Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: ipw2200: fixed a memory leak in ipwwdevinit. In the error handling path of ipwwdevinit, an exception value is returned, and the memory allocated for this function is not released. Additionally, the memory is not released in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: now returns ERRPTR instead of NULL when there is no link. hciconnectsco currently returns NULL when there is no link i.e., when hciconnlink returns NULL. scoconnect expects ERRPTR in case of any error see...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: added retry logic in net6rtnotify inet6rtnotify can only be called under RCU protection. This means that the route may be changed concurrently, and rt6fillnode may return -EMSGSIZE. Resize the skb when this occurs and...

Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: corrected the error logic for writing back the IFLABRIDGEFLAGS flags. In the commit d73ef2d69c0d “rtnetlink: added support for rtnlbridgesetlink checks of IFLABRIDGEMODE length”, an adjustment was made to the old loop...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: The calling convention for prepslavesg has been corrected. The calling convention for prepslavesg requires returning NULL in case of an error, along with providing an error log to the system. However, qcom-ad...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nftables: nftdynset: fixed a possible stateful expression memory leak in the error path. If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups. Oliver reported that the x86pmudel function actually performed an out-of-bound memory access when groupschedin failed and needed to be rolled back. This issue should be handled by the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed the exception exit lock checking for subprogs. The processbpfexitfull function passes checklock = !curframe to checkresourceleak, which results in a false negative in cases where bpfthrow is called from a static...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: A resource leak was fixed in the error handling path. The call dspirequestdma should be undone by a call to dspireleasedma in the error handling path of the probe function, as already done in the remove functio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000: added the missing unregisternetdev function in wilcnetdevifcinit. The fault injection test reports this issue as follows: Kernel BUG at net/core/dev.c:10731! Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI Call trace...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL. Other functions such as mipidbipoweronconditional only perform a NULL pointer check; otherwise, they will...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: Fixed a possible name leak in rioregistermport. If deviceregister returns an error, the name allocated by devsetname needs to be freed. This should be done using putdevice, so that the reference in the error path is...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: misc: pciendpointtest: Free IRQs before removing the device. In the pciendpointtestremove function, freeing the IRQs after removing the device creates a small race window during the test process. This allows IRQs to be received b...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Driver Core: Fixed a resource leak in deviceadd. When kobjectadd fails in deviceadd, it will call cleanupgluedir to free resources. However, in kobjectadd, dev-kobj.parent has been set to NULL. This will cause a resource leak. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: Error handling in atatdevadd was fixed. In atatdevadd, the return value of transportadddevice is not checked. As a result, a nullptrderef exception occurs when removing the module. This happens because...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlMemStrdup function in the Libxml2 library is related to pointer manipulation errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out-of-order buffer completion, it means we are encountering a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to “Unset the parent pointer for all rate objects”. However, it only calls the driver-specific rateleafparentset or...

Astra Linux - уязвимость в exiv2

There is a out-of-bounds read in the Exiv2::MrwImage::readMetadata method in mrwimage.cpp, within Exiv2 from version 0.27.2 onwards...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fixed the nullptrderef bug in the buf prepare and finish steps. When the driver calls tw68riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer buf-cpu. Late...