524042 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netrom: Fixed a memory leak in nrsendmsg. syzbot reported a memory leak 1. When the function sockallocsendskb returns NULL in nroutput, the original skb is not freed. This skb was allocated in nrsendmsg. This issue was fixed b...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fixed a race condition between concurrent call paths that invoke dwc3removerequests. This patch addresses a race condition caused by unsynchronized execution of multiple call paths that invoke dwc3removerequests, leadi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handled NULL policy in longhaulexit The longhaulexit function was calling cpufreqcpuget0 without checking for a NULL policy pointer. On some systems, this could lead to a NULL derefrence and a kernel warning or...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: A crash occurred due to dereferencing an uninitialized pointer. Since commit 7d5e9737efda “net: rfkill: gpio: getting the name and type from device property”, the rfkillfindtype function is called with the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: hwrng: ks-sa – fix division by zero in kssarnginit The issue of division by zero in kssarnginit was caused by missing clock pointer initialization. The clkgetrate function calls are performed on an uninitialized clk pointer,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker – fixed potential out-of-bounds access issues. In the pegasusnotetaker driver, the pegasusprobe function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove the class from the active list before deleting it in etsqdiscchange. The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. This causes a Use-After-Freeze UAF error on the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers, so the max3421hcd-spithread pointer can be either an error pointer or NULL. Check both cases before...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed xattr-related buffer overflow issues… Willy Tarreau forwarded me a message from Disclosure , containing the following warning: The helper function xattrkey uses the pointer variable in the loop condition, rather...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fixed a memory leak in mt7615mcuwtblstaadd. In mt7615mcuwtblstaadd, an skb object named sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cnic: Fixed use-after-free bugs in cnicdeletetask. The original code used canceldelayedwork in cniccmstopbnx2xHW, which does not guarantee that the delayed work item “deletetask” has fully completed if it was already running...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: netpoll: Fix incorrect refcount handling causing improper cleanup The commit efa95b01da18 “netpoll: fix use after free” incorrectly ignored the refcount and prematurely set dev-npinfo to NULL during netpoll cleanup,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed a crash that occurred during the transportportremove function, by using iocinfo. During this function, messages were logged via devprintk regarding &mpt3sasport-port-dev. At this point, the SAS transport devi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fixed integer overflow in sample size validation The wavefrontsendsample function has a problem with integer overflow when validating sample size. The header-size field is of type u32, but it is cast to int for...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, resulting in a UAF and system crash. The driver does no...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: i40e: added validation for the ringlen parameter. The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this issue, a upper boundar...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...
Astra Linux – Vulnerability in python-webob
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user will be redirected to using Python’s urlparse function, and joining that parsed URL to the base URL. However, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: crypto: afalg – Fixed an issue where initialisation was missing, affecting gcm-aes-s390. Fixed the afalgallocareq function to initialize areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl...