Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed a use-after-free in freenetdev. We perform netifnapiadd for all allocated qvectors, but potentially also perform netifnapidel for some of them. Then, we call kfree on the qvectors, leaving invalid pointers in...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: removed BUGON functions in addnewfreespace In addnewfreespace, there are BUGON functions that are used to handle any failures in adding free space to the in-memory free space cache. Such failures are mostly due to ENOME...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for defragmentation path triggering jbd2 assertion. Code paths: - ocfs2ioctlmoveextents - ocfs2moveextents - ocfs2defragextent - ocfs2moveextent - + ocfs2journalaccessdi - + ocfs2splitextent // Sub-path calls...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: udf: Fixed a slab-out-of-bounds write bug in udffindentry Syzbot reported a slab-out-of-bounds Write bug: loop0: A capacity change from 0 to 2048 was detected. ==================================================================...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In ext4, the work related to queued discard operations is always drained in ext4mbrelease. While reviewing the recent ext4 patch1, Sashiko raised the following concern2: If the filesystem is initially mounted with the discard...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vhost: moved the bound check for vdpa group to vhostvdpa. Duplications have been removed by consolidating them here. This reduces the possibility that a parent driver may miss them. Additionally, we’ve fixed a bug in vdpasim,...

Astra Linux - уязвимость в squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack targeting all clients using the proxy through HTTP Range request processing...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: The “overzealous” bug has been fixed in osdmapapplyincremental. If the osdmap is maliciously corrupted, causing the incremental osdmap epoch to differ from what is expected, there is no need to report a bug. Instead,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: soundwire: Reverted “soundwire: qcom: Add setchannelmap API support”. This reversion is associated with commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch caused issues with Dragonboard 845c sdm845. The issues include...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix the buffer size in sps30i2creadmeas The value of sizeofnum is evaluated as sizeofsizet 8 bytes on 64-bit systems, instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: riscv: The issue with the handling of SRSPIE set/clear operations during uprobe has been fixed. In riscv, the process of uprobe involves clearing the SPIE before executing the original instruction, and setting the SPIE after...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbSegment, Call zero-copy functions before using skbuff fragments The commit bf5c25d60861 added the call to zero-copy functions in skbSegment. This change introduced a bug in skbSegment, as skborphanfrags may potentially...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Do not swap the cpubuffer during the resize process When the ringbufferswapcpu function is called during the resize process, the cpubuffer is swapped in the middle, resulting in an incorrect state. Continuing to run ...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda: Fixed an error related to surround channel names in version 9.1. The getlineoutpfx function may trigger an error due to overflowing a static array with more than 8 channels. This issue was reported on MacBookPro 12....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Protection against accessing NULL pt regs in bpfgettaskstack The taskptregs function can return NULL on the powerpc architecture for kernel threads. This NULL value is then used in bpfgetstack to check for the user mode...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a bug in extent parsing when ehentries == 0 and ehdepth 0. When traversing inode extents, the ext4extbinsearchidx function assumes that the extent header has been validated previously. However, there are no checks ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: Stop checking the validity of op-maxfreq in the supportsop callback. In commit 13529647743d9 “spi: microchip-core-qspi: Support frequency switches per spi-memory operation”, the logic for checking the...

Astra Linux - уязвимость в chromium

Before version 91.0.4472.77, TabStrip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write through a crafted HTML page...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fixed a NULL pointer dereferencing in zynqqspiexecmemop. In zynqqspiexecmemop, kzalloc is directly used in memset, which could lead to a NULL pointer dereferencing if kzalloc fails. This bug was identified by ...