Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When the Universal DVB card is being detached, netupunidvbdmafini uses deltimer to stop the dma-timeout timer. However, when the timer handler netupunidvb DMAtimeout is running,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cnic: Fixed use-after-free bugs in cnicdeletetask. The original code used canceldelayedwork in cniccmstopbnx2xHW, which does not guarantee that the delayed work item “deletetask” has fully completed if it was already running...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: spi: fixed null pointer dereference within spisync. If spisync is called with a non-empty queue and the same spimessage is reused, the complete callback for the message remains set while the context is cleared. This leads to a nu...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: The disruptive netifwakequeue function in rtl8150setmulticast has been removed. The syzbot reported a WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that led to the warning: c rtl8150startxm...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: removed one synchronizenet call from ipv6mcdown. As discussed in previous discussions commit 2d3916f31891 “ipv6: fix skb drops in igmp6eventquery and igmp6eventreport”, the synchronizenet call in ipv6mcdown is not...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fixed a leak in devfreqdevrelease. The srcuinitnotifierhead function allocates resources that need to be released using a srcucleanupnotifierhead call. Reported by kmemleak...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a race condition involving the unreferencing of the vram buffer in the svm code. The unreferencing of prange-svmbo can occur both in the mmu callback and in a callback after migrating to system RAM. Both are...

Astra Linux - уязвимость в firefox

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox 133 and Thunderbird 133...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: Bridge: MST: Fix for vlan use-after-free The syzbot reported a suspicious RCU usage1 in the MST code of the bridge. While fixing this issue, I noticed that nothing prevents vlan data from being freed while walking the list...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a possible use-after-free issue in ftracelocation. KASAN reports a bug: - Bug: In KASAN, there is a use-after-free in ftracelocation+0x90/0x120. A 8-byte read at address ffff888141d40010 was performed by the task...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Created a persistent INTx handler There exists a vulnerability where the eventfd for INTx signaling can be deconfigured. This causes the IRQ handler to be unregistered, but it still allows eventfds to be signaled with a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: The issue of null-ptr-deref in reuseportaddsock has been fixed. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. The repro first creates a listener with SOREUSEPORT. Then, it create...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed a deadlock in the tc route query code The cited commit caused a ABBA deadlock0 when peer flows were created while holding the devcom rw semaphore. Due to the peer flow offload implementation, the lock is taken...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU NBD Server. This vulnerability allows for a Denial-of-Service DoS attack through improper synchronization during socket closure, where a client keeps a socket open while the server is offline...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Delay all operations related to ath9kwmieventtasklet until initialization is complete. The ath9kwmieventtasklet function used in ath9khtc assumes that all data structures have been fully initialized by the time it...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared The MMU context should be immediately reset when the SMM flag of the vCPU is cleared, so that the SMM flag in the MMU context is always synchronized with th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Added a synchronization step after creating a vram block. Data corruption will occur on vrams allocated by svm if the initialization is not complete and an application writes to the memory. Adding a synchronization st...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use the device rbtree in the iopf reporting path. The existing I/O page fault handler currently locates the PCI device by calling pcigetdomainbusandslot. This function searches the list of all PCI devices until the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat complex history. The synchronization mechanism was introduced in commit 7dbd8f4cabd9...