150 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing/histograms: Fixed the memory leak issue This issue is resolved through commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As mentioned in commit 46bbe5c671e0 “Tracing: fixed double-free”, the “double-free” problem reported ...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for lz4 inplace decompression Currently, EROFS can map another compressed buffer for inplace decompression, which was used to handle cases where some pages of compressed data are not actually in-place I/O. However, lik...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fix for htt.pktlog locking. The ath11k active PDevs are protected by RCUs, but the code that handles htt.pktlog, namely ath11kmacgetarbypdevid, was not marked as a read-side critical section. Mark the relevant code...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: UDP: The flag SOCKRCUFREE was set earlier in the udplibgetport function. The syzkaller function triggered a warning 0 in the udpv4earlydemux function. In udpv46earlydemux and sklookup, we do not touch the refcount of the sk...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the drivers/video/fbdev/smscufx.c file within the Linux kernel, up to version 5.19.12, there is a race condition that can lead to a use-after-free if a physically nearby attacker removes a USB device while the open function is called. This issue is essentially a race condition between ufxopsop...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
Transmitted requests in Xen’s virtual network protocol can consist of multiple parts. Although none of them are actually useful, except for the initial part, any of these parts can be of zero length, meaning they carry no data at all. Apart from the certain initial portion of the data to be...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A deadlock flaw was discovered in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc. In tpgalloc, resources should be deallocated in every possible error-handling path, as they are allocated using for statements. Otherwise, memleaks could occur, since tpgfree is onl...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the rdsrecvtracklatency function in net/rds/afrds.c in the Linux kernel, from version 6.7.1 onwards, there is an off-by-one error in the comparison of RDSMSGRXDGRAMTRACEMAX, which leads to out-of-bounds access...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A memory read flaw that is outside the safe bounds was discovered in receiveencryptedstandard in fs/smb/client/smb2ops.c, within the SMB Client sub-component of the Linux kernel. This issue arises due to an integer underflow occurring during the memcpy operation’s length calculation, resulting in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the idx validation in config queues msg. Ensured that idx is within the range of active/initialized TC’s when iterating over vf-chidx in i40evcconfigqueuesmsg...
Important: cuda-drivers
Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ip: Fixed a data race around the sysctlfwmarkreflect function. When reading sysctlfwmarkreflect, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
A issue was discovered in the Linux kernel through version 6.5.9. During a race condition involving the exit of a SQ thread, a NULL pointer dereferencing in iouring/fdinfo.c’s iouringshowfdinfo function can occur...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: spi: nxp-fspi: fixed the KASAN out-of-bounds bug The length of the memcpy operation was changed to address the out-of-bounds issue when writing data that is not 4-byte aligned to the TX FIFO. To reproduce the issue, 3 bytes of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to the cacheinfo array The loop that detects/populates cache information already includes a check on the array size. However, it does not take into account cache levels with separate...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: UBLK: Failure to recover a device if queue setup is interrupted. In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by a signal, the queues are not set up successfully. Therefore, we must fail the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Added kfree call for kstrdup. Added kfree in the subsequent error handling to avoid memory leaks...