Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A NULL pointer dereference occurred in amdgpudmconnectoraddcommonmodes. In amdgpudmconnectoraddcommonmodes, amdgpudmcreatecommonmode assigns mode to mode, and mode is directly passed to drmmodeprobedadd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check on the callback function pointer before its call. In dpucoreirqcallbackhandler, the pointer pointing to the callback function is checked to be NULL. However, the callback function is then called...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/rtas: Keep MSRRI set when calling RTAS. RTAS runs in real mode MSRDR and MSRIR unset and in 32-bit big-endian mode MSRSF,LE unset. The change in MSR is performed in enterrtas, in a relatively complex manner, since the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: The risk of out-of-memory access has been prevented. The dvbdev module contains a static variable used to store dvb minors. Its behavior depends on whether CONFIGDVBDYNAMICMINORS is set or not. When it is not set,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: Fix for a potential overflow in amufiesetup. The function cpufreqgetHWmaxfreq returns the maximum frequency in kHz as an unsigned int. However, the function freqinvsetmaxratio receives this frequency in Hz as an...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the potential NULL-ptr-dereference issue. The indevget function may return NULL, which could lead to a failure when the idev variable is dereferenced in indevforeachifartnl. This patch adds a check for a NULL...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel – Added error handling for dmamapsg calls The Macro dmamapsg may return 0 in the event of an error. This patch enables checks in case of a macro failure and ensures that previously mapped buffers are unmapped usi...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: protection against NULL references from qediovgetVFInfo. We must ensure that the information returned by the helper function is valid before using it. This issue was detected by the Linux Verification Center...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeedudc: validate endpoint index for ast udc We should verify the binding of the array to ensure that the host cannot manipulate the index to point beyond the endpoint array. This issue was identified through a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vmci: Speculation leaks were prevented by sanitizing the eventdata parameter in the eventdeliver function. Coverity identified that the eventmsg is controlled by user-space. The eventmsg-eventdata.event is passed to eventdeliver...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound access in addsecretdacpath The sndhdagetconnections function may return a negative error code. This could lead to accessing the ‘conn’ array at a negative index. This issue was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tools/powerturbostat: Fixed the file pointer leak. Currently, if the fscanf function fails, an early return causes a leak of the open file pointer. This issue was fixed by closing the file before the return statement. This issue...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in UMA in Google Chrome prior to version 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check within the loop body of unflattendtnodes. This could lead to an...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the acdirmax mount option. The user-provided mount parameter acdirmax, of type u32, is intended to have an upper limit. However, before it is validated, the value is converte...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fixed the issue where corrupted pointer deletion occurred in cases of region creation failures. In cases where region creation fails in ipcdevlinkcreateregion, the previously created regions are deleted using a...

MAL-2026-3309 Malicious code in google-cloud-secret-manager-config-poc (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

Malicious code in internal-company-module-test-1337 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9 The package internal-company-module-test-1337 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3297 Malicious code in ally-call-wait-time (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20246193f2fbde13a2dccd6325c1d46a7fec7e8491b4df3ae6fefa85eff99bbf The package ally-call-wait-time was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3294 Malicious code in ally-allowlist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a086e259ec0972dac4c5fa5c2e204b09c2158df4e01326321b84676837b85be9 The package ally-allowlist was found to contain malicious code. Source: ossf-package-analysis...