2433 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fixed a possible memory leak. This issue occurs in bnxtresetupchipctx, when bnxtqplibmapdbbar fails; the driver does not free the memory allocated for “rdev-chipctx”...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: A memory leak has been fixed in hnsroceallocmr. When hnsrocemrenable fails in hnsroceallocmr, mrkey is not released. This issue only affects compiled tests...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Fixed an issue where a source warning occurred when accessing the Eth segment. ------------ Cut here ------------ memcpy: A field-spanning write was detected size 56 for the single field “eseg-inlinehdr.start” at...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Correctly check the presence of LSNLATYPEDGID. The netlink response for RDMANLLSOPIPRESOLVE should always contain an LSNLATYPEDGID attribute; it is invalid if it is missing. Properly use the nl parsing logic and cal...
Astra Linux – Vulnerability in Chromium
“Type Confusion in V8” in Google Chrome before version 129.0.6668.100 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A out-of-bounds read in media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: A bug was fixed while setting up Level-2 PBL pages. Memory corruption is avoided when setting up Level-2 PBL pages for non-MR resources when numpages 256K. There will be a single PDE page address consecutive pages in...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. This flaw allows a malicious guest driver to execute hardware commands when shared buffers have not yet been allocated, potentially leading to a use-after-free condition...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/irdma: Fixed the KASAN issue related to tasklets. KASAN testing revealed the following issue related to the deletion of an IRQ. 50006.466686 Call Trace: 50006.466691 50006.489538 dumpstack+0x5c/0x80 50006.493475...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler calls the SCSI LLD ehaborthandler callback, it performs one of the following actions: Calls scsiqueueinsert. Calls scsifinishcommand. Calls scsiehscmdadd...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside of state checks. If the state is not idle, resolvepreparesrc should immediately fail, and no changes to the global state should occur. However, it srcaddr by attempting to create...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed a memory leak in the error flow for the subscribe event routine. In the event that the second xainsert function fails, the objevent object is not released. This issue has been fixed by correcting the error...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the kernel stack leak in irdmacreateuserah. struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // Offset 0 – SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // Offset 4 – NEVER SET - LEAK ; The rsvd4 fiel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevention of certain integer underflows My static checker reports the following issue: drivers/infiniband/hw/irdma/ctrl.c:3605 irdmascceqinit Warning: Can subtract underflow for ‘info-dev-hmcfpmmisc.maxceqs’? It seem...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome before version 126.0.6478.54 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Allow UD qptype to join multicast only Regarding multicast: - The SIDR is the only mode that makes sense; - In addition to PSUDP, other port spaces like PSIB are also allowed, as they are UD-compatible. In this case,...