CVE Descriptions

Signed-off-by: Sasha Levin <sashal@kernel.org>

CVE-2021-47419

diff --git a/CVE-2021-47419 b/CVE-2021-47419
new file mode 100644
index 0000000..4adc48f
--- /dev/null
+++ b/CVE-2021-47419
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47419 affects the Linux kernel's Traffic Policing and Shaping (TAPRIO) scheduler, specifically in the `sch_taprio.c` file. The issue arises because the TAPRIO scheduler sets a timer before receiving a packet, but does not properly cancel this timer when destroying the qdisc (queueing discipline). This can lead to a use-after-free error, as the timer is still active even though the qdisc has been destroyed.
+
+The vulnerability was introduced in kernel versions 5.4.87, 5.10.5, and 5.11, and was fixed in kernel versions 5.4.153, 5.10.73, 5.14.12, and 5.15. The fix involves properly canceling the timer from the `taprio_destroy()` function.
+
+The vulnerability can be mitigated by updating to the latest stable kernel version. If updating is not possible, individual changes to resolve this issue can be found in the specified commits. However, cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+
+The vulnerability was discovered by a syzbot, which is a fuzz testing tool that identifies bugs in the Linux kernel. The CVE team has assigned CVE-2021-47419 to this issue, and the official CVE entry can be found at https://cve.org/CVERecord/?id=CVE-2021-47419.
+

CVE-2021-47420

diff --git a/CVE-2021-47420 b/CVE-2021-47420
new file mode 100644
index 0000000..6df11c4
--- /dev/null
+++ b/CVE-2021-47420
@@ -0,0 +1,6 @@
+The vulnerability resides in the `drm/amdkfd` module of the Linux kernel, specifically in the `kfd_mem_dmamap_userptr` and `kfd_mem_dmaunmap_userptr` functions. In these functions, memory is allocated for `ttm->sg` using `kmalloc`, but it is not freed properly when unmapping the DMA region. This can lead to a memory leak, as the allocated memory remains unreclaimed.
+
+The issue was introduced in kernel version 5.14 with commit 264fb4d332f5 and was fixed in versions 5.14.12 with commit 7e5ce6029b62 and 5.15 with commit b072ef1215ac. The affected file is `drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c`.
+
+The recommended mitigation is to update to the latest stable kernel version, which includes this fix along with many other bugfixes. Cherry-picking individual commits is not supported by the Linux kernel community. If updating to the latest release is impossible, the individual changes can be found at the specified commit hashes.
+

CVE-2021-47421

diff --git a/CVE-2021-47421 b/CVE-2021-47421
new file mode 100644
index 0000000..50e49ed
--- /dev/null
+++ b/CVE-2021-47421
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47421 affects the Linux kernel's drm/amdgpu driver. Specifically, when a PCI error state pci_channel_io_normal is detected, the kernel reports a PCI_ERS_RESULT_CAN_RECOVER status to the PCI driver, which continues executing the PCI resume callback report_resume by pci_walk_bridge. This eventually leads to amdgpu_pci_resume, where a write lock is released unconditionally without acquiring it first, causing a deadlock when other threads try to acquire the read lock.
+
+The issue arises because the kernel does not properly handle the case of pci_channel_io_frozen in amdgpu_pci_resume. To fix this, a new member was added to the amdgpu_device structure to cache pci_channel_state, and execution is only continued in amdgpu_pci_resume when it's pci_channel_io_frozen.
+
+The vulnerability was introduced in kernel version 5.10 with commit c9a6b82f45e2 and fixed in versions 5.14.12 with commit 72e9a1bf9b72 and 5.15 with commit 248b061689a4. The affected files are drivers/gpu/drm/amd/amdgpu/amdgpu.h and drivers/gpu/drm/amd/amdgpu/amdgpu_device.c.
+

CVE-2021-47422

diff --git a/CVE-2021-47422 b/CVE-2021-47422
new file mode 100644
index 0000000..62d903f
--- /dev/null
+++ b/CVE-2021-47422
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47422, is a memory leak in the `drm/nouveau/kms/nv50` driver of the Linux kernel. Specifically, when using `single_open()` for opening files, `single_release()` should be called to release the allocated memory. If not done so, the memory allocated in `single_open()` will be leaked.
+
+The issue was introduced in Linux kernel version 5.9 with commit 12885ecbfe62 and has been fixed in versions 5.10.73 (commit 65fff0a8efcd), 5.14.12 (commit 0b4e9fc14973), and 5.15 (commit 0b3d4945cc7e). The affected file is `drivers/gpu/drm/nouveau/dispnv50/crc.c`.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as individual changes are not tested alone and cherry-picking commits is not supported. If updating is impossible, the individual fixes can be found at the provided commit links.
+

CVE-2021-47423

diff --git a/CVE-2021-47423 b/CVE-2021-47423
new file mode 100644
index 0000000..1125938
--- /dev/null
+++ b/CVE-2021-47423
@@ -0,0 +1,6 @@
+The CVE-2021-47423 vulnerability affects the Linux kernel's DRM (Direct Rendering Manager) Nouveau driver, specifically in the debugfs file system. The issue is a memory leak that occurs when using `single_open()` for opening files, but not calling `single_release()` afterwards. This causes the `op` structure allocated in `single_open()` to be leaked.
+
+The vulnerability was introduced in kernel version 4.5 with commit 6e9fc177399f and has been fixed in various subsequent kernel versions, including 4.9.287, 4.14.251, 4.19.211, 5.4.153, 5.10.73, 5.14.12, and 5.15.
+
+The affected file is `drivers/gpu/drm/nouveau/nouveau_debugfs.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the commits listed in the CVE description. However, the Linux kernel community does not recommend or support cherry-picking individual commits, as they are never tested alone and may have unforeseen consequences when applied individually.
+

CVE-2021-47424

diff --git a/CVE-2021-47424 b/CVE-2021-47424
new file mode 100644
index 0000000..c217578
--- /dev/null
+++ b/CVE-2021-47424
@@ -0,0 +1,8 @@
+The Linux kernel is vulnerable to a use-after-free error in the i40e driver, specifically in the `i40e_clear_interrupt_scheme` function. This occurs when the VSI setup fails in `i40e_probe()` as part of the PF switch setup. The driver attempts to free miscellaneous IRQ vectors, but they have not been allocated yet, resulting in a kernel Oops error.
+
+The root cause is that the `__I40E_MISC_IRQ_REQUESTED` PF state is not checked before calling `i40e_free_misc_vector`. This state is only set if the miscellaneous IRQ vectors were properly initialized. To fix this issue, a check has been added to ensure that the `__I40E_MISC_IRQ_REQUESTED` state is set before freeing the IRQ vectors.
+
+This vulnerability was introduced in kernel version 4.15 and has been fixed in various subsequent versions, including 4.19.211, 5.4.153, 5.10.73, 5.14.12, and 5.15. The affected file is `drivers/net/ethernet/intel/i40e/i40e_main.c`.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes. Cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47425

diff --git a/CVE-2021-47425 b/CVE-2021-47425
new file mode 100644
index 0000000..c6f2a53
--- /dev/null
+++ b/CVE-2021-47425
@@ -0,0 +1,8 @@
+The Linux kernel is vulnerable to a resource leak in the ACPI I2C reconfiguration device addition. This occurs because `acpi_i2c_find_adapter_by_handle()` calls `bus_find_device()`, which takes a reference on the adapter that is never released, resulting in a reference count leak and rendering the adapter unremovable.
+
+This vulnerability was introduced in kernel version 4.8 with commit 525e6fabeae2 and has been fixed in various later kernel versions, including 4.14.251, 4.19.211, 5.4.153, 5.10.73, and 5.15.
+
+The affected file is `drivers/i2c/i2c-core-acpi.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. If updating is not possible, individual changes can be cherry-picked from specific commits, but this approach is not recommended or supported by the Linux kernel community.
+
+The vulnerability has been assigned CVE-2021-47425 and the official CVE entry will be updated if fixes are backported to older supported kernel versions.
+

CVE-2021-47426

diff --git a/CVE-2021-47426 b/CVE-2021-47426
new file mode 100644
index 0000000..7308924
--- /dev/null
+++ b/CVE-2021-47426
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47426, is a potential memory leak in the Linux kernel's BPF (Berkeley Packet Filter) JIT (Just-In-Time) compiler for the s390 architecture. The issue arises when the `jit_data` structure is not properly freed in the error path of the JIT compilation process.
+
+The problem was introduced in kernel version 5.4 with commit 1c8f9b91c456 and has been fixed in various subsequent kernel releases, including 5.4.153, 5.10.73, 5.14.12, and 5.15. The affected file is `arch/s390/net/bpf_jit_comp.c`.
+
+The fix involves ensuring that the `jit_data` structure is properly freed using `kfree()` in the error path of the JIT compilation process. This prevents a potential memory leak, which could be exploited by an attacker to cause a denial-of-service or other malicious behavior.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as many other bugfixes. Individual changes are not tested alone and cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47427

diff --git a/CVE-2021-47427 b/CVE-2021-47427
new file mode 100644
index 0000000..a5aaf1c
--- /dev/null
+++ b/CVE-2021-47427
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47427 is a use-after-free bug in the Linux kernel's iSCSI (Internet Small Computer System Interface) implementation. Specifically, it occurs in the `libiscsi.c` file within the SCSI (Small Computer System Interface) driver.
+
+The issue was introduced in kernel version 5.14 with commit `d39df158518c`, which added `iscsi_get_conn()` and `iscsi_put_conn()` calls during abort handling. However, this change also modified the handling of completed tasks, causing a goto to the common put/cleanup code. This resulted in an `iscsi_task` use after free, as the cleanup code would perform a put on the `iscsi_task`.
+
+The fix involves reverting the goto and moving the `iscsi_get_conn()` call to after checking if the `iscsi_task` is valid. This ensures that the `iscsi_task` is not accessed after it has been freed.
+
+The vulnerability was fixed in kernel versions 5.14.12 with commit `1642f51ac0d4` and 5.15 with commit `258aad75c621`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking commits is not supported by the Linux kernel community.
+

CVE-2021-47428

diff --git a/CVE-2021-47428 b/CVE-2021-47428
new file mode 100644
index 0000000..5b9d95e
--- /dev/null
+++ b/CVE-2021-47428
@@ -0,0 +1,9 @@
+
+**CVE-2021-47428**
+
+This CVE affects the Linux kernel on PowerPC architectures and is related to an out-of-bounds access issue in the `exceptions-64s.S` file. The vulnerability was introduced in version 5.3 with commit `0a882e28468f` and has been fixed in versions 5.10.73, 5.14.12, and 5.15.
+
+The bug occurs when an interrupt is triggered while the kernel is handling a page fault exception. The kernel's decrementer_common_virt function fails to properly handle the interrupt, leading to an out-of-bounds access error. This can cause a kernel panic, resulting in a denial-of-service (DoS) attack.
+
+The affected files are `arch/powerpc/kernel/exceptions-64s.S`. To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, individual changes to resolve this issue can be found at the specified commits.
+

CVE-2021-47429

diff --git a/CVE-2021-47429 b/CVE-2021-47429
new file mode 100644
index 0000000..7cc364f
--- /dev/null
+++ b/CVE-2021-47429
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47429 affects the Linux kernel on PowerPC 64-bit architectures. The issue arises when an unrecoverable Machine Check Exception (MCE) occurs, causing a Non-Maskable Interrupt (NMI) to be taken when the MSR[RI] bit is clear. In this scenario, the machine check handler calls the `machine_check_exception` function directly, which can lead to corruption of irq state and other issues.
+
+The problem is that calling an asynchronous handler from an NMI context can cause issues with irq state and other things getting corrupted. This can also trigger a BUG at `arch/powerpc/include/asm/interrupt.h:168`, specifically the check `BUG_ON(!arch_irq_disabled_regs(regs) && !(regs->msr & MSR_EE));`.
+
+To fix this issue, two versions of the handler are created: an `_async` version that is called in the normal case and a NMI version that is called for unrecoverable interrupts. This ensures that the handler is not called from an NMI context, preventing the potential corruption of irq state and other issues.
+
+The vulnerability was introduced in Linux kernel version 5.14 with commit 2b43dd7653cc and was fixed in versions 5.14.12 with commit d7a8e38999fb and 5.15 with commit f08fb25bc669.
+

CVE-2021-47430

diff --git a/CVE-2021-47430 b/CVE-2021-47430
new file mode 100644
index 0000000..83e07f2
--- /dev/null
+++ b/CVE-2021-47430
@@ -0,0 +1,10 @@
+The Linux kernel vulnerability CVE-2021-47430 affects the x86 entry code, specifically related to the Supervisor Mode Access Prevention (SMAP) feature. SMAP is a security feature that prevents user-mode applications from accessing kernel-mode memory.
+
+The issue arises when the CONFIG_X86_SMAP configuration option is set to 'n', but the CPU still supports SMAP. In this scenario, a warning can be triggered during system calls, such as syscall_nt selftest, due to the AC (Alignment Check) bit being set in the CPU flags.
+
+To address this vulnerability, the kernel needs to clear the X86_FEATURE_SMAP feature flag when CONFIG_X86_SMAP is not enabled. This ensures consistency with the "nosmap" boot parameter behavior, which disables SMAP at boot time.
+
+The affected files are arch/x86/kernel/cpu/common.c. The issue was introduced in Linux kernel version 5.8 and fixed in versions 5.10.73, 5.14.12, and 5.15.
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits. However, the kernel community does not support or recommend cherry-picking individual commits, as they are part of a larger kernel release and may have unintended consequences when applied individually.
+

CVE-2021-47431

diff --git a/CVE-2021-47431 b/CVE-2021-47431
new file mode 100644
index 0000000..6f8603e
--- /dev/null
+++ b/CVE-2021-47431
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47431, affects the Linux kernel's AMD GPU driver (amdgpu) and specifically the GART (Graphics Aperture Remapping Table) module. In the SRIOV (Single Root I/O Virtualization) case, the `gmc_v{9,10}_0_gart_disable()` function is not called in conjunction with its corresponding `gart_enable` function, leading to a pin count leak on driver unload.
+
+The GART module manages memory aperture remapping for AMD GPUs. The `gart_enable` function initializes the GART table and sets up the pin count, while `gmc_v{9,10}_0_gart_disable()` is responsible for disabling the GART table and releasing the pinned resources. However, in the SRIOV case, the disable function is not called, resulting in a resource leak.
+
+The vulnerability has been fixed in various kernel versions, including 5.4.154, 5.10.74, 5.14.13, and 5.15, with corresponding commits 83d857d6b096, 621ddffb70db, 18d1c5ea3798, and 66805763a97f. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, rather than cherry-picking individual commits.
+

