Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Mediatek: Added an intf release flow when the USB connection is disconnected. Mediatek claims that there is a special USB interface for ISO data transmission. This interface must be released before unregistering...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: hfcsusb: fixed a memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. This issue was addressed by freeing the urb before freeing th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregisters devlink parameters in case the interface is down Currently, if an interface is down, the mlx5 driver does not unregister its devlink parameters, which leads to this WARN1. Fix by also unregistering the devli...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: wilc1000: Prevent use-after-free in wilcnetdevcleanup when cleaning up all interfaces. wilcnetdevcleanup currently triggers a KASAN warning. This can be observed during the interface registration process, or by simply...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: A resource leak was fixed in the error handling path. The call dspirequestdma should be undone by a call to dspireleasedma in the error handling path of the probe function, as already done in the remove functio...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fixed a race condition in the DMA ring dequeue process The HCI DMA dequeue path hcidmadequeuexfer may be invoked for multiple transfers that time out at approximately the same time. However, this function is no...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Mojom IDL of Google Chrome prior to version 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as a RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver’s TXEN pin. When the TTY port is closed mid-transmission e.g....

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed an unreferenced object issue reported by kmemleak in ubiresizevolume. There is also a memory leak issue reported by kmemleak: An unreferenced object with a size of 128 bytes is causing a memory leak: 0xffff888102007a00...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to view the data of kernel pages by providing a larger insize value in struct croseccommand1 when invoking EC host commands. This issue can be fixed b...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: A consistency check is performed on the mailbox/SMT channel. When a completion interrupt is received, the shared memory area is accessed first to retrieve the message header. If the message sequence number...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: Fixed NULL pointer dereferencing in icevsisetnapiqueues. Added NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adapter: 60:00.0 Ethernet...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-pf: mcs: Fixed NULL pointer dereferencing issues When the system is restarted after creating a MacSec interface, NULL pointer dereferencing errors occurred. This patch fixes these errors by using the correct order of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: The take ops lock in the hwtstamp lower paths must be performed. ndo hwtstamp callbacks are expected to run under the per-device ops lock. Ensure that the lower get/set paths are consistent with the rest of ndo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. The commit 667ac333dbb7 added a check to delete the VNIC in t...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: Set vbif hw config to NULL to avoid use after memory free during pm runtime resume BUG: Unable to handle kernel paging requests at virtual address 006b6b6b6b6b6be3 Call trace: dpuvbifinitmemtypes+0x40/0xb8...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiqgswip: The operation gswipremove should perform the ofnodeputpriv-ds-slavemiibus-dev.ofnode before calling mdiobusfreepriv-ds-slavemiibus...

Astra Linux - уязвимость в rabbitmq-server

RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing JavaScript code to execute withi...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use accesswidth instead of bitwidth for system memory accesses To align with ACPI 6.3+, since bitwidth can be any 8-bit value, it cannot be relied upon to always be at a clean 8-bit boundary. This issue was discovered...