9212 matches found
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: virtionet: Fixed an issue with error unwinding of XDP initialization. When initializing XDP in virtnetopen, some rq xdp initializations may encounter errors, resulting in failed network device openings. However, previous rqs have...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fixed a use-after-free bug in qediremove. In qediprobe, we call qediprobe, which initializes &qedi-recoverywork with qedirecoveryhandler and &qedi-boarddisablework with qediboarddisablework. When...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mac80211: Fixed an underflow in staticbranchdec for aqldisable. syzbot reported an underflow in staticbranchdec in aqlenablewrite. 0 The issue arises because aqlenablewrite does not serialize concurrent write operations ...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Thermal: Intel: HFI – Added syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remain...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use versions of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, deactivate /gfx which is enabled by default; instead,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: A missing clkdisableunprepare call was added to intelethpciremove. The commit 09f012e64e4b “stmmac: intel: Fix clock handling on error and remove paths” removed this clkdisableunprepare call. This issue was partial...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Added an atomiccheck to bridge operations. In the DRM committails function, if both conditions for disabling the downstream crtc/encoder/bridge are required, and crtc-active is set before pushing a new frame downstrea...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook. The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.38081...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: mvxorv2: Fixed a resource leak in mvxorv2remove. The call to clkprepareenable in the probe function is not balanced by a corresponding clkdisableunprepare call in the remove function. A missing call needs to be added...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a race condition between quota rescan and disabling quotas, which could lead to a NULL pointer derefrence. If one task attempts to start the quota rescan worker while another task attempts to disable quotas, we can e...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Added functions to register and unregister callback functions for the vblank register. We encountered a kernel panic issue where callback data would become NULL when used in the ovl irq handler. There is a timing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable from mtkiommuremove. After the commit b34ea31fe013 “iommu/mediatek: Always enable the clk on resume”, the iommu clock is controlled by the runtime callback. Therefore, the clkdisable function is...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ila: blocking BH in ilaoutput As explained in commit 1378817486d6 “tipc: blocking BH before using dstcache”, the net/core/dstcache.c helper functions need to be called with blocking BH disabled. ilaoutput is called from...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Freeing qvectors before queues in iavfdisablevf. The iavffreequeues function clears adapter-numactivequeues, which iavffreeqvectors relies on. Therefore, the order of these two function calls in iavfdisablevf needs to be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid using GFPKERNEL in an atomic context. Using GFPKERNEL in a preemption-disabled context may cause the following warning when CONFIGDEBUGATOMICSLEEP is enabled. 32.542271 BUG: A sleeping function was called from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fixed the NULL crash caused by the shrinker function when cgroupdisable=memory is set. Christian reported a NULL dereference in zswap; he was able to trace the issue back to the zswap shrinker function. This issue also...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...