D-Link DIR-456U 信任管理问题漏洞

The D-Link DIR-456U is a wireless router produced by D-Link Corporation. The D-Link DIR-456U Hardware Revision A1 has a vulnerability related to trust management. This vulnerability stems from a hard-coded telnet backdoor, which may allow unauthenticated attackers on the local network to obtain a...

PT-2026-36833

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L Hardware Revision A1 Description A hardcoded telnet backdoor exists where the device starts a telnet daemon at boot via the /bin/telnetd.sh script. The system uses a static username "Alphanetworks" and password "wrgn35 dlwbr...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: A memory leak has been fixed in hi846parsedt. If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources do not get released before returning, resulting in a memory leak...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: Do not print NULL LLI during an error. During debugging, we encountered an issue where the axichandumplli function was passed a NULL LLI pointer, which resulted in an OOPS error due to attempts to access...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the KASAN use-after-free Read issue in computeeffectiveprogs. Syzbot identified a use-after-free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, causing a failure in the injected allocation...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ethtool: checks whether the device is present when obtaining link settings. A sysfs reader may race with a device that is reset or removed, attempting to read the device’s state when the device is not actually present. For exampl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF issue in bpftrampolinelinkcgroupshim. The root cause of this bug is that when bpflinkput reduces the refcount of shimlink-link.link to zero, the resource is considered released, but it may still be referenced via...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the net: phy section, phydev-devlink should be cleared when the device link is deleted. There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: meson: axg-card: fixed “use-after-free” issue The buffer “card-dailink” is reallocated in “mesoncardreallocatelinks”. Therefore, the initialization of the “pad” pointer should be moved after this function, when the memor...

Astra Linux – Vulnerability in Batik

A Server-Side Request Forgery SSRF vulnerability exists in the Batik of Apache XML Graphics, allowing attackers to access files using a Jar URL. This issue affects Apache XML Graphics Batik 1.14...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a deadlock between bdlinkdiskholder and partitionscan. The openmutex of gendisk is used to protect the opening and closing of block devices. However, in bdlinkdiskholder, it is used to protect the creation of...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fix for “NL80211ATTRMLOLINKID off-by-one” issue. Since the validation of the netlink attribute range includes inclusive checking, the maximum value of the attribute NL80211ATTRMLOLINKID should be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed the NULL pointer dereference in the route error path of ipv4 null-ptr-deref. The IPv4 code path in ipvsgetoutrt calls dstlinkfailure, without ensuring that skb-dev is set. This leads to a NULL pointer dereference in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/pmem: Fixed leaks in cxlpmemregion and cxlmemdev. When a cxlnvdimm object undergoes an -remove operation where the device is physically removed, nvdimmbridge is disabled, or the nvdimm device is disabled, any associated...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: The process of creating a BC link has been moved back to tipcnodecreate. Shuang Li reported a NULL pointer dereference crash: - Bug: NULL pointer dereference in the kernel; address: 0000000000000068 - RIP: 0010:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed the issue of kernel crashes in concurrent scenarios. When the link status changes, the nic driver needs to notify the roce driver to handle this event. However, at this time, the roce driver may uninit, which...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Avoid NULL pointer dereferencing When iterating over the links of a vif, we need to ensure that the pointer is valid in other words, that the link exists before dereferencing it. Use foreachvifactivelink to...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: Fix memory leak in ipmcadd1src BUG: Memory leak Unreferenced object: 0xffff888101bc4c00 size 32 Command: “syz-executor527”, pid 360, jiffies 4294807421 age 19.329s Hex dump first 32 bytes: 00 00 00 00 00 00 00 00 00 00...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305updatearch error: memcpy 'dctx-buf' too small 16 vs u32max This issue arises because Smatch marks ‘linklen’...