00 00 41 8b 57 08 85 d2 0f 84 b1 00 00 00 45 31 e4 48 63 cd 48 8d 1c 49 48 c1 e3 06 49 03 5f 10 4c 8d 6b 40 83 f0 01 <48> 8b 33 44 89 f2 4c 89 ef 0f b6 c8 e8 fa f3 ff ff 83 f8 ff 75 58
[12622.844290] RSP: 0018:ffffb00a446dbd40 EFLAGS: 00010202
[12622.850120] RAX: 0000000000000001 RBX: 0000000000000300 RCX: 0000000000000004
[12622.858082] RDX: 0000000000000006 RSI: 0000000000000082 RDI: ffffa0b7a2dfe030
[12622.866042] RBP: 0000000000000004 R08: 0000000000000001 R09: ffffa0b742721334
[12622.874003] R10: 0000000000000008 R11: 0000000000000008 R12: 0000000000000000
[12622.881964] R13: 0000000000000340 R14: 0000000000000000 R15: ffffa0b7a2dfe030
[12622.889926] FS: 0000000000000000(0000) GS:ffffa0baafb40000(0000) knlGS:0000000000000000
[12622.898956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[12622.905367] CR2: 0000000000000300 CR3: 0000000641210001 CR4: 00000000001706e0
[12622.913328] Call Trace:
[12622.916055]
Modified: 2025-09-18
CVE-2021-47558
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a kernel panic when doing any of the 3 following actions: * reconfiguring the number of queues (ethtool -L) * reconfiguring the size of the ring buffers (ethtool -G) * installing/removing an XDP program (ip l set dev ethX xdp) Prevent the panic by making sure netif_tx_disable is called when stopping an interface. Without this patch, the following kernel panic can be observed when doing any of the actions above: Unable to handle kernel paging request at virtual address ffff80001238d040 [....] Call trace: dwmac4_set_addr+0x8/0x10 dev_hard_start_xmit+0xe4/0x1ac sch_direct_xmit+0xe8/0x39c __dev_queue_xmit+0x3ec/0xaf0 dev_queue_xmit+0x14/0x20 [...] [ end trace 0000000000000002 ]---
Modified: 2025-09-29
CVE-2021-47577
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker task_work We check IO_WQ_BIT_EXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where creation checks exit finding it not set, but we're in the process of exiting. The exit side will cancel pending creation task_work, but there's a gap where we add task_work after we've canceled existing creations at exit time. Fix this by checking the EXIT bit post adding the creation task_work. If it's set, run the same cancelation that exit does.
Modified: 2025-09-29
CVE-2021-47582
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds", as found in testing by syzbot: INFO: task syz-executor.0:8700 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157 usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63 do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236 proc_bulk drivers/usb/core/devio.c:1273 [inline] usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline] usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713 ... To fix this problem, this patch replaces usbfs's calls to usb_control_msg() and usb_bulk_msg() with special-purpose code that does essentially the same thing (as recommended in the comment for usb_start_wait_urb()), except that it always uses a killable wait and it uses GFP_KERNEL rather than GFP_NOIO.
Modified: 2024-11-21
CVE-2021-47599
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted: G W O 5.14.0-rc1-custom #72 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: btrfs_show_devname+0x108/0x1b4 [btrfs] show_mountinfo+0x234/0x2c4 m_show+0x28/0x34 seq_read_iter+0x12c/0x3c4 vfs_read+0x29c/0x2c8 ksys_read+0x80/0xec __arm64_sys_read+0x28/0x34 invoke_syscall+0x50/0xf8 do_el0_svc+0x88/0x138 el0_svc+0x2c/0x8c el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x198/0x19c Reason: While btrfs_prepare_sprout() moves the fs_devices::devices into fs_devices::seed_list, the btrfs_show_devname() searches for the devices and found none, leading to the warning as in above. Fix: latest_dev is updated according to the changes to the device list. That means we could use the latest_dev->name to show the device name in /proc/self/mounts, the pointer will be always valid as it's assigned before the device is deleted from the list in remove or replace. The RCU protection is sufficient as the device structure is freed after synchronization.
