Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: kprobes: Fixed a possible use-after-free issue during kprobe registration. When unloading a module, its state changes from MODULESTATELIVE to MODULESTATEGOING, and then to MODULESTATEUNFORMED. Each of these changes takes some...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Properly handle module initialization failures in staticcalldelmodule. The process of module insertion invokes staticcalladdmodule to initialize the static calls within a module. staticcalladdmodule calls...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fixed a possible memory leak when the module exits. After committing 1fa5ae857bb1 “driver core: removed the struct device’s busid string array”, the name of the device is allocated dynamically. This allocation needs...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Ice: The logic for copying the last block was omitted in icegetmoduleeeprom. icegetmoduleeeprom is broken since the commit e9c9692c8a81 “Ice: Reimplement module reads used by ethtool”. In this refactoring, icegetmoduleeeprom read...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fixed a possible NULL dereference. In iwlmvmremovetimeevent, a check was added to ensure that ‘tedata-vif’ is NULL before dereferencing it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISCV: Module: Fixed out-of-bounds relocation access. The current code allows relj to access an element that is beyond the end of the relocation section. This issue has been simplified by using numrelocations, which is equivalent...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Module: Ensure that kobjectput is safe for the module type kobjects. In lookuporcreatemodulekobject, an internal kobject is created using modulektype. Therefore, calling kobjectput during error handling causes an attempt to use a...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Handling of errors when calling otx2mboxgetrsp in otx2dcbnl.c has been improved. A check for the error pointer was added after calling otx2mboxgetrsp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: The issue related to ref-counting on the PMU “vpapmu” has been fixed. Commit 176cda0619b6 “powerpc/perf: Add a perf interface to expose vpa counters” introduced “vpapmu” to expose the Book3s-HV nested APIv2. This...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There was a race condition in the module exit path, where there was a conflict between deleting all controllers and freeing the “leftover IDs”. To prevent double-freeing, a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a UAF issue when looking up kallsym after ftrace is disabled. The following issue occurs with a buggy module: BUG: Unable to handle a page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed a use-after-free in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RCU grace...

Astra Linux - уязвимость в binutils

A flaw was discovered in Binutils. The use of an uninitialized field in the struct module module may cause the application to crash and lead to a local denial of service...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Do not destroy the workqueue from work items running on it. This issue was triggered by a decrease in the value of kref. The destroyworkqueue function might be called from within a work item to destroy its own...

Astra Linux - уязвимость в golang-1.19

The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...

Astra Linux - уязвимость в pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: coretemp Simplified platform device handling Coretemp’s platform driver is unconventional. All the actual processing is performed globally by the initcall and CPU hotplug notifiers. The “driver” essentially just wraps t...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s “attach” handler c6xdigioattach to...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel. A deadlock occurs when multiple session setup requests are sent simultaneously, which may lead to a denial of service...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Added a check for a valid ‘madagent’ pointer. When unregistering an MAD agent, the srpt module performs a non-null check on the ‘madagent’ pointer before invoking ibunregistermadagent. This check can fail if the...