CVE-2021-47432

diff --git a/CVE-2021-47432 b/CVE-2021-47432
new file mode 100644
index 0000000..61efe5d
--- /dev/null
+++ b/CVE-2021-47432
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47432 affects the Linux kernel's radix tree code, specifically in the `lib/generic-radix-tree.c` file. The issue arises when spreading new inode numbers throughout most of the 64-bit inode space, triggering corner case bugs related to integer overflows.
+
+In the radix tree code, the `peek()` function is responsible for retrieving a node from the tree without removing it. However, in certain scenarios, the function can overflow, leading to undefined behavior. This vulnerability has been resolved by fixing the overflow issue in the `peek()` function, ensuring that the radix tree operates correctly even when dealing with large inode numbers.
+
+The affected versions of the Linux kernel include those prior to 6.1.64, 6.5.13, 6.6.3, and 6.7. The fixes for this issue have been committed in the respective kernel releases, with commit IDs 784d01f9bbc2, ec298b958cb0, aa7f18279531, and 9492261ff246. To mitigate this vulnerability, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47433

diff --git a/CVE-2021-47433 b/CVE-2021-47433
new file mode 100644
index 0000000..da79646
--- /dev/null
+++ b/CVE-2021-47433
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47433, is a flaw in the Linux kernel's Btrfs file system. Specifically, it affects the `btrfs_replace_file_extents` function, which is responsible for replacing file extents (i.e., contiguous blocks of data on disk) with new ones.
+
+The issue arises when error injection testing reveals a scenario where the file system can become corrupted, resulting in a missing extent in the middle of a file. This occurs because the logic to decide whether to abort the operation is incorrect. The function only aborts if it receives an error code other than `-EOPNOTSUPP` and was called from the file clone code path. However, the preallocation code also uses this path, and therefore the function should abort on any error, except for `-EOPNOTSUPP` when coming from the file clone code.
+
+The fix involves modifying the `btrfs_replace_file_extents` function to correctly handle errors and abort the operation in the affected scenarios. The fix has been applied to kernel versions 5.10.75, 5.14.14, and 5.15, with commits 0e32a2b85c7d, 0e309e1152fc, and 4afb912f439c, respectively.
+

CVE-2021-47434

diff --git a/CVE-2021-47434 b/CVE-2021-47434
new file mode 100644
index 0000000..72e9b82
--- /dev/null
+++ b/CVE-2021-47434
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47434, is a bug in the Linux kernel's xHCI (Extensible Host Controller Interface) implementation. Specifically, it affects how the command ring pointer is handled when aborting a command.
+
+The issue arises because the command ring pointer is stored in bits [6:63] of the Command Ring Control Register (CRCR), while control bits like command stop and abort are located in bits [0:3]. When aborting a command, the kernel reads the CRCR, sets the abort bit, and writes back to the CRCR. However, this read operation always returns zeros for the command ring pointer, so only the control bits are written. Since the 64-bit write is split into two 32-bit writes, there's a possibility that the xHC (Extensible Host Controller) command ring may be stopped before the upper dword (all zeros) is written. If this happens, the xHC updates its internal command ring pointer with all zeros, leading to memory access failures when the command ring is restarted.
+
+The fix involves writing only to the lower dword of CRCR, where all control bits are located, to avoid corrupting the command ring pointer. This vulnerability has been fixed in various Linux kernel versions, including 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15. The affected file is `drivers/usb/host/xhci-ring.c`.
+

CVE-2021-47435

diff --git a/CVE-2021-47435 b/CVE-2021-47435
new file mode 100644
index 0000000..a4ac201
--- /dev/null
+++ b/CVE-2021-47435
@@ -0,0 +1,11 @@
+The Linux kernel has a vulnerability (CVE-2021-47435) in the device-mapper (dm) module, specifically in the `dm_io_dec_pending()` function. This function is responsible for decrementing the pending I/O count of a dm io structure when an I/O operation completes.
+
+The issue arises because the `end_io_acct()` function, which updates the I/O accounting statistics, is called before `free_io()`, which frees the dm io structure. This can cause a use-after-free bug, where the `end_io_acct()` function accesses memory that has already been freed.
+
+To fix this issue, two changes were made:
+
+1. Pointers to `struct dm_io` members are established in `dm_io_dec_pending()` so that they can be passed into `end_io_acct()` after `free_io()` is called.
+2. The call to `end_io_acct()` is moved after the call to `free_io()`.
+
+This vulnerability affects various kernel versions, including 4.9, 4.14, 4.19, 5.4, 5.10, and 5.15. Fixes are available in the form of commits that can be applied to these kernel versions. The Linux kernel CVE team recommends updating to the latest stable kernel version to address this issue, as well as many other bugfixes.
+

CVE-2021-47436

diff --git a/CVE-2021-47436 b/CVE-2021-47436
new file mode 100644
index 0000000..f61534b
--- /dev/null
+++ b/CVE-2021-47436
@@ -0,0 +1,6 @@
+The Linux kernel vulnerability CVE-2021-47436 is related to the musb (Multi-Protocol USB) driver, specifically in the dsps (Dual-Speed Physical Specification) component. The issue arises from an incorrect error handling path introduced by a commit that reordered the calls to `dsps_setup_optional_vbus_irq()` and `dsps_create_musb_pdev()`. This reordering caused the allocation and registration of a new platform device by `dsps_create_musb_pdev()` to not be properly unregistered and freed in case of an error during `dsps_setup_optional_vbus_irq()`.
+
+The problem is that if `dsps_setup_optional_vbus_irq()` returns `-EPROBE_DEFER`, the probe function will error out without unregistering the platform device, leading to a kernel crash. This was observed on a v5.10.70 stable kernel with the Beagle Bone Black Wireless device, where the USB Ethernet gadget driver uses the still-registered platform device during boot, causing a NULL pointer dereference and subsequent kernel crash.
+
+The fix involves correcting the error path by unregistering and freeing the platform device in case of an error during `dsps_setup_optional_vbus_irq()`. This vulnerability affects various kernel versions, including 4.14, 4.19, 5.4, 5.10, and 5.13, with fixes provided for each affected version.
+

CVE-2021-47437

diff --git a/CVE-2021-47437 b/CVE-2021-47437
new file mode 100644
index 0000000..b2123c6
--- /dev/null
+++ b/CVE-2021-47437
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47437 affects the Linux kernel's Industrial I/O (IIO) subsystem, specifically the adis16475 driver. It was introduced in kernel version 5.13 with commit 39c024b51b56 and fixed in versions 5.14.14 and 5.15.
+
+The issue arises from a deadlock that occurs when setting the frequency of the adis16475 device. This is caused by two mistakes: firstly, the call to `adis_write_reg_16()` was not changed to its unlocked version; secondly, the lock was not being released on the success path of the function.
+
+The fix involves changing the call to `adis_write_reg_16()` to its unlocked version and releasing the lock on the success path of the function. This change is essential to prevent deadlocks in the adis16475 driver.
+
+The affected file is `drivers/iio/imu/adis16475.c`. To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be found at specific commits on the Linux kernel Git repository.
+

CVE-2021-47438

diff --git a/CVE-2021-47438 b/CVE-2021-47438
new file mode 100644
index 0000000..15ba3c9
--- /dev/null
+++ b/CVE-2021-47438
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47438, is a memory leak in the mlx5_core_destroy_cq() function's error path. When this function fails, it returns without completing all destroy operations, leading to a memory leak. The fix involves completing the destroy flow before returning an error.
+
+Additionally, the patch moves mlx5_debug_cq_remove() to the beginning of mlx5_core_destroy_cq() to maintain symmetry with mlx5_core_create_cq(). This change is necessary because kmemleak complains about an unreferenced object in the mlx5_core module.
+
+The affected files are drivers/net/ethernet/mellanox/mlx5/core/cq.c, and the issue was introduced in kernel version 3.11 with commit e126ba97dba9. The fix was applied in kernel versions 5.10.75, 5.14.14, and 5.15 with commits 4f7bddf8c5c0, ed8aafea4fec, and 94b960b9deff, respectively.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking is not supported. However, if updating is impossible, the individual changes can be found in the specified commits.
+

CVE-2021-47439

diff --git a/CVE-2021-47439 b/CVE-2021-47439
new file mode 100644
index 0000000..569388a
--- /dev/null
+++ b/CVE-2021-47439
@@ -0,0 +1,8 @@
+The vulnerability, CVE-2021-47439, is a null pointer dereference error in the Linux kernel's dsa (distributed switch architecture) microchip driver. The issue arises when the ksz module is installed and removed using rmmod. During the removal process, the `ksz_switch_remove` function attempts to cancel the `mib_read_workqueue` using `cancel_delayed_work_sync`, but this can lead to a kernel crash.
+
+The crash occurs because the `dsa_unregister_switch` function calls `ksz_mac_link_down`, which reschedules the workqueue since `mib_interval` is non-zero. However, the slave device has already been unregistered in the `ksz_switch_remove` function, causing the kernel to attempt to access a null pointer.
+
+To fix this issue, the `mib_interval` is reset to 0 before canceling the workqueue, preventing the kernel from attempting to access the null pointer. The vulnerability was introduced in Linux kernel version 5.7 and has been fixed in versions 5.10.75, 5.14.14, and 5.15.
+
+The affected file is `drivers/net/dsa/microchip/ksz_common.c`. The recommended mitigation is to update to the latest stable kernel version, which includes this fix and many others. Individual changes should not be cherry-picked, as they are never tested alone and may introduce other issues.
+

CVE-2021-47440

diff --git a/CVE-2021-47440 b/CVE-2021-47440
new file mode 100644
index 0000000..d365f49
--- /dev/null
+++ b/CVE-2021-47440
@@ -0,0 +1,24 @@
+
+The vulnerability affects the Linux kernel's `devm_regmap_init_encx24j600` function, which is used to initialize a regmap (register map) for an ENCx24J600 Ethernet controller. The issue occurs because the function does not properly check for errors when initializing the regmap, leading to a potential null pointer dereference.
+
+The vulnerability can be exploited through a crafted sysfs write operation, which triggers a sequence of function calls that ultimately lead to the vulnerable `devm_regmap_init_encx24j600` function. The affected code path involves the following functions:
+
+* `dev_attr_store` in `drivers/base/core.c`
+* `sysfs_kf_write` in `fs/sysfs/file.c`
+* `kernfs_fop_write_iter` in `fs/kernfs/file.c`
+* `new_sync_write` in `fs/read_write.c`
+* `vfs_write` in `fs/read_write.c`
+* `ksys_write` in `fs/read_write.c`
+* `do_syscall_64` in `arch/x86/entry/common.c`
+* `entry_SYSCALL_64_after_hwframe` in `arch/x86/entry/entry_64.S`
+
+The vulnerability was introduced in Linux kernel version 4.4 and has been fixed in various subsequent versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15.
+
+The affected files are:
+
+* `drivers/net/ethernet/microchip/encx24j600-regmap.c`
+* `drivers/net/ethernet/microchip/encx24j600.c`
+* `drivers/net/ethernet/microchip/encx24j600_hw.h`
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the commits listed in the advisory. However, the Linux kernel community does not support or recommend cherry-picking individual commits.
+

CVE-2021-47441

diff --git a/CVE-2021-47441 b/CVE-2021-47441
new file mode 100644
index 0000000..f10b3c5
--- /dev/null
+++ b/CVE-2021-47441
@@ -0,0 +1,8 @@
+The CVE-2021-47441 is a memory corruption vulnerability in the Linux kernel, specifically in the mlxsw driver for Mellanox switches. The bug occurs when initializing the thermal module, causing a bad access to be detected by KASAN (Kernel Address Space Layout Randomization).
+
+The vulnerable code is located in `drivers/net/ethernet/mellanox/mlxsw/core_thermal.c`. The issue was introduced in kernel version 4.10 with commit `a50c1e35650b` and fixed in various later versions, including 5.4.155, 5.10.75, 5.14.14, and 5.15.
+
+The bug is caused by an out-of-bounds write access to a kernel object allocated on the kmalloc-1k cache, which has a size of 1024 bytes. The buggy address is located 1016 bytes inside this region, and the memory state around the buggy address shows that the adjacent memory regions are filled with `fc` bytes.
+
+The vulnerability can be mitigated by updating to the latest stable kernel version or by applying individual patches from the commits listed in the CVE report. Cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47442

diff --git a/CVE-2021-47442 b/CVE-2021-47442
new file mode 100644
index 0000000..b264420
--- /dev/null
+++ b/CVE-2021-47442
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47442 is a memory leak issue in the Linux kernel's NFC (Near Field Communication) digital technology implementation. Specifically, the problem lies in the `digital_in_send_sdd_req()` function, where an `skb` (socket buffer) is allocated but not freed when the `digital_in_send_cmd()` function fails. This leads to a memory leak.
+
+The issue was introduced in kernel version 3.13 with commit 2c66daecc409 and has been fixed in various subsequent kernel versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, 5.14.14, and 5.15.
+
+The affected file is `net/nfc/digital_technology.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported separately. However, if updating is not possible, the individual fixes can be found in the specified commits.
+

CVE-2021-47443

diff --git a/CVE-2021-47443 b/CVE-2021-47443
new file mode 100644
index 0000000..79e4a6a
--- /dev/null
+++ b/CVE-2021-47443
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47443, resides in the Linux kernel's NFC (Near Field Communication) digital subsystem. Specifically, it affects the `digital_tg_listen_mdaa()` function in `net/nfc/digital_core.c`. The issue arises from a possible memory leak due to improper error handling.
+
+In the vulnerable code path, `params` is allocated in `digital_tg_listen_mdaa()`, but not freed when `digital_send_cmd()` fails. This leads to a memory leak, as the allocated memory is not released back to the system. To fix this issue, the `params` structure needs to be freed when `digital_send_cmd()` returns an error.
+
+The vulnerability was introduced in kernel version 3.13 with commit 1c7a4c24fbfd and has been fixed in various kernel versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15. The fixes can be found in the corresponding commits listed in the CVE announcement.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are never tested alone and cherry-picking individual commits is not supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual fixes can be applied from the provided commit links.
+

