Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound access in addsecretdacpath The sndhdagetconnections function may return a negative error code. This could lead to accessing the ‘conn’ array at a negative index. This issue was...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: EFI: Fixed a NULL dereference in the initialization error path. In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never be allocated. Do not attempt to destroy the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fixed the error handling logic in ptcoreinit In order to properly free resources during the error handling logic of ptcoreinit, two goto statements need to be changed. Otherwise, some resources may be leaked, an...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-tcp: fixed a possible use-after-free issue in the transport errorrecovery process. While nvmetcpsubmitasynceventwork checks the ctrl and queue states before preparing the AER command and scheduling iowork, this check is...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: net: caif: fixed a memory leak in caifdevicenotify In the event of a failure in caifenrolldev, the allocated linksupport will not be assigned to the corresponding structure. Therefore, simply free the allocated pointer in case of...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queuelock lock and destroy Commit 76d54bf20cdc “nvme-tcp: do not access released sockets during error recovery” added a mutexlock call for the queue-queuelock in nvmetcpgetaddress. However, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: hfs/hfsplus: Avoid using WARNON for sanity checks; instead, use proper error handling. The commit 55d1cbbbb29e “hfs/hfsplus: Use WARNON for sanity checks” fixed a build warning by converting a comment into a WARNON call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: Prevent poison consumption when splitting THP When performing memory error injection on a THP Transparent Huge Page mapped to user space on an x86 server, the kernel panics with the following trace. The expected behavior woul...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could exploit XSLT error handling mechanisms to associate content controlled by the attacker with another origin that is displayed in the address bar. This could be used to trick users into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The testtag test triggers an unhandled page fault: ./testtag 130.640218 CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the response length checking for UD request packets. According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be considered invalid, and it shall be silently...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Core – The putdevice function should only be called after deviceregister fails. putdevice should not be called before a previous call to deviceregister. thermalcoolingdeviceregister does not follow this principle...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...

Astra Linux - уязвимость в firefox

When network partitioning was enabled, for example as a result of Enhanced Tracking Protection settings, a TLS error page allowed users to override an error on a domain that had specified HTTP Strict Transport Security. This means that the error should not be overwritten. This issue did not affec...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/tls: Fixed the reversed sign in tlserrabort calls. sk-skerr seems to expect a positive value. This convention is not always followed by ktls, which can lead to memory corruption in other code. For example: kworker...

Astra Linux - уязвимость в firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Ensure that the list is non-empty before using listfirstentry in kfdtopology.c. Before using listfirstentry, make sure that the list is not empty. If the list is empty, return -ENODATA. The following issues have be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In the function htabmaplookupanddeletebatch, if htablockbucket returns -EBUSY, the operation proceeds to the next bucket. Moving to the next bucket may not only silently skip...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: The page is released in the error path to avoid BUGON. Consider the following sequence of events: 1. The userspace sends a UFFD ioctl, which ultimately calls shmemmfillatomicpte. We successfully account the blocks, a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: The error check in parsebtffield has been fixed. btffindstructmember may return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. This issue is fixed b...