Astra Linux - уязвимость в firefox, thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Call dcstreamrelease for removing the link enc assignment. Reason A porting error caused the stream assignment for the link to be retained instead of being released—resulting in a memory leak. How The issue was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed the LAG and VF lock dependencies in iceresetvf. In version 9f74a3dfcf83, the ice driver acquired the LAG mutex in iceresetvf. This lock acquisition was placed just before acquiring the VF configuration lock. If...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: The WARN function has been replaced with devwarnratelimited in rcarpciewakeup. It is sufficient to warn the user that there has been a link problem. Either the link has failed and the system requires maintenance, or th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free flaw was discovered in the nfcllcpfindlocal function in net/nfc/llcpcore.c within NFC in the Linux kernel. This flaw allows a local user with special privileges to cause a kernel information leak issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed NULL pointer dereferencing in iavfgetlinkksettings. Fixed a potential NULL pointer dereferencing issue, caused by freeing adapter-vfres in iavfinitgetresources. The previous commit introduced a regression, where...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: Fixed an issue where out-of-bounds access occurred during the multi-link element defragmentation process. Currently, during the multi-link element defragmentation process, the length of the multi-link element is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fixed possible NULL dereferencing. In the call to mac80211hwsimselecttxlink, the sta pointer might be NULL. Therefore, it is necessary to check that it is not NULL before accessing it...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fix for “NL80211ATTRMLOLINKID off-by-one” issue. Since the validation of the netlink attribute range includes inclusive checking, the maximum value of the attribute NL80211ATTRMLOLINKID should be...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of link-type in bpflinkshowfdinfo If a newly added link type does not invoke BPFLINKTYPE, accessing bpflinktypestrslink-type may lead to an out-of-bounds access. To detect such missed invocations early on,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a signal type check for dcn401 getphyd32clksrc Attempting to access link enc on a dpia link will cause a crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: The incorrect reference to iokiocb in iolinkskb has been fixed. In the iolinkskb function, there is a bug where the value of prevnotif is incorrectly assigned using ‘nd’ instead of ‘prevnd’. This causes the context...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/smc: corrected the incorrect listdel in smclgrcleanupearly. The function smclgrcleanupearly was supposed to delete the link group from the link group list, but it accidentally deleted the list head. This could lead to memory...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of the struct sofconnstream declaration declare a normallink a non-SOF, direct link string. This applies to SoCs that...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305updatearch error: memcpy 'dctx-buf' too small 16 vs u32max This issue arises because Smatch marks ‘linklen’...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the validation of region HPA ordering. Some regions may not have any address space allocated. Skip these regions when validating HPA order; otherwise, a crash similar to the following may occur: devmcxladdregion...