Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed a UAF in the panthorgemcreatewithhandle function’s debugfs code. The object may potentially have already been deleted after the drmgemobjectput call. In general, the object should be fully constructed before...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ath9k: Fixed a use-after-free in ath9khifusbrxcb. Syzbot reported a use-after-free during the Read operation in ath9khifusbrxcb. The problem arose from incorrect initialization of htchandle-drvpriv. A likely call stack that...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hinic: fixed the issue of CMDQ memory leaks. When hinicsetcmdqdepth fails in hinicinitcmdqs, the CMDQ memory is not released correctly. This issue has been fixed...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: schcake: Do not call cakedestroy from cakeinit. qdiscs should not call their own destroy method from init, because the core stack already does that. syzbot was able to trigger use after free: DEBUGLOCKSWARNONlock-magic != lock...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed an issue with error unwinding of XDP initialization. When initializing XDP in virtnetopen, some rq xdp initializations may encounter errors, resulting in failed network device openings. However, previous rqs have...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: initializing interrupts after register initialization The interrupts of qDMA are initialized after the registers are configured, so that interrupts that might have been pending from the primary kernel do not...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel issue 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte. In this case, the HWS action refcount and mutex were not initialized, and the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to the ability of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86 – Handling of SRCU initialization failures during page track initialization Check the return value of initsrcustruct, which may fail due to OOM conditions when initializing the page track mechanism. Lack of checking lead...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mlxsw: Minor fix for a potential memory leak in mlxswmlinecardsinit. The line cards array is not freed during the error path of mlxswmlinecardsinit, which could lead to a memory leak. This issue was addressed by freeing the array...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: codecs: wcd938x: fixed missing mbhc initialization error handling The initialization of MBHC may fail, so additional error handling is needed to avoid dereferencing an error pointer during later configuration of the jack...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: All reserved memblocks on Node0 are set at initialization. After the commit 61167ad5fecdea "mm: pass nid to reservebootmemregion", a panic occurs if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Delay all operations related to ath9kwmieventtasklet until initialization is complete. The ath9kwmieventtasklet function used in ath9khtc assumes that all data structures have been fully initialized by the time it...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fixed an underflow issue related to the realdev refcnt. An error is injected before devholdrealdev in registervlandev, and the following testcase is executed: bash ip link add dev dummy1 type dummy ip link add name...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fixed NULL dereferencing when uninstalling an interrupt. In cases of early initialization errors, and on platforms that do not use the DPU controller, the deinitialization code can be called with the kms pointer set to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fixed the error handling for regmap init. The devmregmapinitmmio function now returns ERRPTR upon an error, instead of NULL. The error check has also been fixed, and the error message has been corrected...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block: Fix for a race condition between wbtenabledefault and IO submission. When wbtenabledefault is executed outside of the queue freezing mechanism in elevatorchange, it can cause the wbt inflight counter to become negative -1,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...

Malicious code in gauth-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...