224336 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length. This does not verify whether the length of the name actually...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in ‘usbgetbosdescriptor’ The BOS descriptor defines a root descriptor and serves as the base descriptor for accessing a family of related descriptors. The function usbgetbosdescriptor encounters a...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: mmc: sdio: fixed possible resource leaks in some error paths. If sdioaddfunc or sdioinitfunc fails, sdioremovefunc may not properly release resources. In these cases, the sdio function is not called, and functions like ofnodep...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function does not properly deactivate filters in the case of a perfect hash; moreover, it deactivates the underlying structure during...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed NULL pointer dereference in mt7915getphymode Fixed the NULL pointer dereference in mt7915getPHYmode routine by adding an IBSS interface to the mt7915 driver. 101.137097 wlan0: Triggered a new scan to find a...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fixed a use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresources is calle...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path In the probe function, if the serialconfig function fails, resources are being leaked. Add a resource handling mechanism to free up this memory...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV – Lock all vCPUs when synchronizing VMSAs for SNP launches to complete. Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests. Allowing the user space to manipulate or run a vCPU while its state is being...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnge: Return after auxiliarydeviceuninit in the error path. When auxiliarydeviceadd fails, the error handling code calls auxiliarydeviceuninit, but it does not return. auxiliarydeviceuninit drops the last reference to the device...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: vfio/xe: Reorganized the init process to separate migration from reset operations. Attempting to perform a reset on VF devices that do not support migration leads to the following issues: BUG: Unable to handle a page fault for...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fixed NULL dereferencing when interface 0 is missing A malicious USB device with the TASCAM US-144MKII device ID may have a configuration where bInterfaceNumber=1, but there is no interface 0. USB...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate. We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we have already removed the folio from the mapping, so it no longer pinch...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kernel...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fix for use-after-free in the encoder release path. The fopsvcodecrelease function frees the context structure ctx without first canceling any pending or ongoing operations in ctx-encodework. This creates...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: clockevents: Added missing resets to the nexteventforced flag. The mechanism used to prevent timer interrupts from being missed failed to reset the nexteventforced flag in several locations: - When the state of the clock event...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: writeback: Fixed the use of “free” after processing in inodeswitchwbsworkfn. The function inodeswitchwbsworkfn has a loop like this: c wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break;...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation The outer nesting of ETHTOOLASTRSETSTRINGSETS is not taken into account. This may result in ETHTOOLMSGSTRSETGET generating a warning like this: “Calculated message payload length 68...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fix command flush on cable pull The system crashed due to a command failing to be flushed back to the SCSI layer. Bug: Unable to handle a NULL pointer dereferencing in the kernel at address 0000000000000000. PGD...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: Device name buffers passed to the device replace function are properly validated for string termination. This prevents a read out of bounds situation in the getnamekernel function. There is a syzbot report...