105 matches found
Advisory ROSA-SA-2026-3289
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of unexpectedly changing the path in ksmbdvfskernpathlocked has been fixed. When ksmbdvfskernpathlocked encounters an error, and it isn’t the last entry, it will exit without restoring the changed path buffer...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the H264 multi-stateless decoder’s match warning. A match static checker warning was also fixed in vdech264reqmultiif.c. This issue causes the kernel to crash when fb is NULL...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Silence oversized kvmalloc warnings The syzkaller triggered an oversized kvmalloc warning. Silence this warning by adding GFPNOWARN to the configuration. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: filelock: Fixed the race condition recovery mechanism for fcntl/close operations. When I wrote the commit 3cad1bc01041 “filelock: Remove locks reliably when a fcntl/close race is detected”, I overlooked the fact that there were t...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference issue, and this should fix it...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbcon: A NULL pointer dereference issue was fixed in fbconputcs. syzbot has identified a NULL pointer dereference bug in fbcon. Here is the simplified C code for the bug: c struct param uint8t type; struct tioclselection ts; ; in...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check the streams before comparing them. WHAT & HOW amdgpudm may pass a null stream to dcisstreamunchanged. It is necessary to check for a null value before dereferencing it. This fixes a “FORWARDNULL” issue...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We cannot dereference “skb” after calling vcc-push, because the skb is released...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Mark the bpf prog stack with kmsanunpoisonmemory in interpreter mode. SYZBOT reported uninit memory usage during maplookup,deleteelem. ========= BUG: KMSAN: uninitvalue in devmaplookupelem kernel/bpf/devmap.c:441 inline...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu/mes: fixed the use-after-free issue. Deleted the fence fallback timer to fix the ramdom use-after-free issue. v2: moved to amdgpumes.c...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite the commit 0ad529d9fd2b “mptcp: fix possible divide by zero in recvmsg”, the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that t...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for null pointer dereference in bondipsecoffloadok We must check whether there is an active slave before dereferencing the pointer...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fixed a possible nullptrderef issue in cpufreqcpugetraw. cpufreqcpugetraw may return NULL if the CPU is not included in policy-cpus cpu mask, which could lead to a null pointer dereference...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: vsock: Fixed the transportg2h,h2g TOCTOU issue. The calls to vsockfindcid and vsockdevdoioctl may race with module unloading. transportg2h,h2g may become NULL after the NULL check. Introduced vsocktransportlocalcid to prevent ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: tpm: Changed to kvalloc in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: 10.693310 T1 tpmtis STM0925:00: 2.0 TPM device-id 0x3, rev-id 0 10.848132 T1 ------------ Cut here ------------ 10.853559 T1...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode. The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streami...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it returns a warning message: “WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211” This issue is caused by...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: accounts for free pages to prevent infinite loops in throttledirectreclaim. The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. The call stack is as...