8100 matches found
Astra Linux - уязвимость в python-django
The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A flaw was discovered in KVM. When calling the KVMGETDEBUGREGS ioctl on 32-bit systems, there might be uninitialized portions of the kvm Debugregs structure that could be copied into user space, resulting in an information leak...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: sched/debug: The issue of dentry leaks during the updatescheddomain Debugfs operation has been fixed. Kuyo reports that the pattern of using DebugfsRemoveDebugfsLookup causes a dentry leak. With a hot-plug stress test, the machin...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger soft lockups, especially with DEBUG features like KASAN. 253.536212 watchdog: BUG: soft lockup - CPU64 stuck for 26s!...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: core: The /proc/scsi/$procname directory was removed earlier. Removing this directory helps to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid use-after-free in ext4extshowleaf In ext4findextent, the path may be freed by an error or reallocated. Therefore, using a previously saved ppath may have been freed, thereby potentially triggering a use-after-free, as...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: idpf: fixed checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb when the transport header is not yet set. This triggers the following warning in builds with CONFIGDEBUGNET=y:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel 2. I think its clear from the code that the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Don't call kcalloc if size arg is zero If the size arg to kcalloc is zero, it returns ZEROSIZEPTR. Because of that, for a following NULL pointer check to work on the returned pointer, kcalloc must not be called...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioedgeport: fix use after free in debug printk The "devdbg&urb-dev-dev, ..." which happens after usbfreeurburb is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmapregion error path behaviour The mmapregion function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other...
Astra Linux - уязвимость в linux-5.15, linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefskernel,clientdebuginit When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 size 2048: comm "insmod", pid 783, jiffies 4294813439 a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: afs: Fixed a potential null pointer dereferencing in afaPutServer. afaPutServer accesses server-debugid before a NULL check is performed, which could lead to a null pointer dereferencing. The assignment of debugid has been mov...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskbpullreason syzkaller builds CONFIGDEBUGNET=y frequently trigger a debug hint in pskbmaypull. We'd like to retain this debug check because it might hint at integer overflows and other issues kernel code...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: FireWire: OHCI: Masking of bus reset interrupts between ISR and the bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt occurs, the interrupts related to bus reset are masked until busresetwork processes...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with the guest value only before entering the .vcpurun loop. The conditional loading of hardware DR6 with the guest’s DR6 value is moved out of the core .vcpurun loop to fix a bug where KVM may load hardware wi...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mm/debugvmpgtable: clear page table entries at destroyargs The mm/debugvmpagetable test allocates manually page table entries for the tests it runs, using also its manually allocated mmstruct. That in itself is ok, but when it...