CVE-2021-47444

diff --git a/CVE-2021-47444 b/CVE-2021-47444
new file mode 100644
index 0000000..fc09837
--- /dev/null
+++ b/CVE-2021-47444
@@ -0,0 +1,6 @@
+The vulnerability resides in the `connector_bad_edid()` function within the Direct Rendering Manager (DRM) subsystem of the Linux kernel. Specifically, the issue arises from the function's assumption that the memory allocated for the Extended Display Identification Data (EDID) is sufficient to hold `edid[0x7e] + 1` blocks of data, ignoring the `num_blocks` parameter which indicates the actual amount of memory allocated.
+
+This oversight can lead to issues when handling errors in the first block of the EDID. In such cases, `connector_bad_edid()` is called without reallocating memory based on `edid[0x7e]`. To mitigate this vulnerability, a bounds check has been added to ensure that `num_of_ext` is capped by `num_blocks` read.
+
+The affected files are limited to `drivers/gpu/drm/drm_edid.c`, and the issue was introduced in kernel version 5.7 with commit e11f5bd8228f. Fixes have been applied in kernel versions 5.10.75, 5.14.14, and 5.15 with commits a7b45024f66f, 09f3946bb452, and 97794170b696, respectively.
+

CVE-2021-47445

diff --git a/CVE-2021-47445 b/CVE-2021-47445
new file mode 100644
index 0000000..07a5065
--- /dev/null
+++ b/CVE-2021-47445
@@ -0,0 +1,6 @@
+The Linux kernel vulnerability CVE-2021-47445 affects the `drm/msm` driver, specifically in the `edp_ctrl.c` file. The issue arises from a null pointer dereference on the `edp` pointer, which occurs because the initialization of the `dev` pointer dereferences `edp` before it is null-checked. This can lead to a potential null pointer deference issue.
+
+To fix this vulnerability, the patch ensures that `edp` is only dereferenced after it has been null-checked. This fix was introduced in various kernel versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, and 5.15.
+
+The affected file is `drivers/gpu/drm/msm/edp/edp_ctrl.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and may introduce other bugs. However, if updating is impossible, the individual commits that fix this issue can be cherry-picked from the Git repository.
+

CVE-2021-47446

diff --git a/CVE-2021-47446 b/CVE-2021-47446
new file mode 100644
index 0000000..fd7afcb
--- /dev/null
+++ b/CVE-2021-47446
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47446 affects the Linux kernel, specifically the `drm/msm/a4xx` module. The issue is related to error handling in the `a4xx_gpu_init()` function, where it returns 1 on error instead of a negative error code. This leads to an Oops (kernel panic) in the caller.
+
+Furthermore, the check for `"if (ret != -ENODATA)"` cannot be true because the `ret` variable is set to 1, making the error handling flawed.
+
+The issue was introduced in kernel version 5.11 with commit 5785dd7a8ef0 and fixed in versions 5.14.14 with commit 3962d626eb3e and 5.15 with commit 980d74e7d03c. The affected file is `drivers/gpu/drm/msm/adreno/a4xx_gpu.c`.
+
+To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the commits mentioned above. However, it's important to note that cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47447

diff --git a/CVE-2021-47447 b/CVE-2021-47447
new file mode 100644
index 0000000..5c1a489
--- /dev/null
+++ b/CVE-2021-47447
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47447 is related to error handling in the `a3xx_gpu_init()` function within the `drm/msm/a3xx` driver of the Linux kernel. Specifically, the error paths in this function returned 1 on failure instead of a negative error code, leading to an Oops (kernel panic) in the caller. Additionally, the check for "if (ret != -ENODATA)" did not work because "ret" was set to 1.
+
+This issue was introduced in kernel version 5.11 with commit 5785dd7a8ef0 and was fixed in versions 5.14.14 with commit d59e44e7821a and 5.15 with commit 3eda90199537. The affected file is `drivers/gpu/drm/msm/adreno/a3xx_gpu.c`.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes. Cherry-picking individual commits is not recommended or supported by the Linux kernel community. If updating to the latest release is impossible, the individual changes to resolve this issue can be found at the specified commit links.
+

CVE-2021-47448

diff --git a/CVE-2021-47448 b/CVE-2021-47448
new file mode 100644
index 0000000..97cf471
--- /dev/null
+++ b/CVE-2021-47448
@@ -0,0 +1,25 @@
+
+**Vulnerability Description:**
+
+The vulnerability exists in the Linux kernel's MPTCP (Multipath TCP) protocol implementation, specifically in the `mptcp_release_cb` function. The issue arises from the use of an atomic bit operation to test and clear a specific bit (`MPTCP_DATA_READY`) in the `msk` receive queue. This can lead to a race condition, causing the kernel to access uninitialized memory or perform incorrect operations.
+
+**Technical Details:**
+
+The vulnerability is triggered when the `mptcp_recvmsg` function is called, which eventually leads to the execution of the `mptcp_release_cb` function. In this function, the `test_and_clear_bit` macro is used to clear the `MPTCP_DATA_READY` bit in the `msk` receive queue. However, this operation is not atomic, and a concurrent access to the same bit can occur, leading to a race condition.
+
+**Exploitation:**
+
+The vulnerability can be exploited by an attacker who can trigger the execution of the vulnerable code path, potentially leading to a kernel crash or arbitrary code execution.
+
+**Fix:**
+
+The fix involves replacing the `MPTCP_DATA_READY` bit with direct inspection of the `msk` receive queue. This ensures that the operation is atomic and eliminates the race condition.
+
+**Affected Versions:**
+
+The vulnerability was introduced in Linux kernel version 5.6 (commit 7a6a6cbc3e59) and fixed in versions 5.14.14 (commit 1a4554e94f0d) and 5.15 (commit 612f71d7328c).
+
+**Mitigation:**
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this vulnerability, as well as other bugfixes. Cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47449

diff --git a/CVE-2021-47449 b/CVE-2021-47449
new file mode 100644
index 0000000..17f4a06
--- /dev/null
+++ b/CVE-2021-47449
@@ -0,0 +1,17 @@
+The CVE-2021-47449 vulnerability is a deadlock issue in the Linux kernel, specifically in the `ice_ptp.c` file of the Intel ICE Ethernet driver. The problem arises from an incorrect use of a lock in the tracker flow, which can lead to a potential deadlock.
+
+In the affected code, the lock is taken around the entire kthread loop, including bit accesses, whereas in other parts of the code, such as the cleanup kthread and work kthread, the lock is only taken around bit accesses. This inconsistent locking behavior can cause a deadlock when trying to access the `in_use` bitmap.
+
+The fix involves changing the tracker flow to use the same locking mechanism as the standard cleanup thread, ensuring that the `in_use` bitmap is properly cleared. This patch was introduced in kernel version 5.14.14 with commit `61616be89997`.
+
+The vulnerability was introduced in kernel version 5.14.4 with commit `46720ac66c21`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as many other bugfixes. Individual changes should not be cherry-picked, as they are part of a larger kernel release and may interact with other fixes.
+
+Technical details of the vulnerability include:
+
+* The vulnerable function is `do_sys_delete_module`.
+* The lock in question is used to protect ordering of bit sets vs bit clears.
+* The Tx writers in the hot path do not need to be protected against the entire kthread loop.
+* The cleanup loop does not need to block all new set bits, since it will re-queue itself if new timestamps are present.
+
+Overall, this vulnerability highlights the importance of consistent locking mechanisms and proper synchronization in kernel code to prevent deadlocks.
+

CVE-2021-47450

diff --git a/CVE-2021-47450 b/CVE-2021-47450
new file mode 100644
index 0000000..9fc4e40
--- /dev/null
+++ b/CVE-2021-47450
@@ -0,0 +1,6 @@
+The Linux kernel's KVM (Kernel-based Virtual Machine) page-table library has a vulnerability on arm64 architectures. The issue arises from the refcounting of pages in concatenated stage-2 PGDs (Page Global Directories). In protected mode, the host's stage-2 PGD is managed by EL2 as a single high-order compound page, which can cause the refcount of the tail pages to reach 0 prematurely, leading to page-table corruption.
+
+The problem occurs because the KVM page-table library refcounts individual pages of concatenated stage-2 PGDs separately. However, when running in protected mode, the host's stage-2 PGD is treated as a single compound page by EL2, which can result in incorrect refcounting. To fix this issue, a new `hyp_split_page()` helper function has been introduced in the EL2 page allocator, similar to the kernel's `split_page()` function. This function is then used from `host_s2_zalloc_pages_exact()`.
+
+The vulnerability was introduced in Linux kernel version 5.13 and fixed in versions 5.14.15 and 5.15. The affected files are `arch/arm64/kvm/hyp/include/nvhe/gfp.h`, `arch/arm64/kvm/hyp/nvhe/mem_protect.c`, and `arch/arm64/kvm/hyp/nvhe/page_alloc.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from specific commits.
+

CVE-2021-47451

diff --git a/CVE-2021-47451 b/CVE-2021-47451
new file mode 100644
index 0000000..3a09c2d
--- /dev/null
+++ b/CVE-2021-47451
@@ -0,0 +1,8 @@
+The vulnerability occurs in the Linux kernel's netfilter module, specifically in the `xt_IDLETIMER` component. When a rule related to IDLETIMER is added, the `idletimer_tg` timer structure is initialized using `kmalloc`. However, the `timer_type` field of the `timer` structure is not explicitly set, leaving it with a garbage value. This can cause a kernel panic when the `alarm_expires_remaining` function is called.
+
+The fix involves initializing the `timer->timer_type` field using `kzalloc` instead of `kmalloc`, ensuring that the timer type is properly defined and preventing the kernel panic.
+
+The vulnerability was introduced in Linux kernel version 5.7 with commit 68983a354a65 and was fixed in versions 5.10.76, 5.14.15, and 5.15 with commits 2a670c323055, cae7cab804c9, and 902c0b188752, respectively.
+
+The affected file is `net/netfilter/xt_IDLETIMER.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, rather than cherry-picking individual commits.
+

CVE-2021-47452

diff --git a/CVE-2021-47452 b/CVE-2021-47452
new file mode 100644
index 0000000..61fe571
--- /dev/null
+++ b/CVE-2021-47452
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47452, affects the Linux kernel's netfilter subsystem, specifically the nf_tables component. The issue arises when a network namespace (netns) is removed, generating netdev events that attempt to unregister hooks multiple times. This occurs because the `.pre_exit` hook for nf_tables core has already removed the base hook, but the notifier still attempts to do so again.
+
+The problem is rooted in the historical need for unconditional base hook unregistering due to the last-stage dereferencing of `reg->dev` in notifiers. However, with nf_tables now handling hook removal in `.pre_exit`, this precaution is no longer necessary. The fix involves skipping netdev events generated during netns removal.
+
+The vulnerability was introduced in kernel versions 5.11, 5.4.99, and 5.10.17, through commits 767d1216bff8, b110391d1e80, and 0a0e5d47670b, respectively. It has been fixed in kernel versions 5.14.15 and 5.15, through commits 90c7c58aa2bd and 68a3765c659f, respectively. The affected file is `net/netfilter/nft_chain_filter.c`. To mitigate this issue, updating to the latest stable kernel version is recommended.
+

CVE-2021-47453

diff --git a/CVE-2021-47453 b/CVE-2021-47453
new file mode 100644
index 0000000..a69433e
--- /dev/null
+++ b/CVE-2021-47453
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47453, is related to the Intel Ethernet "ice" driver in the Linux kernel. Specifically, it affects the remove path of the driver, where an attempt is made to free the `aux_idx` IDA (Internal Descriptor Allocation) whether it was allocated or not. This can cause a crash when unloading the driver on systems that do not initialize support for RDMA (Remote Direct Memory Access).
+
+The issue arises because the `aux_idx` IDA is allocated at probe time if the driver detects support for RDMA, but the driver can enter into a state where RDMA is not supported after the IDA has been allocated. In this case, freeing the IDA would lead to a memory leak.
+
+To fix this vulnerability, the `aux_idx` is initialized to an invalid value and checked for a valid value when unloading the driver. This ensures that the IDA free operation is only performed if it was actually allocated.
+
+The affected files are `drivers/net/ethernet/intel/ice/ice_main.c`. The issue was introduced in kernel version 5.14 with commit `d25a0fc41c1f` and fixed in versions 5.14.15 with commit `777682e59840` and 5.15 with commit `73e30a62b19b`.
+

CVE-2021-47454

diff --git a/CVE-2021-47454 b/CVE-2021-47454
new file mode 100644
index 0000000..35d316a
--- /dev/null
+++ b/CVE-2021-47454
@@ -0,0 +1,8 @@
+The vulnerability, CVE-2021-47454, is related to the Linux kernel's handling of CPU offline and online operations on PowerPC architectures. Specifically, when a CPU is offlined and then onlined again with PREEMPT_COUNT enabled, the idle task's preempt count is decremented in the CPU offline path, leading to a scheduling bug.
+
+The issue arises because powerpc's arch_cpu_idle_dead() function decrements the idle task's preempt count, which was originally intended to re-enable preemption before cpu_die(). However, this justification no longer holds since commits 2c669ef6979c and f1a0a376ca0c, which changed the way preemption is handled for the idle task.
+
+The fix involves removing the vestigial preempt_enable() call from the CPU offline path, ensuring that the idle task's preempt count is not decremented during hotplug operations. This fix has been applied to various kernel versions, including 5.10.76, 5.14.15, and 5.15.
+
+The affected file is arch/powerpc/kernel/smp.c, and users are advised to update to the latest stable kernel version to resolve this issue. Individual changes can be found in the specified commits, but cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47455

diff --git a/CVE-2021-47455 b/CVE-2021-47455
new file mode 100644
index 0000000..7c94a27
--- /dev/null
+++ b/CVE-2021-47455
@@ -0,0 +1,7 @@
+
+The Linux kernel vulnerability, tracked as CVE-2021-47455, is a memory leak in the `ptp_clock_register()` function. This function is responsible for registering a new PTP (Precision Time Protocol) clock device. When `posix_clock_register()` returns an error, the name allocated in `dev_set_name()` will be leaked, causing a memory leak.
+
+The issue occurs because when `posix_clock_register()` fails, the `put_device()` function is not called to release the device reference. As a result, the name allocated by `kobject_set_name_vargs()` is not freed, leading to a memory leak. The fix involves calling `put_device()` in the error path of `ptp_clock_register()` to release the device reference and free the allocated name.
+
+The vulnerability was introduced in kernel version 5.5 with commit `a33121e5487b` and fixed in versions 5.14.15, 5.15, and other releases. The affected file is `drivers/ptp/ptp_clock.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47456

diff --git a/CVE-2021-47456 b/CVE-2021-47456
new file mode 100644
index 0000000..a64cfc4
--- /dev/null
+++ b/CVE-2021-47456
@@ -0,0 +1,12 @@
+The vulnerability, tracked as CVE-2021-47456, is a use-after-free (UAF) issue in the Linux kernel's peak_pci_remove() function. This function is responsible for removing the peak_pci module.
+
+When the peak_pci module is removed, the 'chan' variable is referenced again after releasing the 'dev' variable, leading to a UAF scenario. This occurs because the 'dev' variable is released too early, allowing the 'chan' variable to access already freed memory.
+
+The issue was discovered through a KASAN (Kernel Address Sanitizer) report, which revealed a read of size 8 at an address that had already been freed. The call trace showed that the peak_pci_remove() function was accessing the freed memory.
+
+To fix this vulnerability, the 'dev' variable is released later in the peak_pci_remove() function, preventing the UAF scenario.
+
+The issue was introduced in kernel version 3.4 and was fixed in various subsequent versions, including 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, and 5.15.
+
+The affected file is drivers/net/can/sja1000/peak_pci.c. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported by the kernel community.
+

