Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Preventing interrupt storms due to Host Controller Errors HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage during device plug/unplug scenarios on Android devices. HCE is checked in the xhciirq...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/arm-cmn: Unsupported hardware configurations are now rejected. So far, we have been fairly lenient in accepting both unknown CMN models at least with a warning, as well as unknown versions of those models that we do know...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: lan966x: Fixed the page pool leak in error paths. lan966xfdmarxalloc creates a page pool, but does not destroy it if the subsequent fdmaalloccoherent call fails, resulting in the page pool being leaked. Similarly,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: Do not perform irele after failing to perform iget in xfsattrirecoverwork. xlogrecoveryiget never sets @ip to a valid pointer if it returns an error; therefore, this irele will cause a dangling pointer. This issue has bee...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

Astra Linux - уязвимость в firefox, thunderbird

When calling JS::CheckRegExpSyntax, a syntax error may be set, resulting in the call to convertToRuntimeErrorAndClear. A path within the function might attempt to allocate memory when no memory is available, causing a newly created Out of Memory exception to be misinterpreted as a syntax error...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: Soundwire: Stream – Fixing a memory leak in the stream configuration error path When the stream configuration fails, the master runtime will release all slave runtimes from the slavertlist. However, at this point, the slave...

Astra Linux - уязвимость в texlive-bin

OpenDetex 2.8.5 has a Buffer Overflow issue in TexOpen, specifically in detex.l, due to an incorrect sprintf operation...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000: added the missing unregisternetdev function in wilcnetdevifcinit. The fault injection test reports this issue as follows: Kernel BUG at net/core/dev.c:10731! Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI Call trace...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: The inode is marked as “bad” as soon as an error is detected using the mienumattr function. The interface of the miEnumAttr function was extended by adding an additional parameter, struct ntfsinode ni. This allows the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the null pointer dereference issue. If SMU is disabled, during RAS initialization, there will be a null pointer dereference issue...

Astra Linux - уязвимость в u-boot

In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Some memory leaks have been fixed in the error handling code for logreplay. All error handling code leads to the out function, where many resources are freed. This issue is also addressed here, rather than through a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In the function htabmaplookupanddeletebatch, if htablockbucket returns -EBUSY, the operation proceeds to the next bucket. Moving to the next bucket may not only silently skip...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: EDAC/mc: Fixed the error path ordering in edacmcalloc. When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice, which will ultimately call the device’s release function. However, the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: caif: A memory leak has been fixed in cfctrllinkuprequest. When linktype is unknown, or kzalloc fails in cfctrllinkuprequest, pkt is not released. Add a release process to the error handling logic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: Fixed a panic that occurred during failed allocation of folio blocks. The commits 7e119cff9d0a „ocfs2: converting wpages to wfolios“ and 9a5e08652dc4b „ocfs2: using an array of folios instead of an array of pages“ fixed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that the tx-skbs always have the MPTCP extensions. Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. This results in a la...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devmregmapinitencx24j600 devmregmapinit may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection...