37443 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Consider the return from setmemoryrox when using bpfjitbinarylockro. setmemoryrox may fail, leaving memory unprotected. Check the return value and bail out if bpfjitbinarylockro returns an error...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: intel-vbtn: Protected the ACPI notify handler from racing with itself. Since the commit e2ffcda16290 “ACPI: OSL: Allow Notify handlers to run on all CPUs”, ACPI notify handlers like intel-vbtn’s notifyhandler may ru...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcppmdeladdtimer The function mptcppmdeladdtimer may call skstoptimersyncsk, &entry-addtimer. It is reported by syzbot that there might already be a free entry. Add RCU protection to fix this...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a missing runtime PM reference in ccsmodestore. ccsmodestore calls xegtreset, which internally invokes xepmruntimegetnoresume. This function requires the caller to already hold an outer runtime PM reference, and war...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: The issue of losing the “young/dirty” bits during the pagemap scan has been fixed. The function makeuffdwpwppte used to perform these operations was previously executed as follows: c pte = ptepgetptep;...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpudmhdcp.c copies pointers to amdgpudmconnector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed an oops error when unloading drivers that are parallel to each other. When the hclge driver is unloaded, it attempts to disable sriov first for each aedev node from hnae3aedevlist. If the hns3 driver is unloaded ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the NULL check of currxfer in tegraqspiisrthread. Without this protection, the following race...
Astra Linux - уязвимость в node-ejs
The ejs also known as Embedded JavaScript templates package in Node.js before version 3.1.10 lacked certain measures to prevent pollution...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Added bounds checking in getmaxinlinexattrvaluesize Normally, extended attributes within the inode body would be checked when the inode was first opened. However, if someone writes to the block device while the file system ...
Astra Linux - уязвимость в sendmail
Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firewire: Core – Fix for race condition with the transaction list The list of transactions is enumerated without acquiring the card lock when processing the AR response event. This causes a race condition bug when processing the ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported the following issue in 32-bit mode when the dosemu software executed the vm86 system call: General protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a general protection fault in runismappedfull. ntfscreate inode: Fixed the deletion of a non-resident attribute...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch. At the same time, ffsepfilerelease is called from the user space. ffsepfilerelease...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Clean up the hash of directfunctions in case of register failures. The following GPF errors occur when registerftracedirect fails: General protection fault, likely for non-canonical addresses \ 0x200000000000010: 0000 ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: The issue of error recovery leading to data corruption on ESE devices has been fixed. Extent Space Efficient ESE or thin-provisioned volumes need to be formatted on demand during normal IO processing. The...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to allocskmsg syzbot found that allocskmsg could be called from a non sleepable context. skpsockverdictrecv uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. syzbot...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fixed race conditions related to access to midibuf. There can be concurrent accesses to line6’s midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warnings...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A use-after-free issue was fixed in smbbreakalllevIIoplock. There is a section within smbbreakalllevIIoplock that can cause race conditions when unlocking during the loop. This patch uses a read lock to protect the entire...