CVE-2021-47457

diff --git a/CVE-2021-47457 b/CVE-2021-47457
new file mode 100644
index 0000000..763d411
--- /dev/null
+++ b/CVE-2021-47457
@@ -0,0 +1,8 @@
+The CVE-2021-47457 vulnerability affects the Linux kernel's CAN (Controller Area Network) implementation, specifically in the `isotp_sendmsg()` function. This function uses `wait_event_interruptible()` to wait for complete transmission, but it does not check the result of this call, which can be interrupted.
+
+When this happens, multiple processes may access the TX buffer simultaneously, leading to interference between them. This issue was reported by syzbot and causes a warning in the kernel log, indicating that the `isotp_tx_timer_handler()` function has been interrupted.
+
+To fix this vulnerability, a result check for `wait_event_interruptible()` has been added in the `isotp_sendmsg()` function. This ensures that the TX buffer is not accessed by multiple processes simultaneously.
+
+The affected versions of the Linux kernel are 5.10, 5.14, and 5.15, with specific commit hashes introducing and fixing the issue. The recommended mitigation is to update to the latest stable kernel version, which includes this fix and many others.
+

CVE-2021-47458

diff --git a/CVE-2021-47458 b/CVE-2021-47458
new file mode 100644
index 0000000..1aa39ab
--- /dev/null
+++ b/CVE-2021-47458
@@ -0,0 +1,6 @@
+The vulnerability is a buffer overflow in the `strlen` function, which occurs when mounting an ocfs2 filesystem with either o2cb or pcmk cluster stack. This happens because the strings for cluster stack and cluster name are not guaranteed to be null-terminated in the disk representation, while `strlcpy` assumes that the source string is always null-terminated.
+
+When this occurs, a read outside of the source string triggers the buffer overflow detection, leading to a kernel bug being detected. The issue has been resolved in various Linux kernel versions, including 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, and 5.14.15.
+
+The affected file is `fs/ocfs2/super.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as many other bugfixes. If updating is impossible, individual changes can be found in specific commits on the Git kernel repository.
+

CVE-2021-47459

diff --git a/CVE-2021-47459 b/CVE-2021-47459
new file mode 100644
index 0000000..139f7ad
--- /dev/null
+++ b/CVE-2021-47459
@@ -0,0 +1,8 @@
+The vulnerability resides in the `j1939_netdev_start()` function of the J1939 protocol implementation in the Linux kernel's CAN (Controller Area Network) subsystem. Specifically, it affects the handling of the `rx_kref` reference counter for the `j1939_priv` structure.
+
+The issue arises when two CPU threads concurrently call `j1939_sk_bind()` and `j1939_netdev_start()` functions, leading to a use-after-free (UAF) scenario. This occurs because the `kref_get()` and `kref_put()` operations on `rx_kref` are not properly protected by the `j1939_netdev_lock`, allowing for concurrent modifications that result in an incorrect reference count.
+
+The vulnerability can be triggered by creating a J1939 socket, binding it to a network device, starting the network device, and then stopping the network device while another thread is concurrently adding a J1939 session key. This sequence of events leads to a refcount warning and a use-after-free error.
+
+The fix involves protecting the `kref_get()` and `kref_put()` operations on `rx_kref` with the `j1939_netdev_lock`, ensuring that these critical sections are executed atomically and preventing concurrent modifications that can lead to UAF.
+

CVE-2021-47460

diff --git a/CVE-2021-47460 b/CVE-2021-47460
new file mode 100644
index 0000000..5d54a40
--- /dev/null
+++ b/CVE-2021-47460
@@ -0,0 +1,8 @@
+The vulnerability CVE-2021-47460 affects the OCFS2 file system in the Linux kernel. It occurs when converting an inode from inline format to a normal inode format, and can cause data corruption.
+
+The issue arises because the code attempts to zero out the entire cluster allocated for file data by grabbing, zeroing, and dirtying all pages covering this cluster. However, these pages are beyond the i_size, so the writeback code ignores them and no blocks are actually zeroed on disk.
+
+Commit 6dbf7bb55598 made things worse by stopping the invalidation of buffers on pages beyond i_size. As a result, when a file is converted from inline format, then writeback triggers, and then the file is grown so that these pages become valid, the invalid dirtiness state is preserved. The mark_buffer_dirty() function does nothing on these pages (because the buffers are already dirty), but the page is never written back because it's clean. This causes data written to these pages to be lost once they're reclaimed.
+
+The fix for this problem involves not doing the pointless zeroing during conversion from inline format, similar to the standard write path. The affected file is fs/ocfs2/alloc.c. The issue was introduced in various kernel versions (4.9.242, 4.14.204, 4.19.155, 5.4.75, and 5.10) and fixed in subsequent versions.
+

CVE-2021-47461

diff --git a/CVE-2021-47461 b/CVE-2021-47461
new file mode 100644
index 0000000..7a5d073
--- /dev/null
+++ b/CVE-2021-47461
@@ -0,0 +1,6 @@
+A race condition vulnerability was discovered in the Linux kernel's userfaultfd implementation, specifically between the `writeprotect` and `exit_mmap()` functions. This issue arises when a process exits, its VMAs (Virtual Memory Areas) are removed by `exit_mmap()`, and simultaneously, `userfaultfd_writeprotect()` is called.
+
+The race condition was detected by KASAN (Kernel Address Space Layout Randomization) on a development kernel but is also possible on vanilla kernels. To fix this issue, the `mmget_not_zero()` function is used to prevent the race, similar to other userfaultfd operations. This vulnerability has been assigned CVE-2021-47461.
+
+The affected versions of the Linux kernel are 5.7 and later, introduced by commit 63b2d4174c4a. The fix was applied in versions 5.10.76 (commit 3cda4bfffd4f), 5.14.15 (commit 149958ecd062), and 5.15 (commit cb185d5f1ebf). To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be found in the specified commits.
+

CVE-2021-47462

diff --git a/CVE-2021-47462 b/CVE-2021-47462
new file mode 100644
index 0000000..6f4c989
--- /dev/null
+++ b/CVE-2021-47462
@@ -0,0 +1,8 @@
+The vulnerability, CVE-2021-47462, is related to the Linux kernel's memory policy subsystem. Specifically, it allows illegal combinations of `MPOL_F_NUMA_BALANCING` and `MPOL_LOCAL` flags in the `mbind()` system call.
+
+The issue was introduced in kernel version 5.12 with commit `bda420b98505`, which added a new bit to `MPOL_MODE_FLAGS` but only checked valid combinations in `do_set_mempolicy()`. This patch moves the check to `sanitize_mpol_flags()` so that it is also used by `mbind()`.
+
+The vulnerability was reported by syzbot, which found access to uninitialized memory in `mbind()` leading to a kernel panic. The issue was fixed in kernel versions 5.14.15 and 5.15 with commits `9ee4e9ae98f1` and `6d2aec9e123b`, respectively.
+
+The affected file is `mm/mempolicy.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are never tested alone and cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47463

diff --git a/CVE-2021-47463 b/CVE-2021-47463
new file mode 100644
index 0000000..c76ef38
--- /dev/null
+++ b/CVE-2021-47463
@@ -0,0 +1,6 @@
+The CVE-2021-47463 vulnerability is a NULL pointer dereference issue in the Linux kernel's `page_is_secretmem()` function, which is used to check if a page belongs to a secret memory mapping. The problem occurs when the `page->mapping` field is nullified while the `gup()` (get user pages) function is running, for example, due to page reclaim or truncation.
+
+The vulnerability can lead to a kernel NULL pointer dereference, causing a denial-of-service attack. The issue was introduced in Linux kernel version 5.14 with commit 1507f51255c9 and was fixed in versions 5.14.15 and 5.15 with commits b77ba1e02345 and 79f9bc584314, respectively.
+
+The fix involves checking for a NULL `page->mapping` before dereferencing it in the `page_is_secretmem()` function. The affected file is `include/linux/secretmem.h`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47464

diff --git a/CVE-2021-47464 b/CVE-2021-47464
new file mode 100644
index 0000000..8d163d6
--- /dev/null
+++ b/CVE-2021-47464
@@ -0,0 +1,8 @@
+The vulnerability, CVE-2021-47464, is a possible null-pointer dereference in the `audit_filter_rules` function of the Linux kernel's audit subsystem. This issue was introduced in kernel version 5.3 with commit bf361231c295 and fixed in various subsequent kernel versions (5.4.156, 5.10.76, 5.14.15, and 5.15).
+
+The problem arises because the `audit_filter_rules` function previously assumed that the `ctx` pointer could be null. However, this assumption is incorrect, leading to a potential null-pointer dereference when trying to access or manipulate the `ctx` object.
+
+To fix this issue, the kernel developers updated the `audit_filter_rules` function to properly handle the case where `ctx` is null. The fix involves checking for null before attempting to access or use the `ctx` pointer, thereby preventing any potential null-pointer dereferences.
+
+The affected file is `kernel/auditsc.c`, and the recommended mitigation is to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the commits listed in the CVE announcement.
+

CVE-2021-47465

diff --git a/CVE-2021-47465 b/CVE-2021-47465
new file mode 100644
index 0000000..3d1fe3e
--- /dev/null
+++ b/CVE-2021-47465
@@ -0,0 +1,10 @@
+The vulnerability occurs in the Linux kernel's KVM (Kernel-based Virtual Machine) implementation on PowerPC Book3S HV systems. Specifically, it affects the `idle_kvm_start_guest()` function, which is responsible for starting a guest virtual machine.
+
+The issue arises from the way the emergency stack is handled in this function. The emergency stack is allocated with a fixed size, and the `idle_kvm_start_guest()` function creates a frame on entry, stores the CR/LR registers in the caller's frame, and then saves the non-volatile registers. However, the created frame is not large enough to fit the non-volatile registers, causing the saving process to write outside the allocated emergency stack space.
+
+This results in corruption of memory locations 0-24 bytes and 112-248 bytes above the emergency stack allocation. Fortunately, this corruption has gone unnoticed because the affected memory regions are used for other stack allocations, which rarely occur under normal circumstances.
+
+The fix involves saving CR/LR into the caller's frame using an existing register, creating a SWITCH_FRAME_SIZE frame on the emergency stack with the backchain pointing to the existing stack, and then switching to the new frame. This ensures that the stack handling is correct, and no memory corruption occurs.
+
+This vulnerability was introduced in Linux kernel version 5.2 and fixed in versions 5.4.156, 5.10.76, 5.14.15, and 5.15.
+

CVE-2021-47466

diff --git a/CVE-2021-47466 b/CVE-2021-47466
new file mode 100644
index 0000000..b5b0f10
--- /dev/null
+++ b/CVE-2021-47466
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47466, is a potential memory leak in the `kmem_cache_open()` function of the SLUB allocator (mm/slub.c). In the error path, the `random_seq` of the SLUB cache might not be released properly, leading to a memory leak. The fix involves using `__kmem_cache_release()` to release all relevant resources.
+
+The issue was introduced in kernel version 4.8 with commit 210e7a43fa90 and has been fixed in various kernel versions, including 5.4.156 (commit 4f5d1c29cfab), 5.10.76 (commit 568f906340b4), 5.14.15 (commit 42b81946e3ac), and 5.15 (commit 9037c57681d2). The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes.
+
+The affected file is `mm/slub.c`, which is part of the SLUB allocator. If updating to the latest release is not possible, individual changes to resolve this issue can be found at the specified commit hashes on the Linux kernel Git repository. However, cherry-picking individual commits is not recommended or supported by the Linux kernel community.
+

CVE-2021-47467

diff --git a/CVE-2021-47467 b/CVE-2021-47467
new file mode 100644
index 0000000..f05425a
--- /dev/null
+++ b/CVE-2021-47467
@@ -0,0 +1,6 @@
+The vulnerability, identified as CVE-2021-47467, is a reference count leak in the `kfree_at_end()` function of the Linux kernel's KUnit testing framework. The issue arises when `kunit_alloc_and_get_resource()` is called, which forgets to handle the returned resource object, causing its reference count to increase and leading to a reference count leak.
+
+To fix this issue, the `kunit_alloc_resource()` function should be used instead of `kunit_alloc_and_get_resource()`. This change ensures that the reference count of the resource object is properly handled. The fix was implemented in commits bbdd158b40b6 (for kernel version 5.14.15) and f62314b1ced2 (for kernel version 5.15).
+
+The affected file is `lib/kunit/executor_test.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version, which includes this fix along with other bugfixes. Cherry-picking individual commits is not recommended or supported by the Linux kernel community. If updating to the latest release is impossible, the individual changes can be found in the specified commits.
+

CVE-2021-47468

diff --git a/CVE-2021-47468 b/CVE-2021-47468
new file mode 100644
index 0000000..84f6c62
--- /dev/null
+++ b/CVE-2021-47468
@@ -0,0 +1,8 @@
+The CVE-2021-47468 vulnerability is a sleeping function called from an invalid context in the mISDN driver of the Linux kernel. Specifically, the `card->isac.release()` function can be called from an atomic context, which is not allowed.
+
+When this function is called, it triggers a BUG warning indicating that a sleeping function was called from an invalid context. This warning includes information about the lockdep being turned off and the irq event stamp. The call trace reveals that the issue occurs when `mISDN_freedchannel()` calls `isac_release()`, which in turn calls `nj_release()`.
+
+The fix for this vulnerability involves calling the `card->isac.release()` function after releasing the lock, ensuring that it is not called from an atomic context. This fix has been applied to various kernel versions, including 4.4.290, 4.9.288, 4.14.253, 4.19.214, 5.4.156, 5.10.76, and 5.15.
+
+The affected file is `drivers/isdn/hardware/mISDN/netjet.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47469

diff --git a/CVE-2021-47469 b/CVE-2021-47469
new file mode 100644
index 0000000..53ac223
--- /dev/null
+++ b/CVE-2021-47469
@@ -0,0 +1,6 @@
+The Linux kernel is vulnerable to a deadlock when adding SPI controllers on SPI buses. The issue arises from the use of a global `spi_add_lock` which is taken when adding new devices to ensure that chip selects are not reused. However, if an SPI device is itself a SPI controller and triggers the instantiation of further SPI devices, it can cause a deadlock.
+
+The deadlock occurs because the registration and instantiation of the child devices happen while holding the global `spi_add_lock`, which is already held by the parent controller. To fix this issue, the lock has been moved to be per-controller, avoiding the deadlock. This vulnerability can be easily triggered in cases where an SPI device is a mux (a multiplexer that selects one of several input signals).
+
+The fix involves moving the `spi_add_lock` from being a global lock to a per-controller lock, allowing multiple controllers on the same bus to add devices concurrently without deadlocking. The fix has been applied in kernel versions 5.14.15 and 5.15, with commits 722ef19a161c and 6098475d4cb4, respectively.
+