Modified: 2024-11-21
CVE-2021-47610
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: el0_svc_compat+0x10/0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008) 26545.318799: Kernel panic - not syncing: Oops: Fatal exception
Modified: 2025-09-17
CVE-2021-47618
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9170/1: fix panic when kasan and kprobe are enabled
arm32 uses software to simulate the instruction replaced
by kprobe. some instructions may be simulated by constructing
assembly functions. therefore, before executing instruction
simulation, it is necessary to construct assembly function
execution environment in C language through binding registers.
after kasan is enabled, the register binding relationship will
be destroyed, resulting in instruction simulation errors and
causing kernel panic.
the kprobe emulate instruction function is distributed in three
files: actions-common.c actions-arm.c actions-thumb.c, so disable
KASAN when compiling these files.
for example, use kprobe insert on cap_capable+20 after kasan
enabled, the cap_capable assembly code is as follows:
- https://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d
- https://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e
- https://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71
- https://git.kernel.org/stable/c/1515e72aae803fc6b466adf918e71c4e4c9d5b3d
- https://git.kernel.org/stable/c/8b59b0a53c840921b625378f137e88adfa87647e
- https://git.kernel.org/stable/c/ba1863be105b06e10d0e2f6b1b8a0570801cfc71
Modified: 2024-11-21
CVE-2022-0322
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
- https://bugzilla.redhat.com/show_bug.cgi?id=2042822
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2042822
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2022-0480
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
- https://access.redhat.com/security/cve/CVE-2022-0480
- https://bugzilla.redhat.com/show_bug.cgi?id=2049700
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042
- https://github.com/kata-containers/kata-containers/issues/3373
- https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/
- https://ubuntu.com/security/CVE-2022-0480
- https://access.redhat.com/security/cve/CVE-2022-0480
- https://bugzilla.redhat.com/show_bug.cgi?id=2049700
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042
- https://github.com/kata-containers/kata-containers/issues/3373
- https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/
- https://ubuntu.com/security/CVE-2022-0480
Modified: 2024-11-21
CVE-2022-0487
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5095
- https://www.debian.org/security/2022/dsa-5096
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5095
- https://www.debian.org/security/2022/dsa-5096
Modified: 2024-11-21
CVE-2022-1508
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.
- https://access.redhat.com/security/cve/CVE-2022-1508
- https://bugzilla.redhat.com/show_bug.cgi?id=2075533
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110
- https://ubuntu.com/security/CVE-2022-1508
- https://access.redhat.com/security/cve/CVE-2022-1508
- https://bugzilla.redhat.com/show_bug.cgi?id=2075533
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110
- https://ubuntu.com/security/CVE-2022-1508
Modified: 2024-11-21
CVE-2022-1786
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2087760
- https://security.netapp.com/advisory/ntap-20220722-0001/
- https://www.debian.org/security/2022/dsa-5161
- https://bugzilla.redhat.com/show_bug.cgi?id=2087760
- https://security.netapp.com/advisory/ntap-20220722-0001/
- https://www.debian.org/security/2022/dsa-5161
Modified: 2024-11-21
CVE-2022-2991
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8
- https://www.zerodayinitiative.com/advisories/ZDI-22-960/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8
- https://www.zerodayinitiative.com/advisories/ZDI-22-960/
Modified: 2024-11-21
CVE-2022-36280
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
- https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.debian.org/security/2023/dsa-5324
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
- https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://www.debian.org/security/2023/dsa-5324
Modified: 2025-05-28
CVE-2022-41222
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
- http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html
- http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
- https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
- https://security.netapp.com/advisory/ntap-20230214-0008/
- http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html
- http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
- https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
- https://security.netapp.com/advisory/ntap-20230214-0008/
Modified: 2024-11-21
CVE-2022-4696
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
- https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
- https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
- https://security.netapp.com/advisory/ntap-20230223-0003/
Modified: 2025-02-14
CVE-2022-4744
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
- http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230526-0009/
- http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230526-0009/
Modified: 2025-04-15
CVE-2022-47946
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
- http://www.openwall.com/lists/oss-security/2022/12/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
- https://www.openwall.com/lists/oss-security/2022/12/22/2
- http://www.openwall.com/lists/oss-security/2022/12/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
- https://www.openwall.com/lists/oss-security/2022/12/22/2
Modified: 2025-10-01
CVE-2022-48721
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Forward wakeup to smc socket waitqueue after fallback
When we replace TCP with SMC and a fallback occurs, there may be
some socket waitqueue entries remaining in smc socket->wq, such
as eppoll_entries inserted by userspace applications.
