31 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fix for NULL dereference on the root when tracing inode eviction. When evicting an inode, the first step is to set up tracing for it, which involves retrieving the root’s ID. However, in btrfsevictinode, the root might be...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fixed a race condition in the driveroverrideshow function and used a core helper function. The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: A potential memory leak was fixed in tw9906probe. In one of the error paths in tw9906probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. This issue was addressed by calling...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dm: removed the fake timeout to avoid leaking requests. Since commit 15f73f5b3e59 “blk-mq: moved failure injection out of blkmqcompleterequest”, drivers are responsible for calling blkshouldfaketimeout at appropriate code paths a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: SCTP: The instruction “move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT” has been fixed. A null-ptr-deref issue was reported in the SCTP transmission path when the SCTP-AUTH key initialization fails:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem e.g., bcachefs might return weird files. Instead of throwing a warning and allowing access to such files, treat them as regular files...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: fix udp gsoskbSegment after pulling from fragList The commit a1e40ac5b5e9 “net: gso: fix udp gso fragList segmentation after pulling from fragList” detected invalid geometries in the fragList skbSegments and redirected them...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: c / IRQs 2, 3, 5, 6, 7, 10, 11, 15 are valid for “enhanced” mode / if 1 options1 & 0x8cec However, it-optionsi is ...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fixed the nested key length validation in the set action. It is not safe to access nlalenovskey if the data is smaller than the netlink header. Ensure that the attribute is valid first...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when markinodedirty get the bdiwriteback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a use-after-free in printgraphfunctionflags during tracer switching. Kairui reported a Use-After-Free issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced by putting a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser: added a check to avoid out-of-bound access. There is a possibility that initcodecs may be invoked multiple times during manipulation of the payload from video firmware. In such cases, if codecscount can...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: atm: clip: Fixed a potential nullptrderef issue in toatmarpd. Atmarpd is protected by RTNL since commit f3a0592b37b8 “ATM: clip causes unregister hang”. However, this protection is insufficient because toatmarpd is called...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOAcacheimposrcvd receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holdingtime are NULL. Because there is only for the situation where entry is NULL...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of “acpiid” if the “str” argument is at its maximum length...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI – Add a check to handle OOB writes in the SFR region. The value of sfr-bufsize is stored in shared memory and can be modified by malicious users. OOB write operations are possible when the buffer size is increas...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the create lease context. A missing bounds check was added for the create lease context...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: null – Use spin locks instead of mutexes. Since the null algorithm may be freed in the softirq context through afalg, using spin locks instead of mutexes helps protect the default null algorithm...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RISCV: Stacktrace: Disabling KASAN checks for non-current tasks. When unwinding the stack of a task other than the current one, KASAN will report “BUG: KASAN: out-of-bounds access in walkstackframe+0x41c/0x460”. The same issue...