Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Added functions to register and unregister callback functions for the vblank register. We encountered a kernel panic issue where callback data would become NULL when used in the ovl irq handler. There is a timing...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to be sent via devdbg in the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properly...

Astra Linux - уязвимость в assimp

A vulnerability exists in assimp v.5.4.3, allowing a local attacker to execute arbitrary code through the CallbackToLogRedirector function within the Assimp library...

Astra Linux - уязвимость в ansible

Ansible versions 2.9.x before 2.9.1, 2.8.x before 2.8.7, and 2.7.x before 2.7.15 do not respect the “nolog” flag set to True when using Sumologic and Splunk callback plugins to send task result events to collectors. This could lead to the disclosure and collection of sensitive data...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: do not use socpcmret on the .prepare callback. The commit 1f5664351410 states, “ASoC: lower the log severity when no backend DAIs are enabled for … Port.” This commit ignores the -EINVAL error message when using...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handling of the case where pmruntimeget fails in .remove. In the unlikely event that pmruntimeget disguised as pmruntimeresumeandget fails, the remove callback returns an error early. The problem with this is tha...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fixed the memory leak of efivarfsfsinfo in situations where the fscontext is being initialized. When processing mount options, efivarfs allocates efivarfsfsinfo sfi early during the initialization of the fscontext...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. The ainputsendinputevent function caches the channelcallback in a local variable and then uses it without synchronization. A concurrent closure of a channel can free or reinitialize the callback, resulting in an use-after-free...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Driver: soc: xilinx: fixed a memory leak in xlnxaddcbfornotifyevent. The kfree function should be called when memory fails to be allocated for cbdata in xlnxaddcbfornotifyevent. Otherwise, a memory leak will occur; therefore,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fixed hardware lockup issue when the first Rx endpoint request is made There is a possibility that the callback function for a request could be invoked from usbepqueue as shown in the call trace below, with missing cal...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: KVM: Do not dereference ops-destroy directly. The cleanup of a KVM device occurs through either of two callbacks: 1 destroy, called when the VM is being destroyed; 2 release, called when a device file descriptor is closed. Most K...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cpufreq: The exit callback is optional. The exit callback is optional, and it should not be called without first checking a valid pointer. Additionally, we must clear the freqtable pointer even if the exit callback is not present...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: s390/vfio-ap: fixed a memory leak in the vfioap device driver. The device release callback function calls the devgetdrvdata function to retrieve the pointer to the vfiomatrixdev object in order to free its memory. The problem ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: streamzap: Fixed a race condition between device disconnection and urb callback. Syzkaller has reported a general protection fault in the function irraweventstorewithfilter. This crash occurs due to a NULL pointer...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevention of use after freeing gicv2mgetfwnode. With ACPI enabled, the gicv2mgetfwnode function is registered with the PCI subsystem as pcimsigetfwnodecb. This function might be called during a PCI host bridge...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/sched: Fixed the leak caused by referencing the fence’s reference count. The lastscheduledfence variable leaks when an entity is being terminated, and the cleanup callback fails. The reference count of prev should be...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health during the shutdown callback. There is no point in performing recovery operations during device shutdown. If health-related tasks are initiated, one must wait until they are completed to avoid race...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed a possible use-after-free in the async command interface The mlx5cmdcleanupasyncctx function should only return after all its callback handlers are completed. Before this patch, there was a race between...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: fixed a hang issue in nfsd4shutdowncallback. If nfs4client is in the courtesy state, there is no point in sending the callback. This causes nfsd4shutdowncallback to hang, as clcbinflight is not set to 0. This hang lasts...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...