Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: SCSI: PM80XX – Fix for memory leak during rmmod The driver failed to release all memory allocated. This could lead to a memory leak during the removal of the driver. Memory should be properly freed when the module is removed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a UAF issue due to a race between btftrygetmodule and loadmodule. While working on code to populate the kfunc BTF IDs for modules based on their initcalls, I noticed that by the time the initcall is invoked, the module...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: For the hda codecs, do not unset the “preset” parameter when cleaning up codec-related operations. Several functions involved in the initialization and removal of codecs are reused by ASoC codec driver implementations. Thes...

Astra Linux - уязвимость в libxmp

Libxmp through version 4.6.2 has a stack-based buffer overflow in the depackpha function in the loaders/prowizard/pha.c file, due to a malformed Pha format tracker module in a .mod file...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Hash tables are only reset when supported. Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently...

Astra Linux - уязвимость в libdata-validate-ip-perl

The Data::Validate::IP module in Perl version 0.29 does not properly handle extra zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls that are based on IP addresses...

Astra Linux - уязвимость в apache2

A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: Fixed null-ptr-deref in socklockinitclassandname and rmmod. When I ran the reproduction steps and waited for a few seconds, I observed two LOCKDEP errors: a warning followed immediately by a null-ptr-deref. Reproduction Step...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix for double debugfs remove calls This fix addresses an issue where the debugfsremoverecursive function is called first on a parent directory, and then again on a child directory, causing a kernel panic. hverkuil:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net:sfc: fixed the issue of non-freezed interrupts in legacy IRQ mode. The SFC driver can be configured using modparam to work with MSI-X, MSI, or legacy IRQ interrupts. In the latter case, the interrupt was not properly...

Astra Linux - уязвимость в binutils

A out-of-bounds read flaw was discovered in the parsemodule function in bfd/vms-alpha.c in Binutils...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Staging: media: max96712: Fixed a kernel oop when removing the module. The following kernel oop occurred when attempting to remove the max96712 module: Unable to handle the kernel paging request at the virtual address...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The “binding mark” of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 lib.cifs.ko library. The cifs.ko library can send session setup requests on reused connections. If...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Replace the unnecessary WARNON call in staticcallmodulenotify. staticcallmodulenotify triggers a WARNON when memory allocation fails in staticcalladdmodule. This behavior is not really justified, as the failure case...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disabling trampoline for kernel module function tracing The current implementation of BPF trampoline in LoongArch is incompatible with tracing functions in kernel modules. This causes several serious and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IMA: Do not clear the IMADIGSIG flag when setting or removing non-IMA xattr. Currently, when both IMA and EVM are in “fix” mode, the IMA signature will be reset to the IMA hash if a program first stores the IMA signature in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fix kernel crash when uninstalling the driver When the driver is uninstalled and the VFs are disabled concurrently, a kernel crash occurs. The reason is that both actions call the function pcidisablesriov. The value of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – fixed a potential array out-of-bounds access issue. The parameter IWLSECWEPKEYOFFSET will be used as needed during verification, along with determining the keylen value in the iwlmvmseckeyadd function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: hda: Fixed UAF when reloading the module The function hdagenericmachineselect appends "-idisp" to the tplg filename by allocating a new string using devmkasprintf, and then storing that string back into the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the memory leak of PBLE objects. In the case of rmmod for irdma, the memory of PBLE objects is not freed. PBLE objects’ memory is not statically allocated at the time of function initialization—unlike other HMC...