37446 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: Ensure the worker is destroyed after termination When an IRQ worker is running, disconnecting the device can cause a crash. The hardware at the sealevel for which this driver was written is not hotpluggable, so I...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: added an atomiccheck to bridge ops. The DRM committails function will disable the downstream crtc/encoder/bridge if both conditions are required, and crtc-active will be set before pushing a new frame downstream. Ther...
Astra Linux - уязвимость в linux
The arch/x86/kvm/mmu/pagingtmpl.h file in the Linux kernel before version 5.12.11 incorrectly calculates the access permissions of a shadow page, resulting in a missing guest protection page fault...
Astra Linux - уязвимость в sendmail
Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firewire: Core – Fix for race condition with the transaction list The list of transactions is enumerated without acquiring the card lock when processing the AR response event. This causes a race condition bug when processing the ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported the following issue in 32-bit mode when the dosemu software executed the vm86 system call: General protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a general protection fault in runismappedfull. ntfscreate inode: Fixed the deletion of a non-resident attribute...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch. At the same time, ffsepfilerelease is called from the user space. ffsepfilerelease...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Clean up the hash of directfunctions in case of register failures. The following GPF errors occur when registerftracedirect fails: General protection fault, likely for non-canonical addresses \ 0x200000000000010: 0000 ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: The issue of error recovery leading to data corruption on ESE devices has been fixed. Extent Space Efficient ESE or thin-provisioned volumes need to be formatted on demand during normal IO processing. The...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to allocskmsg syzbot found that allocskmsg could be called from a non sleepable context. skpsockverdictrecv uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. syzbot...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fixed race conditions related to access to midibuf. There can be concurrent accesses to line6’s midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warnings...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A use-after-free issue was fixed in smbbreakalllevIIoplock. There is a section within smbbreakalllevIIoplock that can cause race conditions when unlocking during the loop. This patch uses a read lock to protect the entire...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: The sig-statslock lock is used to gather statistics about threads/children. The locktasksighand function can cause a hard lockup. If NRCPUS threads call dotaskstat at the same time, and the process has...
Astra Linux - уязвимость в isc-dhcp
In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The system now validates the entire DACL before rewriting it using cifsacl. The functions buildsecdesc and idmodetocifsacl derive a pointer to the DACL from a dacloffset provided by the server. They then use the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/oa: Fixed the “Missing outer runtime PM protection” warning. Fixed the following drmWARN: 953.586396 xe 0000:00:02.0: drm Missing outer runtime PM protection … 953.587090 ? xepmruntimegetnoresume+0x8d/0xa0 xe 953.587208...
Astra Linux - уязвимость в node-tar
The npm package “tar” also known as node-tar in versions prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has a vulnerability related to arbitrary file creation/overwriting, due to insufficient symlink protection. node-tar aims to ensure that any file whose location would be modified by a symbolic link i...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ndisc: RCU protection should be used in ndiscallocskb. ndiscallocskb can be called without holding RTNL or RCU. Adding RCU protection is necessary to avoid potential Use-after-Free UAF vulnerabilities...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...