Malicious code in terminal-logger-utils (npm)

terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handling deconfigured sockets When a socket is deconfigured, it is mapped to SOCKEMPTY 0xffff. This causes a panic during the allocation of UV hub info structures. This issue can be fixed by using NUMANONODE,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fixed a refcount leak in ariesaudioprobe. The ofparsephandle function returns a node pointer with the refcount incremented. We should use ofnodeput on it when necessary. If extconfindedevbynode fails, it does not...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Video: fbdev: amba-clcd: Fixed refcount leak issues. In clcdfbofinitdisplay, we should call ofnodeput for the references returned by ofgraphgetnextendpoint and ofgraphgetremoteportparent. These functions increase the refcount...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: bq257xx: Fixed the issue of a reference leak on the device node in bq257xxregdtparsegpio. In bq257xxregdtparsegpio, if it fails to obtain a sub-child node, it returns without calling nodeputchild, resulting in a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Error handling was added in xhcimapurbfordma. Currently, xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. However, if kzallocnode fails, the subsequent call to sgpcopytobuffe...

Astra Linux - уязвимость в node-minimist

Minimist =1.2.5 is vulnerable to Prototype Pollution through the file index.js, the function setKey lines 69-95...

Astra Linux - уязвимость в node-y18n

The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: “power: supply: rk817” – Fixed the node refcount leak. Dan Carpenter reported that the Smatch static checker identified another refcount leak in the probe function. While the ofnodeput function was added in one of the return...

Astra Linux - уязвимость в node-get-func-name

get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: The refcount leak in mvebugicpprobe has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the...

Astra Linux – Vulnerability in Node-Elliptic

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The synchronization of ofchangesetDestroy with the devlink removals operations. In the following sequence: 1 ofplatformdepopulate 2 ofoverlayremove During step 1, devices are destroyed, and devlinks are removed. During step 2, OF...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ARM: cns3xxx: Fixed a refcount leak in cns3xxxinit. offindcompatiblenode returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add the missing ofnodeput call to avoid the refcount...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fixed OF node reference count leakage. Automated reviews identified a leakage of the OF node reference count when checking whether the ‘leds’ child node exists. The Call ofputnode function is used to correct...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Use an alternative source for socket to node data. The UV code attempts to create a set of tables to enable bidirectional socketnode lookups. However, when nrcpus is set to a lower number than the actual number o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Unnecessary ofnodeput function removed from felixParseportsnode. The unnecessary ofnodeput function was removed from the continue path to prevent a child node from being released twice, which could lead to resource leak...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Ensure that node page reads are completed before f2fsputsuper finishes. The Xfstests generic/335 and generic/336 tests sometimes crash with the following message: F2FS-fs dm-0: Detect a reference count leak in the filesyste...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “interconnect”: fixed a memory leak when freeing nodes. The node link array is allocated when adding links to a node, but it is not deallocated when nodes are destroyed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix for ofk3udmaglueParsechnbyid The ofk3udmaglueParsechnbyid helper function erroneously invokes “ofnodeput” on the “udmaxnp” device node that was passed to it. Additionally, its reference count was...