5844 matches found
CVE-2026-45956
drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Squashfs: Check the return result of sbminblocksize. Syzkaller reports a bug named “UBSAN: Shift-out-of-bounds in squashfsbioread”. Syzkaller forks multiple processes. After mounting the Squashfs filesystem, it issues an...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the idatasem unlock order in ext4indmigrate Fuzzing reported a possible deadlock in jbd2logwaitcommit. This issue occurs when an EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file descripto...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The roseioctl function in net/rose/afrose.c has a use-after-free issue due to a race condition involving roseaccept...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args. This will assist in validating the userq input arguments and rejecting invalid userq requests during IOCTLs...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a kernel-infoleak issue in nilfsioctlwrapcopy. The ioctl helper function nilfsioctlwrapcopy exchanges a metadata array to/from user space. It may copy uninitialized buffer regions to user space memory for read-on...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ubi: Fixed a race condition between ctrlcdevioctl and ubicdevioctl. Hulk Robot reported a KASAN report regarding a use-after-free issue: BUG: KASAN: use-after-free in listdelentryvalid+0x13d/0x160. A size 8 byte read at addres...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: comedi: Fixed the use of uninitialized memory in doinsnioctl and doinsnlistioctl. syzbot reports a KMSAN kernel-infosecret vulnerability in doinsnioctl. A kernel buffer is allocated to hold insn-n samples each of which is an...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. Syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Video: fbdev: arkfb – Fixed a divide-by-zero bug in arksetpixclock Since the user can control the arguments of ioctl from the user space, there are special cases where a divide-by-zero bug may occur in the following code: c...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: loop: Overflow check during loop configuration The user space can configure a loop using an ioctl call. In this process, a configuration of type loopconfig is passed see the loioctl case on line 1550 of drivers/block/loop.c. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Use kzalloc for sev ioctl interfaces to prevent kernel memory leaks. For some sev ioctl interfaces, input data may be less than or equal to SEVFWBLOBMAXSIZE, but larger than the data returned by the PSP firmware. In...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Ensure that write operations are atomic. syzbot reported a NULL pointer dereference in genericfilewriteiter. Before the write operation is completed, the user executes ioctl to clear the compress flag of the file. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations. The exec and vmbind ioctls allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs value can force an excessively large...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed incomplete validation of ioctl arguments. We tested and found an alarm caused by an incomplete validation of ioctl arguments without proper verification. The UBSAN warning message looks like this: UBSAN: Undefined...
Astra Linux - уязвимость в linux-5.10, linux
When sending malicious data to the kernel using the ioctl cmd FBIOPUTVSCREENINFO, the kernel will write memory beyond its boundaries...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevents potential UAF Use After Free issues during group creation. This commit addresses the issue where a malicious user space could potentially alter the handle of a group and attempt to call the GROUPDESTROY ioct...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fpga: Integer overflow has been prevented in dflfeatureioctlsetirq. The multiplication hdr.count sizeofs32 can cause integer overflow on 32-bit systems, leading to memory corruption. Use arraysize to fix this issue...