9259 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: ocelot: The function dsatag8021qunregister is called under rtnllock when removing a driver. When the currently used tagging protocol is “ocelot-8021q”, and we unbind the driver, we encounter this error: bash $ echo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...
Astra Linux – Vulnerability in openssl1.0
There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: Fixed possible memory leaks in dsaloopinit. kmemleak: Reported memory leaks in dsaloopinit: kmemleak: 12 new suspected memory leaks. Unreferenced object 0xffff8880138ce000 size 2048: comm "modprobe", pid 390, jiffies...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: Net layer: dsa: fixed a crash that occurs when -getssetcount fails. If ds-ops-getssetcount fails, the “count” value becomes negative, resulting in error codes like -EOPNOTSUPP. Since “i” is a unsigned int, the negative error code...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: Avoid leaking ctx on the error path of dsatag8021qregister If dsatag8021qsetup fails, for example due to the device’s inability to install a VLAN, the tag8021q context of the switch will be leaked. Make sure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networking: DSA: Microchip: Fixed the error path in PTP IRQ setup. If the requestthreadedirq function fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed of. In fact, the error path in...
Astra Linux – Vulnerability in nss
NSS has demonstrated timing differences during the execution of DSA signatures, which can be exploited and may eventually lead to the leakage of private keys. This vulnerability affects Thunderbird versions 68.9.0, Firefox versions 77, and Firefox ESR versions 68.9...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: bcmsf2: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: register the MDIO bus under devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: Fixed the reference count leak in gswipgphyfwlist. In every iteration of foreachavailablechildofnode, the reference count of the previous node is decremented. When exiting the foreachavailablechildofnode lo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don’t leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba, we had a issue where a call to tagops-disconnectdst was issued from dsatreefree, which was called during the tree teardown...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...
Astra Linux – Vulnerability in node-browserify-sign
“browserify-sign” is a package that duplicates the functionality of Node’s crypto public key functions. Much of this functionality is based on Fedor Indutny’s work on “indutny/tls.js”. There is a issue with upper-bound checks in the “dsaVerify” function, which allows attackers to create signature...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: improved shutdown sequence Alexander Sverdlin identified two issues during shutdown with the lan9303 driver. One issue is specific to lan9303, and the other occurs regardless of the driver. The first issue is that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: ar9331: Register the MDIobus under devres. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus under devres” - 5135e96a3dd2: “net: dsa: don’t allocate the slavemiibus using devres...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networking: DSA: Felix: Fixed possible NULL pointer dereferencing. As a possible failure during allocation, kzalloc may return a NULL pointer. Therefore, it is better to check for ‘sgi’ to prevent the dereferencing of a NULL...
Astra Linux – Vulnerability in nss, Thunderbird
Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port is neither a CPU port nor a user port, ‘cpudp’ is a null pointer, and a crash occurs when dereferencing it in mv88e6060setupport: 9.575872 Unable to handle kerne...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Networks: DSA: Felix: Fixed memory leak in felixsetupmmiofiltering. A memory leak can be avoided if no CPU port is defined. Addresses-Coverity-ID: 1492897 “Resource leak” Addresses-Coverity-ID: 1492899 “Resource leak”...