CentOS 9 : gnutls-3.8.10-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gnutls-3.8.10-4.el9 build changelog. - A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels,...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbtenabledefault and IO submission When wbtenabledefault is moved out of queue freezing in elevatorchange, it can cause the wbt inflight counter to become negative -1, leading to hung tasks in the writebac...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: m68k: mm: Move initrd phystovirt handling after paginginit When booting with an initial ramdisk on platforms where physical memory does not start at address zero e.g. on Amiga: initrd: 0ef0602c - 0f800000 Zone ranges: DMA mem...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drmkmshelperpolldisable check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drmmodeconfighelpersuspend...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Patchwork:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed an issue with uninit-value in copyname Bug reported by syzbot BUG: KMSAN: uninit-value in sizedstrscpy+0xc4/0x160 sizedstrscpy+0xc4/0x160 copyname+0x2af/0x320 fs/hfsplus/xattr.c:411 hfspluslistxattr+0x11e9/0x1a5...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: Set priv-pdev before using it. The priv-pdev pointer was set after being used in fslasoccardaudmuxinit. This assignment should be moved to the beginning of the probe function, so that sub-functions can...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Free inode when ocfs2getinitinode fails The syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826. “ocfs2: Handle error from dquotinitialize” forgot to call iput when newinode succeeded and dquotinitialize...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a3xx: fix error handling in a3xxgpuinit These error paths returned 1 on failure, instead of a negative error code. This would lead to an Oops in the caller. A second problem is that the check for "if ret != -ENODATA" did...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pciprobe During driver initialization, the pointer of card info, i.e. the variable 'ci' is required. However, the definition of 'com20020pciidtable' reveals that this field is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtkiommudevicegroup Currently, mtkiommu calls during probe iommudeviceregister before the hwlist from driver data is initialized. Since iommu probing issue fix, it leads to NULL point...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Driver Core: Class: Fixed wild pointer dereferencing in the API classdeviternext. There is a potential issue of wild pointer dereferencing related to the APIs classdeviterinit|next|exit. This issue arises from the following typic...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed a resource leak related to the scp device during firmware initialization. On MediTech devices with a System Companion Processor SCP, the mtkscp structure must be explicitly removed to avoid a resour...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the way the “flags” member of the new pipe buffer structure lacked proper initialization in the copypagetoiterpipe and pushpipe functions of the Linux kernel. As a result, these members could contain stale values. An unprivileged local user could exploit this flaw to writ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fixed the initialization of the device object in vmbusdeviceregister. Initialized the device’s dmamask,parms pointers and the device’s dmamask value before invoking deviceregister. This issue was addressed in...