Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap-out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. The readsize of a perfevent can overflow, resulting in an out-of-bounds increment or write in perfreadgroup. We recommend upgrading to a versi...

Astra Linux - уязвимость в edk2

The BootPerformanceTable pointer is retrieved from an NVRAM variable within PEI. It is recommended that the PcdFirmwarePerformanceDataTableS3Support be set to FALSE...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Disabling support for virtualizing adaptive PEBS is necessary because KVM’s implementation is architecturally broken without an obvious/easy way to address this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move the event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed due to a NULL pointer dereference in the PMU NMI handler: BUG: NULL pointer dereference in the kernel, address: 0000000000000198...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fixed a potential division-by-zero error in emcomputecosts. When the device is of a non-CPU type, tablei.performance will not be initialized in the previous eminitperformance. This results in a division by zero when...

Astra Linux - уязвимость в bind9

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of the BIND Supported Preview Edition, as well as release version 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploiting broken authoritative servers using a flaw in response...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fixed an unchecked MSR access error on HSW. The fuzzer triggers the following trace: 7763.384369 Unchecked MSR access error: WRMSR to 0x689 attempted to write 0x1fffffff8101349e at rIP: 0xffffffff810704a4...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf: arm-ni: Unregistering PMUs due to probe failure When a resource allocation fails in one clock domain of an NI device, we need to properly roll back all previously registered perf PMUs in other clock domains of the same...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out-of-bounds access when parsing CPC data If the NumEntries field in the CPC return packet is less than 2, do not attempt to access the “Revision” element of that packet, because it may not be present at that...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: OPP: Added an index check to ensure no buffer overflow occurs in readfreq. The freq index is passed to the assert function to ensure that we do not read values from the opp-rates table when called from the indexed variants:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fixed a potential UAF issue in OPP handling. Ensured that all required data is acquired before calling devpmoppputop, to maintain the correct order of resource acquisition and release...

Astra Linux - уязвимость в chromium

Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Makes rmwlock a rawspinlock. The following bug was triggered: ============================= Bug: Invalid wait context 6.12.0-rc2-XXX 406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock:...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: When masking the value of MSRIA32PEBSENABLE for guests with specific vCPU values, it’s necessary to mask this value with the desired PEBSENABLE value of the vCPU. Simply consulting the host kernel’s host vs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: The segfault caused by PEBS-via-PT with a sample frequency has been fixed. Currently, using PEBS-via-PT with a sample frequency instead of a sample period causes a segfault. For example: BUG: Kernel NULL pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPI: Tables: FPDT: Do not call acpiosmapmemory on an invalid physical address. On a Packard Bell Dot SC Intel Atom N2600 model, there is an FPDT table containing invalid physical addresses. The high bits of these physical...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap out-of-bounds write vulnerability in the Linux Kernel Performance Events perf component of the Linux kernel can be exploited to achieve local privilege escalation. If the perfreadgroup function is called when the siblinglist of an event is smaller than that of its child, it may increment o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fixed powerpmudisable to call clearpmiirqpending only if PMI is pending Running a self-test with CONFIGPPCIRQSOFTMASKDEBUG enabled in the kernel triggered the following warning: 172.851380 ------------ Cut here...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fixed out-of-bound access when a valid event group is used. The perf tool allows users to create event groups using the cmd 1. However, the driver does not check whether the array index is out of bounds...