224336 matches found
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone. priv is netdev’s private data, and it cannot be used after a freenetdev call. Using priv after freenetdev can cause a UAF bug. This issue is fixed by moving the freenetdev call to the end of the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: Fix memory leak in netlblcipsov4addstd Reported by syzkaller: BUG: Memory leak Unreferenced object: 0xffff888105df7000 size 64 Process: “syz-executor842”, PID: 360, Jiffies: 4294824824 Age: 22.546 seconds Hex dump firs...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported a slab-out-of-bounds Read in qrtrendpointpost. The problem was with the wrong sizetype: if len != ALIGNsize, 4 + hdrlen goto err; If the size from qrtrhdr is 4294967293...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: can: mcbausb: fixed a memory leak in mcbausb Syzbot reported a memory leak in the SocketCAN driver for the Microchip CAN BUS Analyzer Tool. The problem occurred in unfreeing the usbcoherent object. In the mcbausbstart function...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realmdma memory un/share, and others, by simply clearing...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed corruption in command completion handlers and UAFs Commit 302a1f674c00 “Bluetooth: MGMT: Fixed possible UAFs” introduced mgmtpendingvalid, which not only validates pending commands but also unlinks them...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Remove duplicate resource teardown The epfntbepcdestroy function duplicates the teardown that the caller is supposed to perform later. This leads to an error when .allowlink fails, or when .droplink i...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix an off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length. This does not verify whether the length of the name actually...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in ‘usbgetbosdescriptor’ The BOS descriptor defines a root descriptor and serves as the base descriptor for accessing a family of related descriptors. The function usbgetbosdescriptor encounters a...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: mmc: sdio: fixed possible resource leaks in some error paths. If sdioaddfunc or sdioinitfunc fails, sdioremovefunc may not properly release resources. In these cases, the sdio function is not called, and functions like ofnodep...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function does not properly deactivate filters in the case of a perfect hash; moreover, it deactivates the underlying structure during...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed NULL pointer dereference in mt7915getphymode Fixed the NULL pointer dereference in mt7915getPHYmode routine by adding an IBSS interface to the mt7915 driver. 101.137097 wlan0: Triggered a new scan to find a...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fixed a use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresources is calle...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path In the probe function, if the serialconfig function fails, resources are being leaked. Add a resource handling mechanism to free up this memory...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV – Lock all vCPUs when synchronizing VMSAs for SNP launches to complete. Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests. Allowing the user space to manipulate or run a vCPU while its state is being...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnge: Return after auxiliarydeviceuninit in the error path. When auxiliarydeviceadd fails, the error handling code calls auxiliarydeviceuninit, but it does not return. auxiliarydeviceuninit drops the last reference to the device...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: vfio/xe: Reorganized the init process to separate migration from reset operations. Attempting to perform a reset on VF devices that do not support migration leads to the following issues: BUG: Unable to handle a page fault for...