Vulnerabilities > Linux > Linux Kernel > 4.9.203

DATE CVE VULNERABILITY TITLE RISK
2024-06-19 CVE-2021-47578 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR.
local
low complexity
linux CWE-476
5.5
2024-06-19 CVE-2021-47583 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex.
local
low complexity
linux CWE-908
5.5
2024-06-19 CVE-2021-47587 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a given transmit queue between the transmit and reclaiming.
local
low complexity
linux CWE-667
5.5
2024-06-19 CVE-2021-47589 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap.
local
low complexity
linux CWE-415
7.8
2024-06-19 CVE-2021-47597 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires.
local
low complexity
linux CWE-908
5.5
2024-06-19 CVE-2021-47600 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
local
low complexity
linux CWE-416
7.8
2024-06-19 CVE-2021-47602 Access of Uninitialized Pointer vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an uninitialized value here due to a status of a non-QoS nullfunc packet, which isn't even long enough to contain the QoS header. Fix this to only do anything for QoS data packets.
local
low complexity
linux CWE-824
5.5
2024-06-19 CVE-2021-47606 Divide By Zero vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb.
local
low complexity
linux CWE-369
5.5
2024-06-19 CVE-2021-47609 Classic Buffer Overflow vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.
local
low complexity
linux CWE-120
7.8
2024-06-19 CVE-2021-47610 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: el0_svc_compat+0x10/0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008) 26545.318799: Kernel panic - not syncing: Oops: Fatal exception
local
low complexity
linux CWE-476
5.5