48 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hidreportrawevent Syzbot reported a shift-out-of-bounds issue in hidreportrawevent. microsoft 0003:045E:07DA.0001: hidfieldextract called with n 128 32! swapper/0 UBSAN: shift-out-of-bounds i...
Astra Linux – Vulnerability in Linux firmware, Linux, Linux 5.10, Linux 5.15
A issue with “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable from mtkiommuremove. After the commit b34ea31fe013 “iommu/mediatek: Always enable the clk on resume”, the iommu clock is controlled by the runtime callback. Therefore, the clkdisable function is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – decreasing the MHI channel buffer length to 8KB Currently, the buflen field of ath11kmhiconfigqca6390 is set to 0, causing MHI to use the default size of 64KB to allocate channel buffers. This may lead to failures ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: fotg210 – a memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, a memory leak will occur over time. To simplify things, simply call...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was performing a socket lookup, taking a reference count of the socket. It w...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed NULL pointer dereferencing in nilfspalloccommitfreeentry. Syzbot reported a NULL pointer dereferencing bug: NILFS loop0: segctord started. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 0...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a possible null-ptr-deref issue when assigning a stream. While AudioDSP drivers assign streams that are exclusively of HOST or LINK type, nothing prevents a user from attempting to assign a COUPLED stream. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxt: prevents a UAF Use After Free error after handing over control to the PTP worker. When reading the timestamp, bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterward, ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed data corruption in the dsync block recovery process for small block sizes. The helper function nilfsrecoverycopyblock in nilfsrecoverydsyncblocks incorrectly calculates the on-page offset when copying repair data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed issues with space cache corruption and potential double allocations. When testing spacecache v2 on a large set of machines, we encountered a few issues: 1. Errors of the type “unable to add free space :-17” EEXIST...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
A flaw was discovered in vringhkiovadvance in drivers/vhost/vringh.c, located in the host side of a virtio ring within the Linux Kernel. This issue may lead to a denial of service from the guest to the host through zero-length descriptors...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed the global out-of-bounds read in ksmbdnlpolicy. Similar to the reported issue see commit b33fb5b801c6 “net: qualcomm: rmnet: fixed global out-of-bounds in rmnetpolicy”, my local fuzzer discovered another global...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: bdisp: Added a missing check for createworkqueue. Added a check on the return value of createworkqueue to avoid dereferencing a NULL pointer...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The overflow check in the probe session-duplication function increased the session count, even when there were no more available sessions. This could lead to corruption of memory beyon...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoiding soft lockup when using mprotect on a large memory area When calling mprotect on a large hugetlb memory area in our customer’s workload 300GB of hugetlb memory, soft lockup was observed: watchdog: BUG: soft...
AZL-68820 CVE-2024-58053 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection. Whilst the propagatio...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bonding: A buffer overflow issue was fixed in the bondoptionarpiptargetsset function. In this function, if newval-string is an empty string, newval-string+1 will point to the byte after the string, leading to a buffer overflow an...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: Prevent the xattr node from overflowing the eraseblock. A check has been added to ensure that the requested xattr node size is not larger than the eraseblock minus the cleanmarker. Unlike traditional inode nodes, xattr...