Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed NULL pointer dereferencing in iavfgetlinkksettings. Fixed a potential NULL pointer dereferencing issue, caused by freeing adapter-vfres in iavfinitgetresources. The previous commit introduced a regression, where...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: Fixed an issue where out-of-bounds access occurred during the multi-link element defragmentation process. Currently, during the multi-link element defragmentation process, the length of the multi-link element is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fixed possible NULL dereferencing. In the call to mac80211hwsimselecttxlink, the sta pointer might be NULL. Therefore, it is necessary to check that it is not NULL before accessing it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed a NULL pointer dereference in amdgpudmi2cxfer. When ddcserviceconstruct is called, it explicitly checks both the link type and whether there is something on the link that will determine whether the pin is...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename ... if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber...

Astra Linux - уязвимость в firefox, thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: The WARN function has been replaced with devwarnratelimited in rcarpciewakeup. It is sufficient to warn the user that there has been a link problem. Either the link has failed and the system requires maintenance, or th...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of link-type in bpflinkshowfdinfo If a newly added link type does not invoke BPFLINKTYPE, accessing bpflinktypestrslink-type may lead to an out-of-bounds access. To detect such missed invocations early on,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fix for “NL80211ATTRMLOLINKID off-by-one” issue. Since the validation of the netlink attribute range includes inclusive checking, the maximum value of the attribute NL80211ATTRMLOLINKID should be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed the LAG and VF lock dependencies in iceresetvf. In version 9f74a3dfcf83, the ice driver acquired the LAG mutex in iceresetvf. This lock acquisition was placed just before acquiring the VF configuration lock. If...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: The incorrect reference to iokiocb in iolinkskb has been fixed. In the iolinkskb function, there is a bug where the value of prevnotif is incorrectly assigned using ‘nd’ instead of ‘prevnd’. This causes the context...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of the struct sofconnstream declaration declare a normallink a non-SOF, direct link string. This applies to SoCs that...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the validation of region HPA ordering. Some regions may not have any address space allocated. Skip these regions when validating HPA order; otherwise, a crash similar to the following may occur: devmcxladdregion...

Astra Linux - уязвимость в axis

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could allow for the use of potentially dangerous lookup mechanisms, such as LDAP. Passing untrusted input to this API method could expose the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: Shift wrapping was prevented in rtw89coremlsrswitch. The value of linkid comes from the user via debugfs. If it is larger than BITSPERLONG, it will result in shift wrapping, potentially leading to out-of-bounds...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: hns3 – Fixed the issue of kernel crashes in concurrent scenarios. When the link status changes, the nic driver needs to notify the roce driver to handle this event. However, at this time, the roce driver may uninit, which...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/smc: corrected the incorrect listdel in smclgrcleanupearly. The function smclgrcleanupearly was supposed to delete the link group from the link group list, but it accidentally deleted the list head. This could lead to memory...