Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix tcpinittransfer so that icskcainitialized is not reset. This commit fixes a bug discovered by syzkaller. The bug could cause spurious double-initulations for congestion control modules. This could lead to memory leaks or...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleaning up partial engine discovery failures If we abort the driver initialization midway through engine discovery, some engines will be fully initialized, while others will not. Those incompletely initialized engin...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fixed a crash that occurs when the GPU is throttled immediately during boot. There is a small chance that the GPU might be already hot during boot. In that case, the call to ofdevfreqcoolingregister will immediately...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue of freeing uninitialized misc IRQ vectors. When the VSI setup failed in i40eprobe, as part of the PF switch setup, the driver tried to free misc IRQ vectors in i40eclearinterruptscheme, resulting in a kernel...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: Added validation before accessing cgx and lmac. With the addition of new MAC blocks such as CN10K RPM and CN10KB RPMUSX, LMACs are noncontiguous, and CGX blocks are also noncontiguous. However, during the RVU...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Initialize the restricted pool listhead when SWIOTLBDYNAMIC=y. Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash during boot-time...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: The PHY address mask in MDIO bus initialization was corrected. Syzbot reported a out-of-bounds exception during MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this mask,...

Astra Linux - уязвимость в libreoffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – Fixed unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, resulting in a crash when referencing those fields after the structure is released. Initially...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: The vmci transport packet must be cleared properly when initializing it. In vmcitransportpacketinit, memset is used to clear the vmcitransportpacket before populating the fields, to prevent any uninitialized data from...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dropmonitor: corrected the incorrect initialization order. Syzkaller reports the following bug: BUG: spinlock magic values are incorrect on CPU1, syz-executor.0/7995. Lock value: 0xffff88805303f3e0, .magic: 00000000, .owner:...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fixed NULL pointer dereferencing due to early interrupt requests. If an interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data, such as the I2...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutexinit location Syzbot reported that mxl111sfctrlmsg uses an uninitialized mutex. The issue was in the incorrect location of the mutexinit call. Previously, the mutexinit&state-msglock call was in the...

Astra Linux - уязвимость в linux-5.10

The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: Initialize the gfntopfncache locks in the dedicated helper. Move the initialization of the gfntopfncache lock to another helper, and call the new helper during VM/vCPU creation. There may be race conditions due to the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ath9khtc: fixed uninitialized values issues Syzbot reported 2 KMSAN bugs in ath9k. All of these bugs are caused by missing field initialization. In htcconnectservice, svcmetalen and pad are not initialized. Based on the code, ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: The initialization of the dangling pointer that occurs in vsk-trans has been addressed. During loopback communication, a dangling pointer can be created in vsk-trans, which may lead to a Use-After-Free condition. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “fou”: fixed the initialization of grc. Grc must be initialized first. There may be a situation where if fou is NULL, “goto out” will be executed, and grc will be used in an uninitialized state...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb – fix an invalid memory access If the croseckeybregistermatrix function is not called due to “buttonsswitchesonly” in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access occurs in croseckeybproces...