Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3: A deadlock issue was fixed when configuring TCP during the reset process. When configuring TCP during the reset process, a deadlock may occur. The sequence is as follows: 1. pf reset start 2. …… setup tc 3. ……...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a memory leak in the createprocess failure. Fixed a memory leak caused by a leaked mmget reference in a error handling code path, which is triggered when attempting to create KFD processes while a GPU reset i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fixed a memory leak in airohaqdmarxprocess. If an error occurs in the subsequent buffers belonging to the non-linear part of the skb e.g., due to an error in the payload length reported by the NIC, or if all availabl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Potential out-of-bounds reads in processmessageheader have been prevented. If the message frame is maliciously corrupted in such a way that the length of the control segment becomes shorter than the size of the message...

Astra Linux - уязвимость в webkit2gtk

A correctness issue was addressed through improved checks. This issue has been fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may result in an unexpected process crash...

Astra Linux - уязвимость в ntp

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A use-after-free bug in nilfsroot has been fixed in nilfsevictinode. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the bpf function, the task with pid=1 can be skipped in the sendsignalcommon function. The following kernel panic can occur when a task with pid=1 attempts to send a killing signal to itself. For more details, see 1. Kernel...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue involves bcm: – a UAF Use-After-Free flaw in bcmprocshow. Bug: KASAN: A slabuse-after-free issue occurs in bcmprocshow+0x969/0xa80. A size 8 byte read was performed at address ffff888155846230 by the task cat/7862. CPU:...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue related to “ALSA: firewire-lib: operate for period elapse event in process context” has been addressed. The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the proces...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The issue arises from the following sequence of operations: kfdprocessnotifierrelease flushes svmrangerestorework, which in turn cal...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: Fixed the issue where hugepmdunshare caused a race condition with GUP-fast. The hugepmdunshare function releases a reference to a page table that might have previously been shared across processes. This could...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xfs: added bounds checking to xlogrecoverprocessdata There is a lack of verification of the space occupied by fixed members of xlogopheader in xlogrecoverprocessdata. We can create a crafted image to trigger an out-of-bounds read...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 18.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.11 contains a segmentation violation through the function decodercontext::processSliceSegmentHeader in decctx.cc...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed the issue of partial SETREGSET for NTARMTAGGEDADDRCTRL. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will leave this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Defined and enforced the CEPHMAXKEYLEN. When decoding the key, verify that the key material fits into a fixed-size buffer in processauthdone, and that its length is reasonable. The new CEPHMAXKEYLEN check replaces the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease functions. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a...

Astra Linux - уязвимость в webkit2gtk

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6. Processing maliciously crafted web content may lead to an...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Added a call to putpid. A call to putpid is added corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID, so we need to free it here to avoid leaks. [email protected]: Reworded the...