Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a missing error check to scarlett2usbsetconfig. The scarlett2usbsetconfig function calls scarlett2usbget, but did not check the result. If this function fails, an error is returned instead of continuing wit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ptp: ocp: Fixed a resource leak in the error handling path If an error occurs after a successful pciioremapbar call, it must be undone by a corresponding pciiounmap call, as already done in the removal function...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fixed a null dereference issue in the parse of dev addr operation. A logical error was addressed, which could lead to a null dereference if the mode is set incorrectly for the given addr type...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mmc: mmctest: Fixed the issue of NULL dereferencing upon allocation failure. If the allocation of test-highmem = allocpages fails, calling freepagestest-highmem will result in a NULL dereferencing. Additionally, the error code ha...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: efi: libstub – Only privRuntimeMap is freed when it is allocated. privRuntimeMap is only allocated when efinovamap is not set. Otherwise, it remains uninitialized. In the error path, privRuntimeMap is freed unconditionally. Avoid...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: moved xesvminit earlier. In xevmcloseandput, we need to be able to call xesvmfini. However, during vm creation, we can call this function on the error path, before actually initializing the svm state. This leads to...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: The BUG function call has been removed after failing to insert a delayed directory index entry. Instead of calling BUG when we fail to insert a delayed directory index entry into the delayed node’s tree, we can simply...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoided potential dereferencing of error pointers in stihqvdpatomiccheck. The return value of drmatomicgetcrtcstate needs to be checked. This is done to avoid using the error pointer ‘crtcstate’ in case of a failure...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member “uzonesize” of the struct alaudainfo structure will remain 0 if alaudainitmedia fails. This could potentially cause division errors in alaudareaddata and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls pagepooldevallocpages, but it does not handle the case where NULL is returned. A WARNON!newpage message is generated, but the program still proceeds...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: Incorrect arithmetic operations when fetching VLAN header bits. If the offset plus the length exceeds the range of the Ethernet + VLAN header, then the length is adjusted to copy the bytes that are within t...

Astra Linux - уязвимость в libstb

stbimage is a single-file library licensed under MIT that processes images. It might seem like stbiloadgifmain does not provide any guarantees regarding the content of the output value delays in case of failure. Although it sets delays to zero at the beginning, it does not do so if the image is n...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tunnels: Fixed an issue where a splat fault occurred when generating IPv4 PMTU errors. If we attempt to emit an ICMP error in response to a non-linear SKB, we encounter the following issue: Bug: KASAN: Out-of-bounds access in...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: Soundwire: Stream – Fixing a memory leak in the stream configuration error path When the stream configuration fails, the master runtime will release all slave runtimes from the slavertlist. However, at this point, the slave...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFFetchStripThing in tifdirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, this fix is available in the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: sun8i-ce-cipher – Fixed error handling in sun8icecipherprepare. Fixed two DMA cleanup issues on the error path in sun8icecipherprepare: 1 If dmamapsg fails for areq-dst, the device driver will attempt to free DMA memor...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: We’ve fixed our handling of the situation where refs == 0 in the snapshot delete operation. In reada, there’s a bug where refs == 0 can occur. This could be problematic because we don’t hold a lock on the extent leaf, a...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: - media: v4l2-subdev: Fixed an issue with the check for allocation failures in v4l2subdevcallstatetry. The v4l2subdevcallstatetry macro uses v4l2subdevstatealloc to allocate a subdev state, but does not check the returned valu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Ring-Buffer: Fixed buffer locking in ringbuffersubbuforderset. Expanded the critical section in ringbuffersubbuforderset to ensure that error handling occurs with a per-buffer mutex held, thereby preventing list corruption and...

Astra Linux - уязвимость в tomcat9

The issue involves a vulnerability in the generation of error messages containing sensitive information in Apache Tomcat. This issue affects Apache Tomcat versions starting from 8.5.7 through 8.5.63, and from 9.0.0-M11 through 9.0.43. Other, end-of-life versions may also be affected. It is...