Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIGDEBUGSHIRQ. This might cause a WARN in the handle...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq-dbg pointer in mlx5debugcqremove Prior to this patch in case mlx5coredestroycq failed it proceeds to rest of destroy operations. mlx5coredestroycq could be called again by user and cause additional call of...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warnings in the DB handler due to BHI mitigation. When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set, then entrySYSENTERcompat uses CLEARBRANCHHISTORY and calls clearbhbloop before the TF...

Astra Linux - уязвимость в chromium

Inappropriate implementation of Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information through debug logs. Chromium security severity: Low...

Astra Linux - уязвимость в python-django

The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger soft lockups, especially with DEBUG features like KASAN. 253.536212 watchdog: BUG: soft lockup - CPU64 stuck for 26s!...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue in kmemleak in orangefspreparedebugfshelpstring has been fixed. When inserting or removing the orangefs module, the debughelpstring variable may be leaked: - Unreferenced object: 0xffff8881652ba000 size 4096 -...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Added a null pointer check to scomdebuginitone. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. A null pointer check should be added, and the...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw was discovered in KVM. When calling the KVMGETDEBUGREGS ioctl on 32-bit systems, there might be uninitialized portions of the kvm Debugregs structure that could be copied into user space, resulting in an information leak...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/debug: The issue of dentry leaks during the updatescheddomain Debugfs operation has been fixed. Kuyo reports that the pattern of using DebugfsRemoveDebugfsLookup causes a dentry leak. With a hot-plug stress test, the machin...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: core: The /proc/scsi/$procname directory was removed earlier. Removing this directory helps to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid use-after-free in ext4extshowleaf In ext4findextent, the path may be freed by an error or reallocated. Therefore, using a previously saved ppath may have been freed, thereby potentially triggering a use-after-free, as...

Astra Linux - уязвимость в binutils

The loadspecificdebugsection function in objdump.c within GNU Binutils, as of version 2.31.1, contains an integer overflow vulnerability that can trigger a heap-based buffer overflow if a crafted section size is used...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: idpf: fixed checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb when the transport header is not yet set. This triggers the following warning in builds with CONFIGDEBUGNET=y:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Don't call kcalloc if size arg is zero If the size arg to kcalloc is zero, it returns ZEROSIZEPTR. Because of that, for a following NULL pointer check to work on the returned pointer, kcalloc must not be called...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioedgeport: fix use after free in debug printk The "devdbg&urb-dev-dev, ..." which happens after usbfreeurburb is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel 2. I think its clear from the code that the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: FireWire: OHCI: Masking of bus reset interrupts between ISR and the bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt occurs, the interrupts related to bus reset are masked until busresetwork processes...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: afs: Fixed a potential null pointer dereferencing in afaPutServer. afaPutServer accesses server-debugid before a NULL check is performed, which could lead to a null pointer dereferencing. The assignment of debugid has been mov...