Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Locking external INTx masking operations Masking operations by changing the config space can potentially cause races with the INTx configuration changes made via ioctl. Create wrappers that add locking mechanisms for...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix for the race between nbdallocconfig and module removal When the nbd module is being removed, nbdallocconfig may be called concurrently by nbdgenlconnect. Although trymoduleget will return false, nbdallocconfig does not...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a missing error check to scarlett2usbsetconfig. The scarlett2usbsetconfig function calls scarlett2usbget, but did not check the result. If this function fails, an error is returned instead of continuing wit...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: Soundwire: Stream – Fixing a memory leak in the stream configuration error path When the stream configuration fails, the master runtime will release all slave runtimes from the slavertlist. However, at this point, the slave...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid dividing by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they can lead to a division by zero in downstream calls such as...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing the name variable directly, tearing down components may lead to use-after-free errors. Duplicate the name variable to avoid this issue. At the same tim...

Astra Linux - уязвимость в ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the configinput function in the afacrossover.c file...

Astra Linux - уязвимость в firefox

If an attacker were able to alter specific about:config values for example, malware running on the user’s computer, the Devtools remote debugging feature might be enabled in a way that is unnoticed by the user. This would allow a remote attacker who can establish a direct network connection to th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fixed a memory leak in pinconfgenericParseDtconfig In pinconfgenericParseDtconfig, if parseDtCfg fails, it returns directly. This bypasses the cleanup logic, resulting in a memory leak of theCfg buffer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: regmap-irq: The numconfigregs property was introduced in regmapaddirqchipfwnode. The commit faa87ce9196d “regmap-irq: Introduce config registers for irq types” added the numconfigregs property. The commit 9edd4f5aee84...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: Fixed various issues related to null pointer dereferencing on 10Gbps cables. This prevented null pointer dereferences in functions fecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm by simply reusing the 5Gbps...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig The issue involved a corrupted slaveconfig function that incorrectly compared peripheralsize with the size of the config pointer, rather than the size of the config...

Astra Linux - уязвимость в git

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. These untrusted parties could create the folder C:.git, which would be included in Git...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: Fixed an out-of-bounds access issue in mchpipcgetclusteraggrirq. The clustercfg array is dynamically allocated to hold per-CPU configuration structures. Its size is determined by the number of online CPUs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Fixed a DMA memory leak in the configuration page. A fix was also provided for: DMA-API: For the PCI device with address 0000:83:00.0, the device driver had pending DMA allocations even after it was released from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: Holding csfgcsdevlock while removing cscfg from csdev. There may be a race condition related to coresight configuration: CPU0 CPU1 perf enable load module cscfgloadconfigsets Activate configuration. // sysfs sysactivec...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid deadlock in sriovnumvfsstore caused by pcidevlock The sysfs sriovnumvfsstore function acquires the device lock before acquiring the config space access lock: sriovnumvfsstore devicelock A 1 Acquire device lock...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fixed a memory out-of-bounds issue when numconfigs is 1. The configuration passed in by padwakeup is set to 1 when numconfigs is 1. In this case, Configuration 1 should not be retrieved, which will be detected...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: Enable all safety features by default In the original implementation of dwmac5, the commit 8bf993a5877e states that “net: stmmac: Add support for DWMAC5 and implement Safety Features”. All safety features were...