After the fallback, data flows over TCP/IP and only clcsocket->wq
will be woken up. Applications can't be notified by the entries
which were inserted in smc socket->wq before fallback. So we need
a mechanism to wake up smc socket->wq at the same time if some
entries remaining in it.
The current workaround is to transfer the entries from smc socket->wq
to clcsock->wq during the fallback. But this may cause a crash
like this:
general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP PTI
CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Tainted: G E 5.16.0+ #107
RIP: 0010:__wake_up_common+0x65/0x170
Call Trace:
- https://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27
- https://git.kernel.org/stable/c/341adeec9adad0874f29a0a1af35638207352a39
- https://git.kernel.org/stable/c/504078fbe9dd570d685361b57784a6050bc40aaa
- https://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27
- https://git.kernel.org/stable/c/341adeec9adad0874f29a0a1af35638207352a39
- https://git.kernel.org/stable/c/504078fbe9dd570d685361b57784a6050bc40aaa
Modified: 2025-11-03
CVE-2022-48733
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call btrfs_commit_transaction(), and if that returns an error we jump to 'fail' label, where we kfree() the pending snapshot structure. This can result in a later use-after-free of the pending snapshot: 1) We allocated the pending snapshot and added it to the transaction's list of pending snapshots; 2) We call btrfs_commit_transaction(), and it fails either at the first call to btrfs_run_delayed_refs() or btrfs_start_dirty_block_groups(). In both cases, we don't abort the transaction and we release our transaction handle. We jump to the 'fail' label and free the pending snapshot structure. We return with the pending snapshot still in the transaction's list; 3) Another task commits the transaction. This time there's no error at all, and then during the transaction commit it accesses a pointer to the pending snapshot structure that the snapshot creation task has already freed, resulting in a user-after-free. This issue could actually be detected by smatch, which produced the following warning: fs/btrfs/ioctl.c:843 create_snapshot() warn: '&pending_snapshot->list' not removed from list So fix this by not having the snapshot creation ioctl directly add the pending snapshot to the transaction's list. Instead add the pending snapshot to the transaction handle, and then at btrfs_commit_transaction() we add the snapshot to the list only when we can guarantee that any error returned after that point will result in a transaction abort, in which case the ioctl code can safely free the pending snapshot and no one can access it anymore.
- https://git.kernel.org/stable/c/28b21c558a3753171097193b6f6602a94169093a
- https://git.kernel.org/stable/c/7e4c72dbaf62f8978af8321a24dbd35566d3a78a
- https://git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2
- https://git.kernel.org/stable/c/a7b717fa15165d3d9245614680bebc48a52ac05d
- https://git.kernel.org/stable/c/28b21c558a3753171097193b6f6602a94169093a
- https://git.kernel.org/stable/c/9372fa1d73da5f1673921e365d0cd2c27ec7adc2
- https://git.kernel.org/stable/c/a7b717fa15165d3d9245614680bebc48a52ac05d
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
Modified: 2025-01-06
CVE-2022-48739
In the Linux kernel, the following vulnerability has been resolved: ASoC: hdmi-codec: Fix OOB memory accesses Correct size of iec_status array by changing it to the size of status array of the struct snd_aes_iec958. This fixes out-of-bounds slab read accesses made by memcpy() of the hdmi-codec driver. This problem is reported by KASAN.
- https://git.kernel.org/stable/c/06feec6005c9d9500cd286ec440aabf8b2ddd94d
- https://git.kernel.org/stable/c/10007bd96b6c4c3cfaea9e76c311b06a07a5e260
- https://git.kernel.org/stable/c/1552e66be325a21d7eff49f46013fb402165a0ac
- https://git.kernel.org/stable/c/06feec6005c9d9500cd286ec440aabf8b2ddd94d
- https://git.kernel.org/stable/c/10007bd96b6c4c3cfaea9e76c311b06a07a5e260
- https://git.kernel.org/stable/c/1552e66be325a21d7eff49f46013fb402165a0ac
Modified: 2024-11-21
CVE-2022-48741
In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recently introduced warning message working.
