21906 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: riscv: Flush the current CPU’s ICache before flushing other CPUs. On SiFive Unmatched, I recently encountered the following bug during bootup: 0.000000 ftrace: allocating 36610 entries in 144 pages 0.000000 Oops – illegal...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: A fix was made to increment the reference count of a page once it is set as private. The MM structure defines a rule 1 very clearly: once a page is marked with the PGprivate flag, the reference count of that page should be...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Ensure that the cache entry is active before calling cacheshow. The function cshow was called with protection from RCU. This only ensures that cp will not be freed. As a result, the reference count of cp can drop to zero,...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: vfs: Do not evict inode under the inode lru traversing context The inode reclaiming process see function pruneicachesb collects all reclaimable inodes and marks them with the IFREEING flag. At that time, other processes will b...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: cifs: A use-after-free bug has been fixed in refreshcacheworker. The UAF bug occurred because we were putting DFS root sessions in cifsumount while the DFS cache refresher was executing. We now ensure that DFS root sessions ha...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: This issue prevents Oops exceptions in fscacheputcache. This function dereferences the “cache” object, and then checks whether it is ISERRORNULL. It checks first, and then derefserences the object...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: bcache: Fixup btreecachewait list damage We encountered a kernel crash due to “listadd corruption”. next-prev should be prev 0xffff9c801bc01210, but it was actually fff9c77b688237c. The correct value is next=ffffae586d8afe68...
Astra Linux - уязвимость в webkit2gtk
The issue was resolved through improved handling of caches. This issue has been fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. It is possible for a website to access sensor information without user consent...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: bcache: fixed a NULL pointer in cachesetFlush 1. LINE1794 – LINE1887 contains code related to the function of bchcachesetalloc. 2. LINE2078 – LINE2142 contains code related to the function of registercacheset. 3. The function...
Astra Linux - уязвимость в python2.7, python3.11, python3.7
When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...
Astra Linux - уязвимость в apache2
A properly crafted method sent via HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server versions 2.4.17 to 2.4.48...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for the inode of free space during a write error. While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. The assertion failed:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: The uncached inode fails to enter the group. Syzbot has reported the following BUG: Kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fixed a potential memory leak in kmemcacheopen. In the error path, the randomseq of the slub cache might be leaked. This issue was fixed by using kmemcacherelease to release all relevant resources...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: A memory leak was fixed when using fscache. If the condition “index == nextcached” is encountered, a reference count of the struct page is leaked. This issue is resolved by using readaheadfolio, which handles the reference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix for suspend/resume behavior. Disabling the cache in commit 2ff4ba9e3702 “clk: rs9: Fix for I2C accessors” without removing cache synchronization in the resume path results in a kernel panic, as map-cacheops is unset...
Astra Linux - уязвимость в pgpool2
In Pgpool-II, there is a risk of exposing sensitive information due to incompatible policy issues. If a database user accesses the query cache, unauthorized table data may be retrieved for that user...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after obtaining a folio from readswapcacheasync, we reacquire the tree lock to ensure that the swap entry was not invalidated or recycled. If it...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache. Reject calls to kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly problematic, as KVM may end...