python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: wfx – fixed an error handling issue in wfxinitcommon. One error handler of wfxinitcommon returns without calling ieee80211freehwhw, which could lead to a memory leak. I have also added an error label to unify the error...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Improved error handling for ext4dirhash The ext4dirhash function almost never fails, especially since the “hash tree” feature was first introduced. However, with the addition of support for encrypted, case-folded file names...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: r6040: Fixed the kmemleak in the probe function and removed it. There is a memory leak reported by kmemleak: - Unreferenced object 0xffff888116111000 size 2048: comm “modprobe”, pid 817, jiffies 4294759745 age 76.502s Hex dump...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pm33xx: The refcount leak in am33xxpmprobe has been fixed. wkupm3ipcget takes a reference count, which should be released by wkupm3ipcput. Add the necessary refcount release in the error-prone paths...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fixed the use of the pointer offset in errorstateread. This fix addresses the issue where, when there is no i915gpucoredump but the buf offset is non-zero, a kernel page fault may occur. This issue occurs when...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Define actions for the new timedeleg FATTR4 attributes. NFSv4 clients will not send legitimate GETATTR requests for these new attributes, as they are intended to be used only with CBGETATTR and SETATTR. However, NFSD mus...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: clk-imxrt1050 – a memory leak was fixed in imxrt1050clocksprobe. Use devmofiomap instead of ofiomap to automatically handle the unused ioremap regions. If any errors occur, the memory allocated by kzalloc may leak;...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ACPICA: Added the AMLNOOPERANDRESOLVE flag to the Timer instruction. ACPICA commit ID: 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no arguments are required to be passed for the ASL...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: md/raid5: Unnecessary bioput calls in raid5readonechunk have been removed. When performing chunk-sized reads on disks with badblocks, it was observed that calls to biofree and bioput were duplicated...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, such as zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, the function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosusbpdnotify: Fixed error handling in crosusbpdnotifyinit The following warning message was given when using rmmod crosusbpdnotify: Unexpected driver unregistration! Warning: CPU: 0 PID: 253 at...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: Fixed the sleeping function called from an invalid context. The driver can call the card-isac.release function from an atomic context. This issue was fixed by calling this function after releasing the lock. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Handle lock during peerid find The ath12kpeerfindbyid function requires that the caller holds the ab-baselock. Currently, the WBM error path does not hold the lock, and calling that function leads to the following...

Astra Linux - уязвимость в protobuf

Dereferencing a null pointer when a null char is present in a prototype symbol. The symbol is parsed incorrectly, resulting in an unchecked call into the name of the prototype file during the generation of the resulting error message. Since the symbol is incorrectly parsed, the file value is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: Buffer: Fixed error handling related to files in IIOBUFFERGETFDIOCTL. If we fail to copy the newly created file descriptor to userland, we try to clean it up by returning the ‘fd’ and freeing the ‘ib’. The code uses...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed the issue of null pointer dereferencing on the pointer csdesc. The pointer csdesc is returned from sndusbfindclocksource; this pointer may be null, resulting in a potential null pointer dereferencing issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/arm-cmn: Unsupported hardware configurations are now rejected. So far, we have been fairly lenient in accepting both unknown CMN models at least with a warning, as well as unknown versions of those models that we do know...