8392 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Binder: A check for offset alignment was added in bindergetobject. The commit 6d98eb95b450 “Binder: avoid potential data leakage when copying txn” introduced changes to the way binder objects are copied. As a result, an offset...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed missing xasretry calls during xarray iteration. netfslib has several places where it performs iteration of an xarray while being under the RCU read lock. It should call xasretry as the first step inside the loop,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed a memory leak in vmwmksstataddioctl If the copy of the description string from user space fails, then the page containing the instance descriptor does not get freed before returning -EFAULT, resulting in a memor...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftexprtypeget. The function nftunregisterexpr can occur concurrently with nftexprtypeget. There is no protection when iterating over the nftablesexpressions list in...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed a use-after-free in acpiutcopyipackagetoipackage. There is a use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Reading of size 1 at addr ffff888112afc460 by task...
Astra Linux - уязвимость в docker.io
Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In 64-bit versions of the Linux kernel, Copyfromuser does not implement uaccessbeginnospec, which allows a user to bypass the “accessok” check and pass a kernel pointer to copyfromuser. This would enable an attacker to leak sensitive information. We recommend upgrading beyond commit...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The payload size has been sanitized to prevent member overflow. In functions qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by the firmware is used to calculate the copy length for the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF in bindersnetlinkreport. Oneway transactions sent to frozen targets via bindersproctransaction return an BRTRANSACTIONPENDINGFROZEN error, but they are still treated as successful since the target is expected ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fixed an overflow issue within virtnetrqalloc. When a fragment receives a single page, it may lead to regressions in the virtual machine. This issue is particularly significant if the sysctl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the ice module, the value of fragsize in the XDP RxQ information has been updated from the DMA write length to xdp.framesz. The only user of the fragsize field in the XDP RxQ information is bpfxdpfragsincreasetail. This functi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ovl: Fixed a NULL pointer dereference issue in the copy-up warning message. This patch addresses a NULL pointer dereference that caused a recently introduced warning message to fail...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: rcu: Safe dumping of vmalloc memory information Currently, for the double invoke callrcu, the memory information of rcuhead objects will be dumped. If these objects are not allocated using the slab allocator, the vmallocdumpob...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/dwcpcie: fixed duplicate PCIDEV devices. During the platformdeviceregister function, the incorrect use of structdevice as platformdata resulted in a kmemdup operation on the PCIDEV device. Even worse, accessing the...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed a memory leak when insertoldidx failed. The following process may cause a memory leak for the copied znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: raw: Fixed NULL dereference in rawgetnext. Da R. Jeong reported a NULL dereference in rawgetnext. It seems that the repro was running these sequences in parallel, causing one thread to iterate on a socket that was being freed ...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/hsr: A NULL pointer dereference was fixed in prpgetuntaggedframe. prpgetuntaggedframe calls pskbcopy to create frame-skbstd, but does not check whether the allocation fails. If pskbcopy returns NULL, skbclone is called with a...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fixed the crash issue for the zero copy XDPTX action. There is a crash issue when running the zero copy XDPTX action. The crash log is as follows: 216.122464 Unable to handle the kernel paging request at the virtual...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed string copying in parseapplysbmountoptions. The strnlen function cannot be used to copy a non-NUL-terminated string into a NUL-terminated string of possibly larger size. Commit 0efc5990bca5 “string.h: Introduce memtos...