226302 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dax: Fixed the issue where daxmappingrelease was called after the object was freed. A test using CONFIGDEBUGKOBJECTRELEASE to remove a device-related dax region e.g., using modprobe -r daxhmem results in the following output:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Cleanup of potential nfsdfile refcount leaks in the COPY code path. There are two different versions of the nfsd4copy structure. One is embedded within the compound structure and is used directly in synchronous copies. T...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free vulnerability was discovered in the siano smsusb module within the Linux kernel. The bug occurs during device initialization, when the siano device is plugged in. This flaw allows a local user to crash the system, resulting in a denial-of-service condition...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid a use-after-free condition related to cached IPU bio. The xfstest generic/019 report a bug: Kernel BUG: At mm/filemap.c:1619! RIP: 0010:folioendwriteback+0x8a/0x90 Call Trace:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dochangetype: refusal to operate on unmounted/not ours mounts. It is ensured that propagation settings can only be changed for mounts located within the caller’s mount namespace. This change aligns permission checks with those of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cgroup: Split cgroupdestroywq into 3 workqueues A hang can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio controllers with systemd.unifiedcgrouphierarchy=1. The hang manifests in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Always pass an error pointer to sevplatformshutdownlocked When 9770b428b1a2 “crypto: ccp – Move devinfo/err messages for SEV/SNP init and shutdown” moved the error messages so that they don’t need to be issued by...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used within the same transaction, leading to a use-after-free...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the MCTP protocol within the Linux kernel. The function mctpunregister reclaims the device’s related resources when a netcard is detached. However, a running program may be unaware of this flaw, leading to a use-after-free of the mdev-addrs object, which could potentially...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fixed a possible null-ptr-deref issue. This issue could lead to a null-ptr-deref when the resourcesizeaddrange function is called, if the platformgetresource function returns NULL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drbd: Only clone the bio if there is a backing device available. The commit c347a787e34cb drbd: changed -bibdev to -bibdev in drbdreqnew moved the biosetdev call which has since been removed to an earlier stage, from...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode = 0x0000000b...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: The double-free operation in dvbregisterdevice has been fixed. In the function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, the dvb-entity is allocated and initialized. If the initialization...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Macintosh: A possible memory leak in macioaddonedevice has been fixed. After committing 1fa5ae857bb1 “driver core: get rid of struct device’s busid string array”, the name of the device is allocated dynamically. This memory...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Ensure that “ibport” is valid when accessing the sysfs node. The “ibport” structure must be set before adding the sysfs kobject, and reset after removing it. Otherwise, the system may crash when accessing the sysfs...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt76x0: fixed out-of-bound access in mt76x0phygettargetpower. After the commit “ba45841ca5eb “wifi: mt76: mt76x02: simplify struct mt76x02ratepower””, mt76x02 relies on the ht0-7 ratepower data for vht mcs0,7, while i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
There is a flaw in the Linux kernel’s handling of new TCP connections. The issue arises due to the lack of memory release after the effective lifetime of these connections. This vulnerability allows an unauthenticated attacker to create a denial-of-service condition on the system...
Astra Linux – Vulnerability in Linux 5.10, Linux
A flaw related to the use of “free” in the Linux kernel’s Video4Linux driver was discovered in the way that triggers em28xxusbprobe, for Empia 28xx-based TV cards. A local user could exploit this flaw to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: IB/mad: Do not call to functions that might sleep while in atomic context. Tracepoints are not allowed to sleep. As a result, the following error is generated due to a call to ibquerypkey in atomic context. WARNING: CPU: 0 PID:...