Astra Linux - уязвимость в golang-1.19

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Moreover, the error string is created through repeated string concatenation, resulting in quadratic runtime. Therefore, a certificate provided by a malicious actor can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Fixed an error in parsing OOB read responses for symlinks. When a CREATE command results in a STATUSSTOPPEDONSYMLINK status code, the smb2checkmessage function returns a success status without performing any lengt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fixed the issue where NULL was compared with ISERR. The devmkzalloc function does not return error pointers; it returns NULL in case of an error. The check has been updated to match this behavior...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fixed an error handling path in cm3605probe. The commit in “Fixes” also introduced a new error handling path, which should be set to the existing one. Otherwise, some resources may be leaked...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axonmsi: Fixed the refcount leak in setupmsimsgaddress. In the function ofgetnextparent, a node pointer is returned with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Added an...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed a memory leak in the error flow for the subscribe event routine. In the event that the second xainsert function fails, the objevent object is not released. This issue has been fixed by correcting the error...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/vma: Fixed a memory leak in mmapregion. The commit 605f6586ecf7 “mm/vma: No memory leak occurs when .mmapprepare swaps the file” handled the success case by skipping the getfile call via filedoesntneedget, but missed the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: 'intelth': Fixed a resource leak in the error handling path. If an error occurs after calling 'pciallocirqvectors', 'pcifreeirqvectors' must be called, as already done in the remove function...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: fsl: Fixed a reference count leak in imxsgtl5000probe. The function offindi2cdevicebynode takes a reference; in error-prone paths, we should call putdevice to release that reference, thereby avoiding a reference...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fixed a resource leak in the error handling path. The error handling path of mpc52xxlpbfifoprobe contains a requestirq call that is not balanced by a corresponding freeirq call. The missing calls have been added, ju...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After a device is initialized using deviceinitialize, or its name is set using devsetname, the device must be freed using putdevice. Otherwise, the device name will be leaked becaus...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: phy: phy-tahvo: fixed a memory leak in tahvousbprobe Suggestions: drivers/usb/phy/phy-tahvo.c: tahvousbprobe Warning: Missing unwind goto? After obtaining the irq, if ret 0, it will return without error handling, freeing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fixed the error message. Since committing the patch 79a6d1bfe114 “can: gsusb: gsusbreceivebulkcallback: error in usbsubmiturb, a failed resubmit operation will print an information message”, ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Error handling in slot reset has been fixed. If the device does not recover after the slot reset is called, it proceeds to the out label for error handling. There, it may make decisions based on uninitialized hive...

Astra Linux - уязвимость в dcmtk

DCMTK through version 3.6.6 does not handle memory deallocation properly. The malloc function allocates heap memory for data parsing, but does not deallocate that memory when there are errors in parsing. Sending specific requests to the dcmqrdb program leads to memory leaks. An attacker can use...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - bus: mhi: core: Fixed an invalid error that was returned in mhiqueue. - mhiqueue returns an error when the doorbell is not accessible in the current state. This can occur when the device is in a non-M0 state, such as M3, and...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Tracing/histogram: Fixed a potential memory leak in kstrdup. The kfree function is not called in the error path, resulting in the memory allocated by kstrdup not being freed properly. p = param = kstrdupdata-paramsi, GFPKERNEL...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path The commit 7c75bde329d7 “usb: musb: musbdsps: requestirq after initializing musb” has corrected the calls to dspssetupoptionalvbusirq and dspscreatemusbpdev, but it did not update the err...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: media: staging/intel-ipu3: Fixed error handling for setfmt. If an error occurs during the setfmt operation, do not overwrite the previous sizes with the invalid configuration. Without this patch, v4l2-compliance will end up...