CVE-2021-47470

diff --git a/CVE-2021-47470 b/CVE-2021-47470
new file mode 100644
index 0000000..c11e25c
--- /dev/null
+++ b/CVE-2021-47470
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47470, is a potential use-after-free issue in the Linux kernel's slab debugging functionality. The problem occurs when `sysfs_slab_add` fails, and subsequently calls `debugfs_slab_add()` for the slab structure `s`. Since `s` will be freed soon after, `slab_debugfs_fops` will later attempt to use `s`, leading to a use-after-free scenario.
+
+The issue is specific to the SLUB allocator's debug filesystem implementation, which is used to expose internal slab data structures to user space through the `/sys/kernel/slab/` directory. The problem arises from incorrect error handling in the `slab_debugfs_fops` function, where it fails to account for the possibility of `s` being freed before it can be safely accessed.
+
+The vulnerability was introduced in Linux kernel version 5.14 with commit 64dd68497be7 and has been fixed in versions 5.14.15 (commit 159d8cfbd042) and 5.15 (commit 67823a544414). Affected files include `mm/slub.c`. To mitigate this issue, it is recommended to update to the latest stable kernel version, as individual changes are not tested or supported by the Linux kernel community.
+

CVE-2021-47471

diff --git a/CVE-2021-47471 b/CVE-2021-47471
new file mode 100644
index 0000000..5b268a5
--- /dev/null
+++ b/CVE-2021-47471
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47471 occurs in the Linux kernel's `mxsfb` driver, specifically in the `mxsfb_unload()` function. When unloading the driver, the `mxsfb->crtc.funcs` pointer may already be NULL, causing a NULL pointer dereference crash when calling `mxsfb_irq_disable()` via `drm_irq_uninstall()`. This is because the `mxsfb->base` pointer remains valid, allowing the IRQ to be cleared and masked.
+
+The issue was introduced in kernel version 5.10 with commit `ae1ed0093281` and was fixed in versions 5.10.76 with commit `f40c2281d2c0`, 5.14.15 with commit `b0e6db0656dd`, and 5.15 with commit `3cfc183052c3`. The affected file is `drivers/gpu/drm/mxsfb/mxsfb_drv.c`.
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version. Individual changes should not be cherry-picked, as they are part of a larger kernel release and may have unintended consequences. If updating to the latest release is impossible, the individual commits that resolve this issue can be found at the provided Git links.
+

CVE-2021-47473

diff --git a/CVE-2021-47473 b/CVE-2021-47473
new file mode 100644
index 0000000..9150cb6
--- /dev/null
+++ b/CVE-2021-47473
@@ -0,0 +1,8 @@
+The vulnerability, identified as CVE-2021-47473, exists in the Linux kernel's qla2xxx SCSI driver. Specifically, it affects the `qla_bsg.c` file. The issue is a memory leak that occurs in an error path of the `qla2x00_process_els()` function.
+
+The problem arises from a commit (8c0eb596baa5) introduced in kernel version 3.11, which intended to fix a memory leak but instead changed a conditional statement from `bsg_job->request->msgcode != FC_BSG_RPT_ELS` to `bsg_job->request->msgcode == FC_BSG_RPT_ELS`. This change causes the `fcport` structure to be leaked or unallocated memory to be freed, leading to a memory leak.
+
+The fix involves changing the conditional statement back to its original form, using the `!=` operator instead of `==`. This fix has been applied in kernel versions 5.10.76, 5.14.15, and 5.15.
+
+To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, the individual commits that resolve this issue can be cherry-picked from the Linux kernel repository. However, the Linux kernel community does not recommend or support cherry-picking individual commits, as they are part of a larger kernel release and may introduce unintended consequences.
+

CVE-2021-47474

diff --git a/CVE-2021-47474 b/CVE-2021-47474
new file mode 100644
index 0000000..d92bc54
--- /dev/null
+++ b/CVE-2021-47474
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47474, exists in the Linux kernel's Comedi driver for vmk80xx devices. The issue arises from the driver using endpoint-sized buffers without ensuring that the transmit (tx) and receive (rx) buffers are of equal size. This allows a malicious device to overflow the slab-allocated receive buffer during bulk transfers, potentially leading to memory corruption or other security issues.
+
+The root cause of this vulnerability lies in the incorrect assumption made by the driver regarding the sizes of the tx and rx buffers. By not verifying that these buffers are of equal size, the driver creates an opportunity for an attacker to exploit the difference in buffer sizes, resulting in a bulk-buffer overflow.
+
+The affected file is `drivers/comedi/drivers/vmk80xx.c`, and the issue has been present since Linux kernel version 2.6.31 (commit 985cafccbf9b). The vulnerability has been fixed in various kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.217, 5.4.159, 5.10.79, 5.14.18, and 5.15.2 (commits e0e6a63fd97a, 7cfb35db6077, 0866dcaa828c, 063f576c43d5, 1ae4715121a5, b7fd7f3387f0, 7b0e35618932, and 47b4636ebdbe, respectively).
+

CVE-2021-47475

diff --git a/CVE-2021-47475 b/CVE-2021-47475
new file mode 100644
index 0000000..3256b76
--- /dev/null
+++ b/CVE-2021-47475
@@ -0,0 +1,8 @@
+The CVE-2021-47475 vulnerability affects the Linux kernel's comedi driver, specifically the vmk80xx module. The issue arises from the lack of sanity checks on USB transfer buffer sizes, which can lead to buffer overflows. This is because the driver uses endpoint-sized USB transfer buffers without verifying their validity.
+
+The vulnerability was introduced in kernel version 2.6.31 with commit 985cafccbf9b and has been fixed in various later kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.217, 5.4.159, 5.10.79, 5.14.18, and 5.15.2.
+
+The affected file is `drivers/comedi/drivers/vmk80xx.c`. The vulnerability can be exploited by a malicious device with a zero `wMaxPacketSize`, leading to NULL-pointer dereferences when accessing the transfer buffers. This can result in writing beyond the buffers, potentially causing system crashes or arbitrary code execution.
+
+To mitigate this issue, users are recommended to update to the latest stable kernel version. Individual changes can be cherry-picked from the specified commits, but this is not supported by the Linux kernel community.
+

CVE-2021-47476

diff --git a/CVE-2021-47476 b/CVE-2021-47476
new file mode 100644
index 0000000..e7da90a
--- /dev/null
+++ b/CVE-2021-47476
@@ -0,0 +1,8 @@
+The Linux kernel vulnerability CVE-2021-47476 affects the Comedi driver, specifically the ni_usb6501 module. The issue arises from a lack of sanity checks on USB transfer buffer sizes in the `ni6501_port_command()` and `ni6501_counter_command()` functions. This can lead to NULL pointer dereferences or overflowed transfer buffers if a malicious device has smaller max-packet sizes than expected, or when conducting descriptor fuzz testing.
+
+The vulnerability is fixed by adding sanity checks to the `probe()` function. The affected files are limited to `drivers/comedi/drivers/ni_usb6501.c`.
+
+This issue was introduced in kernel version 3.18 with commit a03bb00e50ab and has been fixed in various kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.217, 5.4.159, 5.10.79, 5.14.18, and 5.15.2.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported in isolation. However, if updating is impossible, the individual fixes can be found at the provided commit links.
+

CVE-2021-47477

diff --git a/CVE-2021-47477 b/CVE-2021-47477
new file mode 100644
index 0000000..3df8260
--- /dev/null
+++ b/CVE-2021-47477
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47477 affects the Linux kernel's comedi (Common Data Acquisition Interface) driver, specifically the dt9812.c file. The issue arises from allocating USB transfer buffers on the stack, which can cause DMA transfers to fail. Additionally, this allocation method leads to a stack information leak, as 32 bytes of data are always sent to the device regardless of the actual command length.
+
+The fix involves allocating proper transfer buffers in the various command helpers and returning an error on short transfers instead of acting on random stack data. This vulnerability was introduced in kernel version 2.6.29 with commit 63274cd7d38a and has been fixed in multiple subsequent kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.217, 5.4.159, 5.10.79, 5.14.18, 5.15.2, and 5.16.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported separately. However, the individual commits fixing this issue can be found at the provided Git links for users who cannot update to the latest release.
+

CVE-2021-47478

diff --git a/CVE-2021-47478 b/CVE-2021-47478
new file mode 100644
index 0000000..7e7ef37
--- /dev/null
+++ b/CVE-2021-47478
@@ -0,0 +1,6 @@
+The Linux kernel is vulnerable to out-of-bounds access when handling corrupted ISO file system (ISOFS) images. Specifically, the `isofs_read_inode()` function can read data beyond the end of a buffer when processing a corrupted ISOFS image. This occurs because the directory entry length is not properly sanity-checked before use.
+
+To exploit this vulnerability, an attacker would need to craft a specially corrupted ISOFS image that triggers the out-of-bounds access. The impact of this vulnerability could be arbitrary code execution or denial-of-service attacks.
+
+The fix for this issue involves adding a sanity check on the directory entry length in `isofs_read_inode()` to prevent out-of-bounds access. This fix has been applied to various Linux kernel versions, including 4.4.292, 4.9.290, 4.14.255, and others. Users are advised to update to the latest stable kernel version to resolve this issue.
+

CVE-2021-47479

diff --git a/CVE-2021-47479 b/CVE-2021-47479
new file mode 100644
index 0000000..a9b1ddb
--- /dev/null
+++ b/CVE-2021-47479
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47479, is a use-after-free issue in the `rtl8712_dl_fw` function of the Linux kernel's RTL8712 driver. The problem arises from a race condition between the `r871xu_dev_remove` and `ndo_open` callbacks. Specifically, the driver releases the firmware before unregistering the network device, leading to access of released firmware in the `ndo_open` callback.
+
+The issue can be seen in the crash log, where the driver accesses the firmware after it has been released. The fix involves moving the `unregister_netdev` call before cleaning up resources, ensuring that the firmware is not accessed after release.
+
+The vulnerability was introduced in kernel version 3.3 with commit 8c213fa59199 and was fixed in various versions, including 5.10.79, 5.14.18, 5.15.2, and 5.16. The affected file is `drivers/staging/rtl8712/usb_intf.c`.
+
+The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking commits is not supported by the Linux kernel community.
+

CVE-2021-47480

diff --git a/CVE-2021-47480 b/CVE-2021-47480
new file mode 100644
index 0000000..df0ee1e
--- /dev/null
+++ b/CVE-2021-47480
@@ -0,0 +1,10 @@
+The Linux kernel vulnerability CVE-2021-47480 occurs in the SCSI (Small Computer System Interface) core module, specifically when releasing a SCSI device. The issue arises because the SCSI host release is triggered when the SCSI device is freed, but the low-level device driver (LLD) module reference count is not properly managed.
+
+When the SCSI device is released, its associated LLD module should not be unloaded until the SCSI host instance is also released. However, in the vulnerable code, the LLD module refcnt is not incremented after the SCSI device is released, leading to a potential kernel panic due to an inability to handle page faults.
+
+The vulnerability was fixed by updating the SCSI core module to properly increment the LLD module refcnt after releasing the SCSI device. This ensures that the LLD module remains loaded until the SCSI host instance is fully released.
+
+The affected files are `drivers/scsi/scsi.c` and `drivers/scsi/scsi_sysfs.c`. The fix was applied to various kernel versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.216, 5.4.158, 5.10.78, 5.14.17, and 5.15.
+
+To mitigate this vulnerability, it is recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits. However, the Linux kernel community does not support or recommend cherry-picking individual commits, as they are part of a larger kernel release and may introduce unintended consequences.
+

CVE-2021-47481

diff --git a/CVE-2021-47481 b/CVE-2021-47481
new file mode 100644
index 0000000..1ecee16
--- /dev/null
+++ b/CVE-2021-47481
@@ -0,0 +1,6 @@
+The vulnerability occurs in the RDMA/mlx5 driver of the Linux kernel, specifically when creating an ODP (On-Demand Paging) Memory Region (MR). The issue arises because the ODP xarray is not properly initialized, leading to a page fault and subsequent crash. 
+
+Normally, this missing initialization would be hidden by zero-fill, but an errant set to `desc_size` in `reg_create()` causes the crash. The crash occurs when attempting to access an invalid memory address (`0000000800000000`) during the execution of `mlx5_ib_dereg_mr`. 
+
+The fix involves adding the missing xarray initialization and removing the `desc_size` set. This issue was introduced in kernel version 5.13 with commit `a639e66703ee` and fixed in kernel versions 5.14.16 with commit `5f6995295f65` and 5.15 with commit `5508546631a0`.
+

CVE-2021-47482

diff --git a/CVE-2021-47482 b/CVE-2021-47482
new file mode 100644
index 0000000..fc41ac0
--- /dev/null
+++ b/CVE-2021-47482
@@ -0,0 +1,6 @@
+The CVE-2021-47482 vulnerability affects the Linux kernel's batman-adv module, specifically in the error handling of `batadv_mesh_init()` and related functions. The issue arises from incorrect cleanup of uninitialized fields when `batadv_mesh_init()` fails, leading to crashes or general protection faults (GPFs) later on.
+
+The problem is that `batadv_mesh_init()` calls `batadv_mesh_free()` in case of failure, but this approach can lead to cleaning up uninitialized fields. To fix this, the patch unwinds the `batadv_*_init()` calls one by one, ensuring that all allocated memory is cleaned up before returning with an error. This not only fixes the bug but also improves performance by avoiding unnecessary calls to `batadv_*_free()` functions.
+
+The affected files are `bridge_loop_avoidance.c`, `main.c`, `network-coding.c`, and `translation-table.c` in the `net/batman-adv/` directory. The vulnerability was introduced in kernel version 2.6.38 with commit c6c8fea29769 and has been fixed in various subsequent kernel versions, including 4.4.293, 4.9.289, 4.14.254, 4.19.215, 5.4.157, 5.10.77, and 5.15.
+

