Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: Better tracking of kernel sockets’ lifetimes While kernel sockets are destroyed during pernetoperations-exit, their freeing can be delayed due to any TX packets still held in qdisc or device queues. This occurs because of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: The erroneous “put” operation has been removed from the error path. The drmgemshmemmmap function does not have a reference in the error code path, resulting in the dma-buf shmem GEM object being freed...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: A UAF use-after-free error occurs during login when accessing the host’s IP address. If the iscsitcpr2tpoolalloc function fails during iscsiswtcpsessioncreate, the user space may access the host’s IP address. If t...

Astra Linux – Vulnerability in Qemu

QEMU prior to version 8.2.0 has an integer underflow issue, which can lead to a buffer overflow. This occurs due to a TI command, where a transfer length that is not a DMA transfer is processed, and the actual transfer length is shorter than the length of the available FIFO data. This issue arise...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a clamp function in scarlett2mixerctlput Ensured that the value passed to scarlett2mixerctlput is between 0 and SCARLETT2MIXERMAXVALUE, so that we do not attempt to access elements outside of...

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 has a heap buffer overflow issue in the H5Omtimenewencode function within H5Omtime.c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fixed the issue of null pointer dereferencing in ESI. ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is an optional feature, and UFS MCQ should...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoderhdmi: Fixed a reference count leak in mesonencoderhdmiinit. In the function ofgraphgetremotenode, the remote device nodepointer is returned with a incremented reference count. We should use ofnodeput on it after...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb:dwc3:st: fix probed platform device ref count on probe error path The probe function never performs any platform device allocation. Therefore, the error path “undoplatformdevalloc” is completely spurious. It simply reduces th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling in manacreatetxq/rxq’s NAPI cleanup Currently, the napidisable function is called during the cleanup of rxq and txq, even before napi is enabled and hrtimer is initialized. This causes kernel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Abrupt exit when failing to load firmware in pspinitcapmicrocode. In the function pspinitcapmicrocode, an abrupt exit should occur when attempting to load firmware fails; otherwise, it may lead to invalid memory acces...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed an issue with partial SETREGSET for the NTARMTAGGEDADDRCTRL register. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel. In the function printerioctl, there is an attempt to access a printerdev instance that has been deallocated. However, a use-after-free issue arises because the memory was previously freed by the gprinterfree function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: qcom: SCM: Fixed the missing read barrier in qcomscmgettzmempool. The commit 2e4955167ec5 “Firmware: qcom: SCM: Fixed scm and waitq completion variable initialization” introduced a write barrier in the probe function to...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. This function reads the namelength value directly from the input file without properly checking it. As a...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib: cpurmap: Avoid using the function after freeing entries in the rmap-obj array. When calling irqsetaffinitynotifier with NULL as the notify argument, it will cause the glue pointer in the corresponding array entry to be freed...

Astra Linux - Vulnerability in Golang-1.19

The ParseAddressList function improperly handles comments text within parentheses within display names. Since this contradicts conforming address parsers, it can lead to different trust decisions being made by programs that use different parsers...

Astra Linux – Vulnerability in yaml-cpp

The SingleDocParser::HandleFlowMap function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN issue may occur: BUG: KASAN: Out-of-bounds access in parseintegerlimit+0x103/0x130...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rvdso: In the vdsojointimens function, a NULL pointer was encountered when handling the vfork operation. The testing results are as follows in the kernel log: 6.838454 Unable to handle kernel access to user memory without uaccess...