Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: cxl/acpi: Fixed a use-after-free in cxlparsecfmws KASAN and KFENCE detected a use-after-free in the CXL driver. This occurs in the cxldecoderadd function’s failure path. KASAN prints the following error: BUG: KASAN:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fixed the error handling logic in ptcoreinit In order to properly free resources during the error handling logic of ptcoreinit, two goto statements need to be changed. Otherwise, some resources may be leaked, an...

SUSE CVE-2023-53479

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxlparsecfmws KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxldecoderadd fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in...

SUSE CVE-2025-38240

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...

CVE-2025-38240 drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...

SUSE CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSI domain will be missing, which causes a NULL pointer dereference in msicreatedeviceirqdomain. Avoi...

AZL-54842 CVE-2024-56657 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

UBUNTU-CVE-2024-56657

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

UBUNTU-CVE-2021-47122

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caifdevicenotify In case of caifenrolldev fail, allocated linksupport won't be assigned to the corresponding structure. So simply free allocated pointer in case of error...

SUSE CVE-2021-46995

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfdprobe: fix an error pointer dereference in probe When we converted this code to use deverrprobe we accidentally removed a return. It means that if devmclkget it will lead to an Oops when we call clkgetrat...

UBUNTU-CVE-2021-46995

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfdprobe: fix an error pointer dereference in probe When we converted this code to use deverrprobe we accidentally removed a return. It means that if devmclkget it will lead to an Oops when we call clkgetrat...

GHSA-P9P4-97G9-WCRH Dev error stack trace leaking into prod in Play Framework

Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its DefaultHttpErrorHandler to do so based on the application mode. In its Scala API Play also provides a static object DefaultHttpErrorHandler...