- https://git.kernel.org/stable/c/4ee7e4a6c9b298da44029ed9ec8ed23ae49cc209
- https://git.kernel.org/stable/c/9c7f8a35c5a83740c0e3ea540b6ad145c50d79aa
- https://git.kernel.org/stable/c/e6b678c1a3673de6a5d2f4e22bb725a086a0701a
- https://git.kernel.org/stable/c/4ee7e4a6c9b298da44029ed9ec8ed23ae49cc209
- https://git.kernel.org/stable/c/9c7f8a35c5a83740c0e3ea540b6ad145c50d79aa
- https://git.kernel.org/stable/c/e6b678c1a3673de6a5d2f4e22bb725a086a0701a
Modified: 2025-01-06
CVE-2022-48751
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Transitional solution for clcsock race issue
We encountered a crash in smc_setsockopt() and it is caused by
accessing smc->clcsock after clcsock was released.
BUG: kernel NULL pointer dereference, address: 0000000000000020
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53
RIP: 0010:smc_setsockopt+0x59/0x280 [smc]
Call Trace:
- https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
- https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
- https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
- https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
- https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
- https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
Modified: 2025-09-29
CVE-2022-48765
In the Linux kernel, the following vulnerability has been resolved:
KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
The below warning is splatting during guest reboot.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]
CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5
RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm]
Call Trace:
- https://git.kernel.org/stable/c/35fe7cfbab2e81f1afb23fc4212210b1de6d9633
- https://git.kernel.org/stable/c/54b3439c8e70e0bcfea59aeef9dd98908cbbf655
- https://git.kernel.org/stable/c/ce55f63f6cea4cab8ae9212f73285648a5baa30d
- https://git.kernel.org/stable/c/35fe7cfbab2e81f1afb23fc4212210b1de6d9633
- https://git.kernel.org/stable/c/54b3439c8e70e0bcfea59aeef9dd98908cbbf655
- https://git.kernel.org/stable/c/ce55f63f6cea4cab8ae9212f73285648a5baa30d
Modified: 2024-11-21
CVE-2023-1295
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb
- https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93
- https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2
- https://security.netapp.com/advisory/ntap-20230731-0006/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb
- https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93
- https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2
- https://security.netapp.com/advisory/ntap-20230731-0006/
Modified: 2024-11-21
CVE-2023-1476
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
- https://access.redhat.com/errata/RHSA-2023:1659
- https://access.redhat.com/security/cve/CVE-2023-1476
- https://bugzilla.redhat.com/show_bug.cgi?id=2176035
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
- https://access.redhat.com/errata/RHSA-2023:1659
- https://access.redhat.com/security/cve/CVE-2023-1476
- https://bugzilla.redhat.com/show_bug.cgi?id=2176035
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2
Modified: 2025-03-19
CVE-2023-23006
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
Modified: 2024-11-21
CVE-2023-23586
Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93
- https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93
- https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
Modified: 2024-11-21
CVE-2023-4732
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
- https://access.redhat.com/errata/RHSA-2023:6901
- https://access.redhat.com/errata/RHSA-2023:7077
- https://access.redhat.com/errata/RHSA-2023:7539
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/security/cve/CVE-2023-4732
- https://bugzilla.redhat.com/show_bug.cgi?id=2236982
- https://access.redhat.com/errata/RHSA-2023:6901
- https://access.redhat.com/errata/RHSA-2023:7077
- https://access.redhat.com/errata/RHSA-2023:7539
- https://access.redhat.com/errata/RHSA-2024:0412
- https://access.redhat.com/security/cve/CVE-2023-4732
- https://bugzilla.redhat.com/show_bug.cgi?id=2236982
Modified: 2024-11-21
CVE-2023-5158
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
Modified: 2024-11-25
CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.
- https://access.redhat.com/security/cve/CVE-2024-0564
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
- https://bugzilla.redhat.com/show_bug.cgi?id=2258514
- https://link.springer.com/conference/wisa
- https://wisa.or.kr/accepted
- https://access.redhat.com/security/cve/CVE-2024-0564
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
- https://bugzilla.redhat.com/show_bug.cgi?id=2258514
- https://link.springer.com/conference/wisa
- https://wisa.or.kr/accepted
Modified: 2025-06-19
CVE-2024-26829
In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated by irtoy_tx, or there is a memleak.
- https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff
- https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e
- https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621
- https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef
- https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e
- https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff
- https://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae
- https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e
- https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621
- https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef
- https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e
Modified: 2025-11-03
CVE-2025-22005
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git.
- https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef
- https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933
- https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964
- https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6
- https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38
- https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3
- https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98
- https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html