Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crashes. When CPU 0 is offline and intelpowerclamp is used to simulate idle state, it causes a kernel bug: Bug: Using smpprocessorid in preemptible 000000...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fixed a panic that occurred during namespace deletion with VF. The existing code moves the VF NIC to a new namespace when NETDEVREGISTER is received on the netvsc NIC. During the deletion of the namespace,...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: can:bcm:bcmtxsetup: fixed the KMSAN uninit-value issue in vfswrite. Syzkaller reported the following issues: ===================================================== BUG: KMSAN: uninit-value in aiorwdone, file fs/aio.c:1520 inlin...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: stratix10-svc: Fixed a potential resource leak in svccreatememorypool. The svccreatememorypool function is only called from stratix10svcdrvprobe. Most of the resources within the probe are managed, but this memremap...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ice: Check the VF VSI Pointer Value in icevcaddfdirfltr. As mentioned in the commit baeb705fd6a7 “ice: Always check the VF VSI Pointer Values”, we need to perform a null pointer check on the return value of icegetvfvsi before usi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fixed an NPE in gncmBind. The commit 56a512a9b410 “usb: gadget: fncm: Aligned netdevice lifecycle with bind/unbind” deferred the allocation of the netdevice. This change results in a NULL pointer derefrence in t...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: In the tty module, for the serial subsystem, there is a issue where the uartlite driver is registered within the init function. When two instances of the uart device are being probed, a concurrency race may occur. If one thread...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null check has been added for the function pointer in dcn32setoutputtransferfunc. This commit adds a null check for the setoutputgamma function pointer in the dcn32setoutputtransferfunc function. Previously,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Networks: hns3 – The use of numtqps in the vf driver to allocate resources. Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps,...

Astra Linux - уязвимость в mariadb-10.3

SaveWindowFunctionValues in MariaDB before 10.6.3 can cause an application to crash due to incorrect handling of withWindowFunc=true for a subquery...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i40e: Added a maximum boundary check for VF filters. There is no check to ensure that VF can request a maximum number of filters. This limitation should be added...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails The nvmetreqinit function calls nvmetreqcomplete internally in case of failures. For example, when an unsupported opcode is encountered, the queueresponse...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed an issue where a use-after-free occurred when disabling SRIOV. The use-after-free is detected by kfence when disabling SRIOV. What was read after being freed was vf-pcidev: it was freed from pcidisablesriov, and lat...

Astra Linux - уязвимость в libcaca

A flaw was discovered in libcaca. A buffer overflow in the export.c file, specifically in the exporttroff function, may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue of index out of bounds occurred when the index ‘i’ exceeded the number of transfer function points TRANSFERFUNCPOINTS...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed handling of incorrect devices during the bond netevent processing. The current implementation of the bond netevent handler only checks whether the handled netdev is a VF representative. However, there is no...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: ffs: The ffsdataclear function must clear the ffseventfd. This function is indirectly called from both ffsfskillsb and ffsep0release. As a result, it is called twice—once when the userland process closes ep0 and...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed an issue where an index out of bounds occurred in the DCN30 color transformation. This commit addresses a potential index out of bounds issue in the cm3helpertranslatecurvetoHWformat function within the...

Astra Linux - уязвимость в binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through a floating-point exception error at libavfilter/vfminterpolate.c:1078:60 in interpolate...