10863 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Block: Do not delete a queue kobject before its child kobjects are deleted. Kobjects are not supposed to be deleted before their child kobjects are deleted. Apparently, this is usually harmless; however, a warning will be trigger...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: md: fixed the UAF issue when iterating the allmddevs list While iterating the allmddevs list from mdnotifyreboot and mdexit, listforeachentry Safe is used. This can lead to a race condition with deletint, causing a UAF: t1:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jbd2: removed the incorrect sb-ssequence check. The emptiness of the journal is determined not by sb-ssequence == 0, but rather by sb-sstart == 0 which is set a few lines above. Moreover, 0 is a valid transaction ID, so the check...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cfg80211: Fixing management registration locking issues The issue with management registration locking was addressed. The list was locked for each wdev, but the cfg80211mgmtregistrationsupdate function iterated over it without...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the “block” section, the issue of releasing rq/qos structures for queues without handling the disk-related aspects has been addressed. The blkcginitqueue function may add rq/qos structures to the request queue. Previously, the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix for use-after-free in jffs2clearxattrsubsystem When we mount a jffs2 image, it is assumed that the first few blocks of the image are normal and contain at least one xattr-related inode. However, the next block may be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: soc-compress: Repositioned and added pcmmutex. If paniconwarn is set and the compress stream DPCM is initiated, then a kernel panic occurs because card-pcmmutex is not properly locked. In the following functions, a warni...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify the content returned by parseintarray. The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 will result in a null-ptr-deref error...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: Avoid using partially committed contexts. One major use of damoncall is the update of DAMON parameters online. This is done by calling damoncommitctx within the damoncall callback function. damoncommitctx can fail...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjusted error handling in case of absence of a codec device. The acpigetfirstphysicalnode function may return NULL in several situations e.g., no such device exists, ACPI table error, reference count drops to 0, etc...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fixed the nullptrderef bug in the buf prepare and finish steps. When the driver calls tw68riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer buf-cpu. Late...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a system hang caused by CPU-clock usage. CPU-clock usage by the async-profiler tool can trigger a system hang. This issue was fixed starting with the following commit by Octavia Togami: 18dbcbfabfff “perf: Fixed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The maximum minor value is set to blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both ends. Therefore, NREXTDEVT is a valid index returned by blkallocextminor. This ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed handling of offline queues in blkmqallocrequesthctx. This patch prevents the test nvme/004 from triggering the following issues: - UBSAN: Array index out of bounds in block/blkmq.h:135:9. The index 512 is out o...
Astra Linux – Vulnerability in Parsec
The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: ocelot: The function dsatag8021qunregister is called under rtnllock when removing a driver. When the currently used tagging protocol is “ocelot-8021q”, and we unbind the driver, we encounter this error: bash $ echo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component device...
Astra Linux – Vulnerability in Linux, Linux 5.10
In various setup methods of the USB gadget subsystem, there is a possibility of unauthorized writing due to an incorrect flag check. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation. Product...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - Media: Rockchip: RGA: Fixed a possible dereference of the ERRPTR parameter in rgabufinit. - RGAgetframe: Can return ERRPTR -EINVAL when the buffer type is unsupported or invalid. rgabufinit does not check the return value an...