4226 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ACPI: Fix NULL pointer dereferencing Commit 71f642833284 “ACPI: utils: Fix reference counting in foreachacpidevmatch” began handling the situation where “acpidevput” was called on a pointer that might be NULL. This approach fails...
Astra Linux - уязвимость в linux-5.15
rpmsgvirtioaddctrldev in drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel before 5.18.4 has a double free...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: cxl/acpi: Fixed a use-after-free in cxlparsecfmws KASAN and KFENCE detected a use-after-free in the CXL driver. This occurs in the cxldecoderadd function’s failure path. KASAN prints the following error: BUG: KASAN:...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmdcfgpkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fixed the issue of dereferencing an uninitialized error pointer. Fixed the warnings related to smatch. drivers/crypto/ccp/sev-dev.c:1312 sevplatforminitlocked Error: We previously assumed that ‘error’ could be null...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we may leak nvmem-wpgpio because the cleanup does not handle it properly. While a minimal fix would be to add the gpiodput call, we can do better by splitting...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: dm: fixed a use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses a queue, so it must be called before blkcleanupdisk starts its execution: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdwrtsdcajackcommon: ctx-headsetcodecdev = NULL sofsdwrtsdcajackexit are used by different codecs, and some of them use the same dai name. For example, rt712 and rt713 both use "rt712-sdca-aif1" and...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioedgeport: fix use after free in debug printk The "devdbg&urb-dev-dev, ..." which happens after usbfreeurburb is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid...
Astra Linux - уязвимость в linux-5.15, linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if devsetname fails When devsetname fails, zcdncreate doesn't free the newly allocated resources. Do it...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: macsec: Fixed the UAF bug related to realdev. A new macsec device was created, but there was no reference to realdev. This does not ensure that realdev is freed after the macsec device is removed. This will trigger the UAF bug...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC syzbot/KCSAN reported data-races in brhandleframefinish 1 This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEVSTATSINC to update dev-stats fields. Handles updates to...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev-id value comes from idaalloc so it's a number between zero and INTMAX. If it's too high then these sprintfs will overflow...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: prevented possible NULL dereference in rt6probe syzbot detected a NULL dereference in rt6probe 1 Escape if in6devget returns NULL. 1 Oops: general protection fault, likely due to an invalid address 0xdffffc00000000cb: 00...