CVE-2021-47483

diff --git a/CVE-2021-47483 b/CVE-2021-47483
new file mode 100644
index 0000000..f5fb08b
--- /dev/null
+++ b/CVE-2021-47483
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47483 is a double-free issue in the Linux kernel's regmap subsystem, specifically in the `regcache_rbtree_exit()` function. This occurs when the `present` realloc fails in `regcache_rbtree_insert_to_block()`, causing the `blk` pointer to point to freed memory. Later, in the error handling path of `regcache_rbtree_init()`, the `rbnode->block` pointer is freed again, resulting in a double-free error detected by KASAN (Kernel Address Sanitizer).
+
+The root cause of this issue is that the assignment of `rbnode->block` is delayed until after the reallocation has succeeded. To fix this, the assignment is moved to immediately after the reallocation, ensuring that the data structure remains valid even if the second reallocation fails.
+
+This vulnerability was introduced in kernel version 3.12 with commit 3f4ff561bc88 and fixed in various subsequent kernel versions, including 4.4.291, 4.9.289, 4.14.254, 4.19.215, 5.4.157, 5.10.77, 5.14.16, and 5.15. The affected file is `drivers/base/regmap/regcache-rbtree.c`.
+

CVE-2021-47484

diff --git a/CVE-2021-47484 b/CVE-2021-47484
new file mode 100644
index 0000000..a2aaf24
--- /dev/null
+++ b/CVE-2021-47484
@@ -0,0 +1,6 @@
+The CVE-2021-47484 vulnerability is a null pointer dereference issue in the Linux kernel, specifically in the octeontx2-af driver. This driver is used for Marvell OcteonTX2 network devices. The vulnerability occurs in two files: `rvu_debugfs.c` and `rvu_nix.c`, which are part of the `drivers/net/ethernet/marvell/octeontx2/af` directory.
+
+The issue arises because of a possible null pointer dereference, which can lead to a kernel crash or potentially allow an attacker to exploit the vulnerability. The Linux kernel CVE team has assigned this issue the identifier CVE-2021-47484.
+
+The vulnerability was introduced in Linux kernel version 5.5 with commit 8756828a8148 and was fixed in versions 5.14.16 with commit f1e3cd1cc802 and 5.15 with commit c2d4c543f74c. The recommended mitigation is to update to the latest stable kernel version, as individual changes are never tested alone and cherry-picking individual commits is not supported by the Linux kernel community.
+

CVE-2021-47485

diff --git a/CVE-2021-47485 b/CVE-2021-47485
new file mode 100644
index 0000000..ad1c458
--- /dev/null
+++ b/CVE-2021-47485
@@ -0,0 +1,6 @@
+The Linux kernel is vulnerable to a buffer overflow attack in the `struct qib_user_sdma_pkt` fields, which can be triggered by overflowing either `addrlimit` or `bytes_togo`. This vulnerability allows userspace to trigger a buffer overflow of kernel memory. The issue was introduced in version 2.6.35 with commit f931551bafe1 and has been fixed in various versions, including 4.4.292, 4.9.290, 4.14.255, 4.19.216, 5.4.157, 5.10.77, 5.14.16, and 5.15.
+
+The vulnerability is located in the `drivers/infiniband/hw/qib/qib_user_sdma.c` file. The fix involves checking for overflows in all places where math is performed on user-controlled buffers. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested alone and cherry-picking individual commits is not recommended or supported.
+
+The vulnerability has been assigned CVE-2021-47485, and more information can be found at https://cve.org/CVERecord/?id=CVE-2021-47485. The individual changes to resolve this issue can be found in the commits listed in the mitigation section.
+

CVE-2021-47486

diff --git a/CVE-2021-47486 b/CVE-2021-47486
new file mode 100644
index 0000000..2b3cfaa
--- /dev/null
+++ b/CVE-2021-47486
@@ -0,0 +1,6 @@
+The vulnerability in question is a potential NULL dereference in the `bpf_jit_binary_free()` function, specifically when the RISC-V BPF JIT (Just-In-Time) compiler fails to converge within a certain number of iterations (`NR_JIT_ITERATIONS`). In this scenario, the `jit_data->header` pointer becomes NULL, leading to a NULL dereference when `bpf_jit_binary_free()` is called.
+
+The root cause of this issue lies in the lack of proper error handling and input validation in the `bpf_jit_binary_free()` function. The function expects a non-NULL argument, but when the RISC-V BPF JIT fails to converge, it does not properly set up the `jit_data` structure, resulting in a NULL `header` pointer.
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version, which includes the fixes for this issue. If updating is not possible, individual changes can be cherry-picked from the specified commits, but this approach is not recommended or supported by the Linux kernel community.
+

CVE-2021-47488

diff --git a/CVE-2021-47488 b/CVE-2021-47488
new file mode 100644
index 0000000..d56e2b1
--- /dev/null
+++ b/CVE-2021-47488
@@ -0,0 +1,10 @@
+The CVE-2021-47488 vulnerability is a memory leak in the Linux kernel's cgroup (control group) subsystem, which occurs when the `CONFIG_CGROUP_BPF` configuration option is enabled. The issue arises because the `cgroup_bpf_inherit` function allocates memory for the `root_cgrp->bpf.refcnt.data` structure, but this memory is not freed when the cgroup is unmounted.
+
+The problem stems from a change introduced in kernel version 5.3, commit `4bfc0bb2c60e`, which decoupled the lifetime of `cgroup_bpf` from the cgroup itself. However, this change did not include the necessary cleanup code to free the allocated resources when the cgroup is unmounted.
+
+The memory leak can be observed by running the commands `mount -t cgroup -o none,name=foo cgroup /` and then `umount cgroup/`. This will cause a kmemleak error, indicating that the unreferenced object at address `0xc3585c40` has been detected.
+
+The fix for this issue involves adding a new function called `cgroup_bpf_offline`, which calls `percpu_ref_kill` to free the allocated resources. This function is called from `cgroup_kill_sb`, ensuring that the memory is properly released when the cgroup is unmounted.
+
+The affected kernel versions are 5.3, 5.10.77, 5.14.16, and 5.15. The issue has been fixed in these versions with commits `01599bf7cc2b`, `b529f88d9388`, and `04f8ef5643bc`, respectively.
+

CVE-2021-47489

diff --git a/CVE-2021-47489 b/CVE-2021-47489
new file mode 100644
index 0000000..64ed601
--- /dev/null
+++ b/CVE-2021-47489
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47489, is a fix for out-of-bounds writes in the `amdgpu_dm_debugfs.c` file of the Linux kernel's AMD GPU driver. Specifically, it addresses issues where debugfs write operations can access memory regions beyond their intended bounds, leading to potential security risks.
+
+The problem was initially addressed by commit f23750b5b3d98653b31d4469592935ef6364ad67, which fixed one instance of the issue. However, further review revealed that `amdgpu_dm_debugfs.c` contained additional instances of the same problem. This patch resolves those remaining issues.
+
+The vulnerability was introduced in Linux kernel version 5.10 with commit 918698d5c2b5 and has been fixed in versions 5.14.16 (commit 9eb4bdd554fc) and 5.15 (commit 3f4e54bd312d). The affected file is `drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c`. To mitigate this issue, it is recommended to update to the latest stable kernel version. If updating is not possible, individual commits resolving this issue can be cherry-picked from the Linux kernel Git repository.
+

CVE-2021-47490

diff --git a/CVE-2021-47490 b/CVE-2021-47490
new file mode 100644
index 0000000..fd02929
--- /dev/null
+++ b/CVE-2021-47490
@@ -0,0 +1,8 @@
+The CVE-2021-47490 vulnerability is a memory leak issue in the `ttm_transfered_destroy` function of the Direct Rendering Manager (DRM) and Translation Table Maps (TTM) subsystem in the Linux kernel. Specifically, the vulnerability arises from the failure to clean up fences for ghost objects during the destruction of transferred buffer objects.
+
+In TTM, buffer objects can be transferred between different GPU domains, and each transfer creates a fence that tracks the completion of the transfer operation. When a buffer object is destroyed, its associated fences must be cleaned up to prevent memory leaks. However, in the case of ghost objects (i.e., buffer objects that have been transferred but not yet completed), their fences were not being properly cleaned up during destruction.
+
+The vulnerability affects various kernel versions, including 5.4.x, 5.10.x, and 5.14.x, and has been fixed in subsequent releases through a series of commits (bd99782f3ca4, 960b1fdfc39a, c21b4002214c, bbc920fb320f, 132a3d998d67, and 0db55f9a1baf). The affected file is `drivers/gpu/drm/ttm/ttm_bo_util.c`.
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version. Cherry-picking individual commits is not recommended or supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual changes to resolve this issue can be found in the specified commit links.
+

CVE-2021-47491

diff --git a/CVE-2021-47491 b/CVE-2021-47491
new file mode 100644
index 0000000..e3bedf5
--- /dev/null
+++ b/CVE-2021-47491
@@ -0,0 +1,6 @@
+The Linux kernel's Transparent Huge Pages (THP) feature, specifically the khugepaged daemon, has a vulnerability that allows collapsing THPs for special files. This occurs when a file is opened read-only and mapped with VM_EXEC permission. While intended to avoid TLB misses for large text segments, it doesn't restrict file types, allowing THP collapse for non-regular files like block devices. This can cause bugs, such as those referenced in the CVE description.
+
+The issue arises because khugepaged collapses THPs without checking if the underlying file is a regular file. To fix this, the kernel now checks if the file is a regular file before collapsing the THP. This change restricts THP collapse to only occur for regular files, closing the attack surface.
+
+The vulnerability was introduced in kernel version 5.4 with commit 99cb0dbd47a1 and has been fixed in various versions, including 5.10.78 with commit 6d67b2a73b8e, 5.14.16 with commit 5fcb6fce74ff, and 5.15 with commit a4aeaa06d45e. The affected file is mm/khugepaged.c.
+

CVE-2021-47492

diff --git a/CVE-2021-47492 b/CVE-2021-47492
new file mode 100644
index 0000000..c46cfd3
--- /dev/null
+++ b/CVE-2021-47492
@@ -0,0 +1,8 @@
+The Linux kernel is vulnerable to a bug in the `collapse_file` function, specifically when dealing with writeback pages on XFS file systems with block sizes equal to or larger than the page size. The issue arises because `collapse_file` relies on `page_has_private` and `try_to_release_page` to filter out writeback pages, but this approach fails for XFS file systems with large block sizes since they do not set `page->private`.
+
+As a result, `collapse_file` bails out early when encountering a writeback page, leading to a kernel panic. The panic occurs because the `end_page_writeback` function will attempt to access an invalid page, causing a VM_BUG_ON_PAGE error.
+
+The vulnerability was introduced in Linux kernel version 5.4 with commit 99cb0dbd47a1 and has been fixed in versions 5.10.77, 5.14.16, and 5.15 with commits 69a7fa5cb0de, 5e669d8ab30a, and 74c42e1baacf, respectively.
+
+The affected file is `mm/khugepaged.c`, and the Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. If updating is not possible, individual patches can be applied from the referenced commits.
+

CVE-2021-47493

diff --git a/CVE-2021-47493 b/CVE-2021-47493
new file mode 100644
index 0000000..ec7de6f
--- /dev/null
+++ b/CVE-2021-47493
@@ -0,0 +1,10 @@
+The vulnerability occurs in the OCFS2 file system, specifically in the `ocfs2_test_bg_bit_allocatable()` function and `jbd2_journal_put_journal_head()` function. A race condition exists between these two functions, which can lead to a kernel panic.
+
+When `ocfs2_test_bg_bit_allocatable()` calls `bh2jh(bg_bh)`, it expects the `bg_bh->b_private` field to be non-NULL. However, if `jbd2_journal_put_journal_head()` is called concurrently, it may release the journal head from the buffer head, causing `bg_bh->b_private` to become NULL. This can result in a kernel panic.
+
+To fix this race condition, a bit lock needs to be taken for the 'BH_JournalHead' bit. This ensures that the journal head is not released from the buffer head while it is being used by `ocfs2_test_bg_bit_allocatable()`.
+
+The affected file is `fs/ocfs2/suballoc.c`. The vulnerability has been fixed in kernel versions 5.10.77, 5.14.16, and 5.15 with commits 5043fbd294f5, 2e382600e885, and 6f1b228529ae, respectively.
+
+It is recommended to update to the latest stable kernel version to resolve this issue. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47494

diff --git a/CVE-2021-47494 b/CVE-2021-47494
new file mode 100644
index 0000000..fe13f7c
--- /dev/null
+++ b/CVE-2021-47494
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47494, affects the cfg80211 module in the Linux kernel. Specifically, it relates to the management registrations locking mechanism. The issue arises because the list of management registrations is locked for each wireless device (wdev), but the `cfg80211_mgmt_registrations_update()` function iterates over this list without holding all the necessary spinlocks. This can cause list corruption.
+
+To fix this issue, instead of trying to implement fine-grained locking, the lock was moved to the wiphy/rdev level. Since the wdev lock is already held when updating the management registrations, there is no contention on the lock in any case. This simplifies the locking mechanism and trivially fixes the bug.
+
+The vulnerability was introduced in kernel version 5.8 with commit 6cd536fe62ef and has been fixed in various kernel versions, including 5.10.77 with commit 4c22227e39c7, 5.14.16 with commit 3c897f39b71f, and 5.15 with commit 09b1d5dc6ce1.
+

CVE-2021-47495

diff --git a/CVE-2021-47495 b/CVE-2021-47495
new file mode 100644
index 0000000..88fba37
--- /dev/null
+++ b/CVE-2021-47495
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47495, is related to a sanity check for the `maxpacket` value in the `usbnet` driver of the Linux kernel. Specifically, if `maxpacket` is set to 0, it can cause a division by zero error, leading to an Oops (a kernel panic). This occurs because the kernel needs to divide by `maxpacket`, which makes no sense when its value is 0.
+
+The issue has been fixed in various kernel versions, including 4.4.291, 4.9.289, 4.14.254, 4.19.215, 5.4.157, 5.10.77, 5.14.16, and 5.15, through commits that add a sanity check for `maxpacket` to prevent the division by zero error.
+
+The affected file is `drivers/net/usb/usbnet.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as well as other bugfixes. Individual changes are not recommended or supported by the Linux kernel community, but if updating is impossible, the individual commits can be found at the provided URLs.
+

