Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the issue of reading from a negative array index. Avoid using negative values for clkidex as an index into the array pptable-DpmDescriptor. V2: Fixed the return check for clkindex by Tim Huang...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: Fixed the logic for accounting bulk flows in order to ensure host fairness. In schcake, we keep track of the number of active bulk flows per host. This is done when running in the dst/src host fairness mode, which...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: added a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative during the next assignment, and we should take appropriate measures to avoi...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fixed a potential out-of-bounds error in ucsiccgupdatesetnewcamcmd The "cmd" variable can be controlled by the user via debugfs. This means that "newcam" can be as high as 255, while the size of the uc-updated array i...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fixed multiple UBSAN array-index-out-of-bounds issues. Fixed UBSAN warnings that occur when using a system with 32 physical CPU cores or more, or when the user defines a number of Ethernet queues that is greater than or...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix for out-of-bound access when a valid event group is used. The perf tool allows users to create event groups using the cmd 1, but the driver does not check whether the array index is out of bounds whe...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: x86-android-tablets: Fixed errors related to use of pdevs after the free function is called via platformdeviceregister. The x86androidtabletremove function frees the pdevs array; therefore, it should not be used...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix for an offset of one in ep93xxdivrecalcrate. The psc-div array contains psc-numdiv elements. These values are derived from when we call clkhwregisterdiv. The size of these values is determined by...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The issue of protecting the fetch of -fdfd in dodup2 from mispredictions has been addressed. Both callers have ensured that fd is not greater than -maxfds; however, a misprediction might still lead to the speculative execution of...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fixed an invalid progarray access in perfeventdetachbpfprog Syzbot reported a crash that occurs in the following tracing scenario: - Create a tracepoint with attr.inherit=1, attach it to the process, and set the BPF...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: panasonic-laptop: Fixed out-of-bounds accesses to the SINF array. The panasonic laptop code in various places uses the SINF array with index values ranging from 0 to SINFCURBRIGHT0x0d, without checking whether the...

PT-2025-6666 · Intel · Fpga Support Package For The Intel Oneapi Dpc++/C++ Compiler

Name of the Vulnerable Software and Affected Versions: FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler software for Windows versions prior to 2024.2 Description: The issue is related to an uncontrolled search path in the FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges. Details Denial of Service DoS describes a family of...

Denial of Service (DoS)

Overview org.jruby:jruby-stdlib is a JRuby Lib Setup package. Affected versions of this package are vulnerable to Denial of Service DoS through the response parser which uses Rangetoa to convert the uid-set data into arrays of integers, without limitations on the expanded size of the ranges...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46818)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46818 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpioid before use...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42301)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42301 advisory. - In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of- bound...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46804)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46804 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check f...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50007)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50007 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array...

CLSA-2025-1738958068 Fix of 49 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test NAPISTATESCHED in pollonenapi CVE-url: https://ubuntu.com/security/CVE-2024-38597 - eth: sungem: remove .ndopollcontroller to...

CLSA-2025-1738853271 Fix of 54 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26595 - mlxsw: spectrumacltcam: Fix NULL pointer dereference in error path CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndopollcontroller optional - bonding: use netpollpolldev helper - netpoll: do not test...