Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: temperature: mlx90635: Fixed the dereference of ERRPTR in mlx90635probe. When devmregmapiniti2c fails, regmapee can be an error pointer. Instead of checking ISERRregmapee, regmap is checked, which seems like a copy-paste err...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Use the correct buffer size when parsing configfs lists This commit fixes the support for the uvc gadget on 32-bit platforms. The commit 0df28607c5cb “usb: gadget: uvc: Generalize helper functions for reuse”...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a double-free in arfscreategroups. When the memory allocated by kvzalloc fails, arfscreategroups will free ft-g and return an error. However, arfscreatetable, the only function calling arfscreategroups, will hold...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed an overflow issue with sdiv. Zac Ecob reported a problem where a bpf program might cause a kernel crash due to the following error: Oops: Divide error: 0000 1 PREEMPT SMP KASAN PTI The failure is caused by the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovl: fixed the tmpfile leak...

Astra Linux - уязвимость в dcmtk

DCMTK through version 3.6.6 does not handle memory deallocation properly. The malloc function allocates heap memory for data parsing, but does not deallocate that memory when there are errors in parsing. Sending specific requests to the dcmqrdb program leads to memory leaks. An attacker can use...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: The crash that occurred during the creation of helper kthreads due to scxenable has been fixed. A crash was observed when the schedext selftest runner was terminated with Ctrl+\ while test 15 was running: NIP...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: The inode is marked as “bad” as soon as an error is detected using the mienumattr function. The interface of the miEnumAttr function was extended by adding an additional parameter, struct ntfsinode ni. This allows the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that the tx-skbs always have the MPTCP extensions. Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. This results in a la...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Some memory leaks have been fixed in the error handling code for logreplay. All error handling code leads to the out function, where many resources are freed. This issue is also addressed here, rather than through a...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Prevent potential error pointer dereferencing. The drdomainaddvportcap function generally returns NULL on error. However, sometimes we want it to return ERRPTR-EBUSY so that the caller can retry. The issue here is that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: fixed the issue of locking in the ieee80211startap error path. We need to hold the local-mtx to release the channel context; this is even encoded in the lockdepassertheld function. Fix this issue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fixed the missing clkput in the error handling code for tegradcrgbprobe. If the call to clkgetsys..., "plld2out0" fails, the call to clkgetsys must be undone. Added the missing clkput function and a new label...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel before version 5.19, the file drivers/gpu/drm/arm/malidpplanes.c misinterprets the return value of getsgtable. It expects the return value to be NULL in the error case, but in reality, it is an error pointer...

Astra Linux - уязвимость в grub2

Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...

Astra Linux - уязвимость в firefox, thunderbird

When attempting to load a cross-origin resource in an audio/video context, a decoding error may occur. The details of that error may contain information related to the resource. This vulnerability affects Firefox versions earlier than 86, Thunderbird versions earlier than 78.8, and Firefox ESR...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchRules, if imafilterruleMatch returns -ENOENT due to the rule being NULL, the function incorrectly skips the if !rc check and sets result = true. The LSM rule is...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Validated AG parameters in dbMount to prevent crashes. Validated dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. The limits are derived from...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc. In tpgalloc, resources should be deallocated in every possible error-handling path, as they are allocated using for statements. Otherwise, memleaks could occur, since tpgfree is onl...