CVE-2021-47496

diff --git a/CVE-2021-47496 b/CVE-2021-47496
new file mode 100644
index 0000000..f88a219
--- /dev/null
+++ b/CVE-2021-47496
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47496, affects the Linux kernel's TLS implementation. The issue arises from a convention mismatch between `sk->sk_err` and `ktls`, where `sk->sk_err` expects a positive value, but `ktls` doesn't always follow this convention. This leads to memory corruption in other code.
+
+The problem is specifically in the `tls_err_abort()` function, which passes a negative error code to `sk->sk_err`. However, in some cases, this negative error code is flipped to a positive value, causing issues downstream. For example, in the `splice_from_pipe_feed` function, a positive `ret` value is interpreted as bytes written, leading to underflow and bogus address computations.
+
+To fix this issue, all callers of `tls_err_abort()` have been updated to pass a negative error code consistently. Additionally, a warning has been added to catch future misuse, and the function has been uninlined to ensure it only warns once.
+
+The vulnerability was introduced in kernel version 4.17 and fixed in versions 5.4.157, 5.10.77, 5.14.16, and 5.15. The affected files are `include/net/tls.h` and `net/tls/tls_sw.c`.
+

CVE-2021-47497

diff --git a/CVE-2021-47497 b/CVE-2021-47497
new file mode 100644
index 0000000..cf7abb3
--- /dev/null
+++ b/CVE-2021-47497
@@ -0,0 +1,6 @@
+The CVE-2021-47497 vulnerability affects the Linux kernel's nvmem (Non-Volatile Memory) subsystem. Specifically, it involves a shift-out-of-bounds error in the `__nvmem_cell_read` function within `drivers/nvmem/core.c`. This occurs when a cell has an `nbits` value that is a multiple of `BITS_PER_BYTE`, causing the logic `*p &= GENMASK((cell->nbits % BITS_PER_BYTE) - 1, 0);` to become undefined behavior. The subtraction of one from the result of `nbits modulo BITS_PER_BYTE` leads to a large number being shifted more than the number of bits that fit into an unsigned long, triggering a UBSAN (Undefined Behavior Sanitizer) error.
+
+The issue was introduced in Linux kernel version 4.3 and has been fixed in various subsequent versions, including 4.4.290, 4.9.288, 4.14.252, 4.19.213, 5.4.155, 5.10.75, 5.14.14, and 5.15.
+
+To mitigate this vulnerability, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be applied from the specified commits.
+

CVE-2021-47498

diff --git a/CVE-2021-47498 b/CVE-2021-47498
new file mode 100644
index 0000000..f46ccff
--- /dev/null
+++ b/CVE-2021-47498
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47498, affects the Device Mapper (DM) component in the Linux kernel. Specifically, it involves the interaction between DM and the blk-mq (block multi-queue) subsystem.
+
+During a DM suspend operation, the blk-mq quiesce/unquiesce mechanism is used to stop/start the device mapper queue. However, the unquiesce operation can be triggered by external events, such as elevator switches or updates to nr_requests. If this happens during a suspend operation, requests may be queued, leading to potential kernel panic issues.
+
+The fix involves modifying the dm-rq.c file in the drivers/md directory to prevent queuing requests to blk-mq during DM suspend operations. Instead, the blk-mq is asked to requeue the request. This change resolves a specific kernel panic issue that occurs when running stress tests involving updating nr_requests and DM mpath suspend/resume.
+
+The vulnerability has been fixed in Linux kernel versions 5.14.14 (commit 8ca9745efe35) and 5.15 (commit b4459b11e840). Users are advised to update to the latest stable kernel version to resolve this issue, as individual changes are not recommended or supported by the Linux kernel community.
+

CVE-2021-47499

diff --git a/CVE-2021-47499 b/CVE-2021-47499
new file mode 100644
index 0000000..a22f45f
--- /dev/null
+++ b/CVE-2021-47499
@@ -0,0 +1,7 @@
+
+The Linux kernel has a memory leak vulnerability in the `kxcjk-1013` driver, which affects systems with an ACPI type of `ACPI_SMO8500`. The issue occurs when the `data->dready_trig` condition is not met, causing the memory allocated by `iio_triggered_buffer_setup()` to remain unfreed. This leads to a memory leak, as demonstrated by the provided hex dump and backtrace.
+
+The vulnerability was introduced in Linux kernel version 4.2 with commit `a25691c1f967` and has been fixed in various versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, 5.15.8, and 5.16.
+
+The affected file is `drivers/iio/accel/kxcjk-1013.c`. The recommended mitigation is to update to the latest stable kernel version, as individual changes are not tested or supported by the Linux kernel community. However, if updating is impossible, the individual fixes can be found in the provided Git commits.
+

CVE-2021-47500

diff --git a/CVE-2021-47500 b/CVE-2021-47500
new file mode 100644
index 0000000..7f7d8d4
--- /dev/null
+++ b/CVE-2021-47500
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47500 is a use-after-free issue in the Linux kernel's mma8452 driver, which affects various versions of the kernel. The driver directly assigns a trigger to the struct iio_dev without properly incrementing its reference count using `iio_trigger_get()`. When the IIO core is done using this trigger, it calls `iio_trigger_put()` to decrement the reference count by 1, which can lead to the reference count reaching 0 too early. As a result, the trigger gets freed while still in use, causing a use-after-free error.
+
+The fix involves getting a reference to the trigger before assigning it to the IIO device using `iio_trigger_get()`. This ensures that the reference count is properly incremented and decremented, preventing the trigger from being freed prematurely.
+
+The vulnerability was introduced in kernel version 4.2 with commit ae6d9ce05691 and has been fixed in various subsequent versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8. The affected file is `drivers/iio/accel/mma8452.c`.
+

CVE-2021-47501

diff --git a/CVE-2021-47501 b/CVE-2021-47501
new file mode 100644
index 0000000..d65e864
--- /dev/null
+++ b/CVE-2021-47501
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47501, is a NULL pointer dereference in the `i40e_dbg_dump_desc` function in the Linux kernel's `i40e` driver. This occurs when attempting to dump VFs VSI RX/TX descriptors using debugfs, causing a crash.
+
+The issue arises because the `i40e_dbg_dump_desc` function does not properly check if the VSI type is correct for dumping RX/TX descriptors, leading to a NULL pointer dereference. To fix this, a check was added to ensure that the VSI type is correct before attempting to dump the descriptors.
+
+This vulnerability was introduced in kernel version 3.12 with commit `02e9c290814c` and has been fixed in kernel versions 5.10.85 with commit `e5b7fb2198ab`, 5.15.8 with commit `16431e442db2`, and 5.16 with commit `23ec111bf354`. The affected file is `drivers/net/ethernet/intel/i40e/i40e_debugfs.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version.
+

CVE-2021-47502

diff --git a/CVE-2021-47502 b/CVE-2021-47502
new file mode 100644
index 0000000..8d3636e
--- /dev/null
+++ b/CVE-2021-47502
@@ -0,0 +1,6 @@
+The vulnerability, identified as CVE-2021-47502, affects the Advanced Linux Sound Architecture (ALSA) framework in the Linux kernel. Specifically, it concerns the WCD934x codec driver, which is responsible for managing audio channels.
+
+The issue arises when adding channels to a DAI (Digital Audio Interface) channel list. Previously, each channel was added as a separate list item, but this approach posed a risk of duplicating channels across multiple lists, leading to corruption and unintended behavior. The patch introduced ensures that a channel is free before being added to the list and verifies its presence on the list before deletion.
+
+This vulnerability was introduced in kernel version 5.6 with commit `a70d9245759a` and has been fixed in versions 5.10.85, 5.15.8, and 5.16 with commits `1089dac26c6b`, `339ffb5b5600`, and `23ba28616d30`, respectively. The affected file is `sound/soc/codecs/wcd934x.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version, as individual changes are not tested in isolation and cherry-picking commits is not supported by the community.
+

CVE-2021-47503

diff --git a/CVE-2021-47503 b/CVE-2021-47503
new file mode 100644
index 0000000..7919dda
--- /dev/null
+++ b/CVE-2021-47503
@@ -0,0 +1,10 @@
+The Linux kernel is vulnerable to a NULL pointer dereference crash in the SCSI pm80xx driver. This occurs when `scsi_remove_host()` is called before `scsi_add_host()`, resulting in a kernel crash.
+
+The issue arises in the `pm8001_alloc()` function, which calls `scsi_remove_host()` without first calling `scsi_add_host()`. This causes a NULL pointer dereference in the `device_del()` function, leading to a kernel crash. The call tree for this issue is:
+
+`pm8001_pci_probe()` -> `pm8001_pci_alloc()` -> `pm8001_alloc()` -> `scsi_remove_host()` -> `device_unregister()` -> `device_del()`
+
+This vulnerability was introduced in Linux kernel version 5.10 with commit 05c6c029a44d and has been fixed in versions 5.10.85, 5.15.8, and 5.16 with commits 1e434d2687e8, f8dccc1bdea7, and 653926205741, respectively.
+
+The affected file is `drivers/scsi/pm8001/pm8001_init.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47504

diff --git a/CVE-2021-47504 b/CVE-2021-47504
new file mode 100644
index 0000000..10dd908
--- /dev/null
+++ b/CVE-2021-47504
@@ -0,0 +1,6 @@
+The CVE-2021-47504 vulnerability affects the Linux kernel's io_uring subsystem, specifically in the `io_uring_cancel_generic()` function. When a work item is canceled, it may need to be processed through task_work, but if this processing is not done, the system can enter an uninterruptible sleep state, leading to a warning and lack of forward progress.
+
+The issue arises because when a work item is successfully canceled, the kernel may not ensure that the associated task_work is run as part of the cancelation. This can cause the system to sleep uninterruptibly in `io_uring_cancel_generic()`, preventing the processing of the task_work and leading to the aforementioned warning and lack of forward progress.
+
+The vulnerability has been fixed in Linux kernel versions 5.15.8 and 5.16, with commits 8e12976c0c19 and 78a780602075, respectively. The fix ensures that task_work is properly run as part of cancelations, preventing the uninterruptible sleep state and warning. The affected file is `fs/io_uring.c`.
+

CVE-2021-47505

diff --git a/CVE-2021-47505 b/CVE-2021-47505
new file mode 100644
index 0000000..4c020c3
--- /dev/null
+++ b/CVE-2021-47505
@@ -0,0 +1,8 @@
+The Linux kernel vulnerability CVE-2021-47505 is a use-after-free issue that occurs due to missing POLLFREE handling in the aio (asynchronous I/O) poll implementation. Specifically, when a signalfd or binder fd is polled with aio poll and the waitqueue gets freed, the aio poll does not handle the POLLFREE notification, leading to a use-after-free scenario.
+
+The problem arises because aio poll was added in kernel v4.18 without implementing POLLFREE handling, unlike eventpoll which handles POLLFREE correctly. A previous patch attempted to fix this issue but introduced a deadlock and missed POLLFREE notifications while the request was temporarily de-queued.
+
+The correct fix involves handling POLLFREE in a deadlock-free way by taking advantage of the fact that freeing of the waitqueue is RCU-delayed, similar to what eventpoll does. This fix is implemented in commits 321fba81ec03, 4105e6a128e8, 47ffefd88abf, 60d311f9e638, and 50252e4b5e98 for kernel versions 4.19.221, 5.4.165, 5.10.85, 5.15.8, and 5.16 respectively.
+
+The affected files are fs/aio.c and include/uapi/asm-generic/poll.h. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, and individual changes should not be cherry-picked as they are never tested alone but rather part of a larger kernel release.
+

CVE-2021-47506

diff --git a/CVE-2021-47506 b/CVE-2021-47506
new file mode 100644
index 0000000..b18a0fa
--- /dev/null
+++ b/CVE-2021-47506
@@ -0,0 +1,6 @@
+The vulnerability, tracked as CVE-2021-47506, is a use-after-free issue in the Linux kernel's NFS daemon (nfsd) due to a delegation race. The problem occurs when a delegation break arrives after vfs_setlease has been called, triggering a callback that immediately adds the delegation to del_recall_lru. If the delegation is not hashed before exiting nfs4_set_delegation, it will be freed as soon as the callback is done with it, without being removed from del_recall_lru.
+
+This can lead to symptoms such as use-after-free or list corruption warnings, typically observed in the laundromat thread. The issue may have been present since the beginning of NFS delegation support, but was likely made easier to trigger by a commit introducing read delegations to clients holding writes (aba2072f4523).
+
+The vulnerability has been fixed in various kernel versions, including 4.4.296, 4.9.294, 4.14.259, 4.19.222, 5.4.168, 5.10.85, 5.15.8, and 5.16. The affected file is fs/nfsd/nfs4state.c. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, rather than cherry-picking individual commits.
+

CVE-2021-47507

diff --git a/CVE-2021-47507 b/CVE-2021-47507
new file mode 100644
index 0000000..93bb81a
--- /dev/null
+++ b/CVE-2021-47507
@@ -0,0 +1,8 @@
+The vulnerability, identified as CVE-2021-47507, is a startup race condition in the Linux kernel's NFS daemon (nfsd). Specifically, it affects the registration of per-net operations and the rpc_pipefs_event() function. This issue was reintroduced by commit bd5ae9288d64, which changed the order of register_pernet_subsys() and register_cld_notifier(). 
+
+The race condition can lead to a NULL pointer dereference at virtual address 0000000000000012, causing a kernel crash. The crash occurs when the rpc_pipefs_event() function is called before the nfsd_net_id registration is complete.
+
+The issue was fixed by restoring the original order of register_pernet_subsys() and register_cld_notifier(), and adding a WARN_ON() to prevent future regressions. The fixes were introduced in kernel versions 5.4.165, 5.10.85, 5.15.8, and 5.16.
+
+The affected files are fs/nfsd/nfs4recover.c and fs/nfsd/nfsctl.c. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. Individual changes should not be cherry-picked, as they are part of a larger kernel release.
+

CVE-2021-47508

diff --git a/CVE-2021-47508 b/CVE-2021-47508
new file mode 100644
index 0000000..e1568c5
--- /dev/null
+++ b/CVE-2021-47508
@@ -0,0 +1,9 @@
+
+The Linux kernel has a vulnerability in the Btrfs file system, specifically in the `btrfs_qgroup_reserve_data()` and `btrfs_delalloc_reserve_metadata()` functions. When these functions fail, they do not free the allocated `extent_changeset`, leading to a memory leak.
+
+This issue was identified through kmemleak reports, which showed an unreferenced object of size 64 bytes. The backtrace revealed that the allocation occurred in the `ulist_add_merge()` function, and the failure to free the `extent_changeset` happened in `btrfs_check_data_free_space()` and `btrfs_delalloc_reserve_space()`.
+
+The vulnerability only affects the direct IO write path, specifically after a specific commit (65b3c08606e5), and also at `defrag_one_locked_target()`. Other places in the code always call `extent_changeset_free()` even if the calls to `btrfs_delalloc_reserve_space()` or `btrfs_check_data_free_space()` fail.
+
+The issue has been fixed in kernel versions 5.15.8 (commit ca06c5cb1b6d) and 5.16 (commit da5e817d9d75). The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported alone.
+

