10862 matches found
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result
A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...
kernel: wifi: mac80211: remove station if connection prep fails
A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
kernel: mm/page_alloc: clear page->private in free_pages_prepare()
A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...
kernel: wifi: mac80211: remove station if connection prep fails
A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - Media: Rockchip: RGA: Fixed a possible dereference of the ERRPTR parameter in rgabufinit. - RGAgetframe: Can return ERRPTR -EINVAL when the buffer type is unsupported or invalid. rgabufinit does not check the return value an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not ...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Do not call freepagesexact with a NULL address. Unlike some other functions, we cannot pass a NULL pointer to freepagesexact. Add a proper NULL check to avoid potential errors...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: crypto: afalg – Fixed an issue where initialisation was missing, affecting gcm-aes-s390. Fixed the afalgallocareq function to initialize areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A race condition flaw was discovered in the Linux kernel sound subsystem due to improper locking mechanisms. This could lead to a NULL pointer derefrence during the handling of the SNDCTLDSPSYNC ioctl command. A privileged local user such as root or a member of the audio group could exploit this...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A deadlock flaw was discovered in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Fixed an out-of-bounds read in auditcomparednamepath. When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / e.g., creating /a, an out-of-bounds read can occur in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a potential memory leak in DMUB hwinit Why When resuming, we perform DMUB hwinit, which allocates memory using dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc. This can lead to a memory leak in suspend/resume...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a possible NULL pointer dereferencing issue. In the rdsrdmacmeventhandlercmn function, if the conn pointer exists before dereferencing it as an argument for rdmasetservicetype, a problem was identified. This issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In the md subsystem, there was a issue where the “activeio” value was not properly released after the submitflushes function was called. This caused the “activeio” value to remain unreleased, leading to a situation where...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the startup race issue with nsfd again. The commit bd5ae9288d64 "nfsd: register pernet ops last, unregister first" re-opened the race in rpcpipefsevent, which was related to the registration of nfsdnetid using...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: atm: The atmdevmutex is released after removing procfs in atmdevderegister. syzbot reported a warning during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicate device throu...