CVE-2021-47180 In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fi In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef | URL:https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef | MISC:https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 | URL:https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 | MISC:https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1 | URL:https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1 | MISC:https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8 | URL:https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8 | MISC:https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd | URL:https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd | MISC:https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7 | URL:https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7 | MISC:https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745 | URL:https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745 | MISC:https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b | URL:https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b
CVE-2021-47179 In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494 | URL:https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494 | MISC:https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48 | URL:https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48 | MISC:https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42 | URL:https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42 | MISC:https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb | URL:https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb | MISC:https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a | URL:https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a | MISC:https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53 | URL:https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53
CVE-2021-47178 In the Linux kernel, the following vulnerability has been resolved: scsi: target In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 | URL:https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 | MISC:https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f | URL:https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f
CVE-2021-47177 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 | URL:https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 | MISC:https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304 | URL:https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304 | MISC:https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8 | URL:https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8 | MISC:https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996 | URL:https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996 | MISC:https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b | URL:https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b | MISC:https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2 | URL:https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2
CVE-2021-47176 In the Linux kernel, the following vulnerability has been resolved: s390/dasd: a In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_path function for ECKD but not for FBA and DIAG. This leads to a panic when the path verification function is called for a FBA or DIAG device. Fix by defining a wrapper function for dasd_generic_verify_path().
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1 | URL:https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1 | MISC:https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6 | URL:https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6 | MISC:https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16 | URL:https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16 | MISC:https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 | URL:https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427
CVE-2021-47175 In the Linux kernel, the following vulnerability has been resolved: net/sched: f In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 # ping 192.0.2.2 -I eth0 -c2 -w1 -q produces the following splat: BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] Read of size 4 at addr ffff888171306924 by task ping/942 CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x92/0xc1 print_address_description.constprop.7+0x1a/0x150 kasan_report.cold.13+0x7f/0x111 fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] __dev_queue_xmit+0x1034/0x2b10 ip_finish_output2+0xc62/0x2120 __ip_finish_output+0x553/0xea0 ip_output+0x1ca/0x4d0 ip_send_skb+0x37/0xa0 raw_sendmsg+0x1c4b/0x2d00 sock_sendmsg+0xdb/0x110 __sys_sendto+0x1d7/0x2b0 __x64_sys_sendto+0xdd/0x1b0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe69735c3eb Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 Allocated by task 917: kasan_save_stack+0x19/0x40 __kasan_kmalloc+0x7f/0xa0 __kmalloc_node+0x139/0x280 fq_pie_init+0x555/0x8e8 [sch_fq_pie] qdisc_create+0x407/0x11b0 tc_modify_qdisc+0x3c2/0x17e0 rtnetlink_rcv_msg+0x346/0x8e0 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x719/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5ba/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888171306800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 36 bytes to the right of 256-byte region [ffff888171306800, ffff888171306900) The buggy address belongs to the page: page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 head:00000000bcfb624e order:1 compound_mapcount:0 flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a valid flow: it's an address beyond the allocated memory.
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce | URL:https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce | MISC:https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c | URL:https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c | MISC:https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680 | URL:https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680
CVE-2021-47174 In the Linux kernel, the following vulnerability has been resolved: netfilter: n In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0 [709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod [709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common [709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1 [709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020 [709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0 [709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb [709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202 [709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 [709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003 [709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462 [709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960 [709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660 [709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000 [709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0 [709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [709732.359003] PKRU: 55555554 [709732.359005] Call Trace: [709732.359009] <IRQ> [709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables] [709732.359046] ? sched_clock+0x5/0x10 [709732.359054] ? sched_clock_cpu+0xc/0xb0 [709732.359061] ? record_times+0x16/0x80 [709732.359068] ? plist_add+0xc1/0x100 [709732.359073] ? psi_group_change+0x47/0x230 [709732.359079] ? skb_clone+0x4d/0xb0 [709732.359085] ? enqueue_task_rt+0x22b/0x310 [709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] [709732.359102] ? packet_rcv+0x40/0x4a0 [709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359133] nft_do_chain+0x350/0x500 [nf_tables] [709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables] [709732.359172] ? fib4_rule_action+0x6d/0x80 [709732.359178] ? fib_rules_lookup+0x107/0x250 [709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] [709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat] [709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat] [709732.359207] nf_hook_slow+0x44/0xc0 [709732.359214] ip_output+0xd2/0x100 [709732.359221] ? __ip_finish_output+0x210/0x210 [709732.359226] ip_forward+0x37d/0x4a0 [709732.359232] ? ip4_key_hashfn+0xb0/0xb0 [709732.359238] ip_subli ---truncated---
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6 | URL:https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6 | MISC:https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4 | URL:https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4 | MISC:https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 | URL:https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4
CVE-2021-47173 In the Linux kernel, the following vulnerability has been resolved: misc/uss720: In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88 | URL:https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88 | MISC:https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a | URL:https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a | MISC:https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55 | URL:https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55 | MISC:https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391 | URL:https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391 | MISC:https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42 | URL:https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42 | MISC:https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096 | URL:https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096 | MISC:https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364 | URL:https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364 | MISC:https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de | URL:https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de
CVE-2021-47172 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as part of a fix to ensure we didn't rely on the ordering of child nodes. So we need to support arbitrary ordering but they all need to be there somewhere. Note I hit this when using qemu to test the rest of this series. Arguably this isn't the best fix, but it is probably the most minimal option for backporting etc. Alexandru's sign-off is here because he carried this patch in a larger set that Jonathan then applied.
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc | URL:https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc | MISC:https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b | URL:https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b | MISC:https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c | URL:https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c | MISC:https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9 | URL:https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9
CVE-2021-47171 In the Linux kernel, the following vulnerability has been resolved: net: usb: fi In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
Assigned (20240325)
MISC:https://git.ker MISC:https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa | URL:https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa | MISC:https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f | URL:https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f | MISC:https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 | URL:https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 | MISC:https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0 | URL:https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0 | MISC:https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b | URL:https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b | MISC:https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07 | URL:https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07 | MISC:https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc | URL:https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc | MISC:https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17 | URL:https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17