CVE-2021-47509

diff --git a/CVE-2021-47509 b/CVE-2021-47509
new file mode 100644
index 0000000..14fa94c
--- /dev/null
+++ b/CVE-2021-47509
@@ -0,0 +1,8 @@
+The vulnerability resides in the ALSA (Advanced Linux Sound Architecture) PCM (Pulse Code Modulation) OSS (Open Sound System) component of the Linux kernel. Specifically, it affects the `pcm_oss.c` file.
+
+The issue arises from the lack of a practical limit on the period size (fragment shift in OSS), which could lead to memory exhaustion. When allocating temporary buffers for audio playback, the kernel would use a period size that is too large, causing memory allocation failures. To mitigate this, the patch sets a hard limit of 16MB on the period size, covering all possible use cases.
+
+The vulnerability has been fixed in various Linux kernel versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8. The fixes are available as separate commits on the Linux kernel Git repository.
+
+To mitigate this vulnerability, users are recommended to update to the latest stable kernel version. Cherry-picking individual commits is not supported by the Linux kernel community. If updating is impossible, the individual changes can be applied manually from the provided commit links.
+

CVE-2021-47510

diff --git a/CVE-2021-47510 b/CVE-2021-47510
new file mode 100644
index 0000000..b012118
--- /dev/null
+++ b/CVE-2021-47510
@@ -0,0 +1,8 @@
+The vulnerability, identified as CVE-2021-47510, occurs in the Linux kernel's Btrfs file system. It affects versions 5.12 to 5.15.7 and 5.16 (before commit 84c254489299). The issue arises when a transaction is aborted with an `-EAGAIN` error while writing out freeing tree nodes of a tree-log tree, leading to a write hole.
+
+The root cause of the problem is that, for zoned Btrfs devices, a freed tree node needs to be re-dirtied to ensure that Btrfs can write the region and avoid leaving a hole. However, the current code fails to re-dirty a node when the tree-log tree's depth is greater than or equal to 2. This failure leads to a transaction abort with `-EAGAIN`.
+
+The fix involves properly re-dirtying a node on walking up the tree. The affected file is `fs/btrfs/tree-log.c`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from commits 477675049ca8 and 84c254489299.
+
+In technical terms, the vulnerability occurs during the cleanup of a transaction, specifically in the `cleanup_transaction` function (line 1946). The error happens when writing out freeing tree nodes of a tree-log tree, which can lead to a write hole. The fix involves re-dirtying the node properly by walking up the tree, ensuring that Btrfs can write the region without leaving a hole on zoned devices.
+

CVE-2021-47511

diff --git a/CVE-2021-47511 b/CVE-2021-47511
new file mode 100644
index 0000000..fd163e5
--- /dev/null
+++ b/CVE-2021-47511
@@ -0,0 +1,6 @@
+The vulnerability occurs in the ALSA (Advanced Linux Sound Architecture) pcm (pulse code modulation) oss (Open Sound System) layer, specifically in the period size calculation. The issue arises when a negative value is received as an error, but the code assumes only positive values and handles them with `size_t`. As a result, a very large value may be passed to the lower layers.
+
+The problem is that `size_t` is an unsigned type, which means it cannot represent negative numbers. When a negative value is assigned to a `size_t` variable, it will wrap around to a very large positive value due to two's complement arithmetic. This can cause unexpected behavior and potential security issues.
+
+The fix involves changing the code to use `ssize_t` instead of `size_t`, which is a signed type that can represent negative numbers. Additionally, proper error checks are added to handle invalid values correctly. The patches fixing this issue have been applied to various kernel versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8.
+

CVE-2021-47512

diff --git a/CVE-2021-47512 b/CVE-2021-47512
new file mode 100644
index 0000000..b0dc97e
--- /dev/null
+++ b/CVE-2021-47512
@@ -0,0 +1,10 @@
+The vulnerability, tracked as CVE-2021-47512, is related to the `fq_pie` queue discipline in the Linux kernel's networking subsystem. Specifically, the `fq_pie_destroy()` function did not properly copy code from other queue disciplines, leading to an elusive bug.
+
+The issue arises when `del_timer_sync(&q->adapt_timer)` is called without ensuring that the timer will not rearm itself. This can cause a dismantle issue in the `fq_pie` queue discipline.
+
+The vulnerability was introduced in kernel version 5.6 with commit ec97ecf1ebe4 and has been fixed in versions 5.10.85, 5.15.8, and 5.16 with commits 2a51edaf5cc5, d86216dfda7c, and 61c2402665f1, respectively.
+
+The affected file is `net/sched/sch_fq_pie.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the provided commit links. However, it's essential to note that individual changes are never tested alone and should not be applied without thorough testing as part of a larger kernel release.
+
+The vulnerability was detected in a debugging scenario where a `pie_calculate_probability()` function call led to a timer expiration, which ultimately caused a dismantle issue in the `fq_pie` queue discipline. The provided crash dump shows the call stack leading up to the issue, including functions like `fq_pie_timer()`, `call_timer_fn()`, and `expire_timers()`.
+

CVE-2021-47513

diff --git a/CVE-2021-47513 b/CVE-2021-47513
new file mode 100644
index 0000000..70117eb
--- /dev/null
+++ b/CVE-2021-47513
@@ -0,0 +1,8 @@
+The CVE-2021-47513 vulnerability affects the Linux kernel's `felix_setup_mmio_filtering` function in the `drivers/net/dsa/ocelot/felix.c` file. This function is responsible for setting up MMIO filtering on the Felix DSA (Distributed Switch Architecture) switch chip.
+
+The issue arises when there is no CPU port defined, which causes a memory leak. Specifically, if the `felix_setup_mmio_filtering` function fails to find a CPU port, it does not release the allocated memory, leading to a resource leak. This can cause the system to slowly run out of memory over time.
+
+The vulnerability was introduced in Linux kernel version 5.15 with commit `8d5f7954b7c8`, and was fixed in versions 5.15.8 with commit `973a0373e88c` and 5.16 with commit `e8b1d7698038`. The fix involves properly releasing the allocated memory when a CPU port is not found, preventing the resource leak.
+
+To mitigate this issue, users are recommended to update to the latest stable kernel version, which includes many other bugfixes in addition to this one. Cherry-picking individual commits is not supported by the Linux kernel community, but the individual changes can be found at the specified commit links if updating to the latest release is impossible.
+

CVE-2021-47514

diff --git a/CVE-2021-47514 b/CVE-2021-47514
new file mode 100644
index 0000000..7640071
--- /dev/null
+++ b/CVE-2021-47514
@@ -0,0 +1,6 @@
+The vulnerability, CVE-2021-47514, is a refcount leak in the `devlink_nl_cmd_reload()` function of the Linux kernel. Specifically, some error paths in this function forgot to release a reference count on a network namespace (netns). This leak can lead to a denial-of-service attack or other security issues.
+
+The issue was introduced in kernel version 5.10 with commit ccdf07219da6 and has been fixed in versions 5.10.85, 5.15.8, and 5.16 with commits 4b7e90672af8, fe30b70ca84d, and 4dbb0dad8e63, respectively. The affected file is `net/core/devlink.c`.
+
+To fix this issue, the scope of `get_net()` and `put_net()` calls around `devlink_reload()` has been reduced to ensure that the netns reference count is properly released in all error paths. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported alone.
+

CVE-2021-47515

diff --git a/CVE-2021-47515 b/CVE-2021-47515
new file mode 100644
index 0000000..70d62dc
--- /dev/null
+++ b/CVE-2021-47515
@@ -0,0 +1,8 @@
+The CVE-2021-47515 vulnerability is related to the seg6 (Segment Routing Header) implementation in the Linux kernel. Specifically, when an IPv4 packet is received and encapsulated in an outer IPv6+SRH header, the receiving interface index information is lost due to a memset operation that clears the IPv6 socket control block.
+
+The issue occurs because the IPv6 socket control block and the IPv4 socket control block share the same memory area (skb->cb). When the seg6_do_srh_encap function performs the encapsulation, it clears the IPv6 socket control block using memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));. This operation sets IP6CB(skb)->iif to zero, losing the receiving interface index information.
+
+This vulnerability can lead to a NULL pointer dereference if certain conditions are met, such as when commit 0857d6f8c759 ("ipv6: When forwarding count rx stats on the orig netdev") is applied. To fix this issue, the IP6CB(skb)->iif needs to be set with the index of the receiving interface once again.
+
+The affected files include net/ipv6/seg6_iptunnel.c, and the vulnerability was introduced in various kernel versions (4.14.98, 4.19.20, 5.0, etc.) due to commit ef489749aae5 ("ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation"). The issue has been fixed in subsequent kernel versions (4.14.258, 4.19.221, 5.4.165, etc.).
+

CVE-2021-47516

diff --git a/CVE-2021-47516 b/CVE-2021-47516
new file mode 100644
index 0000000..9e4f9d4
--- /dev/null
+++ b/CVE-2021-47516
@@ -0,0 +1,8 @@
+The CVE-2021-47516 vulnerability is a memory leak issue in the Linux kernel's nfp_cpp_area_cache_add() function. Specifically, when the cache allocation fails, the allocated CPP area structure is not freed, resulting in a memory leak.
+
+The issue occurs in the `nfp_cppcore.c` file within the `drivers/net/ethernet/netronome/nfp/nfpcore` directory. The vulnerability was introduced in kernel version 4.11 with commit 4cb584e0ee7d and has been fixed in various kernel versions, including 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8.
+
+The fix involves freeing the CPP area structure when the cache allocation fails, which is done by adding a `kfree(area)` call in the error handling path of the function.
+
+To mitigate this issue, it is recommended to update to the latest stable kernel version. However, if updating is not possible, individual changes can be cherry-picked from the provided commit hashes.
+

CVE-2021-47517

diff --git a/CVE-2021-47517 b/CVE-2021-47517
new file mode 100644
index 0000000..be1033b
--- /dev/null
+++ b/CVE-2021-47517
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47517, occurs in the Linux kernel's ethtool module. During a short period when a network device is being unregistered, ethtool operations can still be performed on it, leading to unwanted or undefined behavior. This can cause issues such as use-after-free (UAF) errors and null pointer exceptions.
+
+The vulnerability arises because there is a window of time between when a net device starts to be unregistered and when it is actually gone. During this period, ethtool operations could still be performed, which might end up in unwanted or undefined behaviors. For example, adding Tx queues after unregistering a device can result in UAF errors and null pointer exceptions.
+
+The patch fixes the issue by not allowing ethtool operations after a net device starts its unregistration. This is achieved by taking a reference to the net device and executing the operation within an rtnl lock section, ensuring that the net device won't be found after unregistering.
+
+The vulnerability was introduced in kernel version 5.6 with commit 041b1c5d4a53 and fixed in versions 5.10.87, 5.15.8, and 5.16 with commits 7c26da3be1e9, cfd719f04267, and dde91ccfa25f, respectively. The affected file is net/ethtool/netlink.c.
+

CVE-2021-47518

diff --git a/CVE-2021-47518 b/CVE-2021-47518
new file mode 100644
index 0000000..5db1a4c
--- /dev/null
+++ b/CVE-2021-47518
@@ -0,0 +1,8 @@
+The vulnerability, tracked as CVE-2021-47518, is a potential NULL pointer dereference in the `nfc_genl_dump_ses_done()` function. This function is a done() netlink callback that is responsible for handling the completion of an NFC (Near Field Communication) session dump operation.
+
+The issue arises because the `dumpit()` function, which calls `nfc_genl_dump_ses_done()`, does not guarantee that the argument passed to `nfc_genl_dump_ses_done()` will be non-NULL. If the allocation of this argument fails earlier in `dumpit()`, it may result in a NULL pointer being passed to `nfc_genl_dump_ses_done()`. This can lead to a NULL pointer dereference when `nfc_genl_dump_ses_done()` attempts to access or manipulate the pointer.
+
+The vulnerability was introduced in Linux kernel version 3.12 with commit ac22ac466a65 and has been fixed in various subsequent kernel versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, 5.15.8, and 5.16.
+
+The affected file is `net/nfc/netlink.c`, which contains the vulnerable code. The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes.
+

CVE-2021-47519

diff --git a/CVE-2021-47519 b/CVE-2021-47519
new file mode 100644
index 0000000..9872c47
--- /dev/null
+++ b/CVE-2021-47519
@@ -0,0 +1,6 @@
+The vulnerability CVE-2021-47519 is a memory leak in the Linux kernel's m_can_read_fifo function, which is part of the Microchip CAN (m_can) driver. The issue arises when the second call to m_can_fifo_read fails, causing the function to jump to the out_fail label and return without calling m_can_receive_skb. This results in the skb (socket buffer) allocated by alloc_can_skb not being freed, leading to a memory leak.
+
+The patch adds a goto label to destroy the skb if an error occurs, effectively fixing the memory leak. The issue was introduced in kernel version 5.15 with commit e39381770ec9 and was fixed in versions 5.15.8 with commit 75a422165477 and 5.16 with commit 31cb32a590d6.
+
+The affected file is drivers/net/can/m_can/m_can.c, and the recommended mitigation is to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits.
+

CVE-2021-47520

diff --git a/CVE-2021-47520 b/CVE-2021-47520
new file mode 100644
index 0000000..4f4374f
--- /dev/null
+++ b/CVE-2021-47520
@@ -0,0 +1,6 @@
+The CVE-2021-47520 vulnerability resides in the Linux kernel's CAN (Controller Area Network) driver, specifically in the `pch_can_rx_normal` function within the `drivers/net/can/pch_can.c` file. The issue arises from a use-after-free error, where the `skb` (socket buffer) is dereferenced after calling `netif_receive_skb(skb)`. This is problematic because the `can_frame cf` aliases the memory of `skb`, and accessing it after the call to `netif_receive_skb(skb)` is unsafe.
+
+The vulnerability was introduced in kernel version 2.6.37 with commit b21d18b51b31 and has since been fixed in various kernel versions, including 4.4.295, 4.9.293, 4.14.258, 4.19.221, 5.4.165, 5.10.85, and 5.15.8.
+
+The fix involves reordering the lines of code to prevent the use-after-free error. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported in isolation. However, for those who cannot update to the latest release, the individual commits that resolve this issue can be found at the provided Git links.
+