551 matches found
CVE-2022-49094 net/tls: fix slab-out-of-bounds bug in decrypt_internal
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...
CVE-2022-49078 lz4: fix LZ4_decompress_safe_partial read out of bound
In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compresse...
CVE-2022-49064 cachefiles: unmark inode in use in error path
In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefilesopenfile, Cachefiles will complain "Inode already in use" when later another cookie with the...
CVE-2022-49061 net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altrtsepcs function when using a fixed-link When using a fixed-link, the altrtsepcs driver crashes due to null-pointer dereference as no phydevice is provided to tsepcsfixmacspeed function. Fix this by...
CVE-2022-49062
The CVE-2022-49062 issue affects the Linux kernel component cachefiles, specifically a KASAN slab-out-of-bounds in cachefiles_set_volume_xattr. The bug arose when the code did not use the actual length of volume coherency data while setting the xattr, leading to an out-of-bounds write (noted in K...
CVE-2022-49059 nfc: nci: add flush_workqueue to prevent uaf
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...
CVE-2021-47656 jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2clearxattrsubsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: “aoe”: The potential use-after-free problem has been fixed in multiple locations. Regarding the fix for CVE-2023-6270, f98364e92662 “aoe: The potential use-after-free problem has been fixed in aoecmdcfgpkts” involves replacing...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: KVM: Fixed a data race on lastboostedvcpu in kvmvcpuonspin. Used READ,WRITEONCE to access kvm-lastboostedvcpu to ensure that reads and writes are atomic. In the extremely unlikely scenario where the compiler introduces errors in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write warnings When the “storcli2 show” command is executed for eHBA-9600, the mpi3mr driver prints this warning message: memcpy: A field-spanning write size 128 was detected in the singl...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the use-after-free of rsvqp on HIP08. Currently, rsvqp is freed before the ibunregisterdevice function is called on HIP08. During this time interval, users can still deregister MR, and rsvqp will be used in this...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check to determine the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have th...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a slab-use-after-free in ext4splitextentat. We encountered the following use-after-free issues: BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: seg6: Fixed parameter passing when calling NFHOOK in the End.DX4 and End.DX6 behaviors. The functions inputactionenddx4 and inputactionenddx6 call NFHOOK for the PREROUTING hook. During the PREROUTING hook, a valid indev and a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: The SoC driver needs to be probed as a platform driver. With driverasyncprobe= in the kernel command line, the following trace was produced because on the i.MX8M Plus hardware, the soc-imx8m.c driver calls clkgetbynam...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Handling of errors when calling otx2mboxgetrsp in otx2dmacflt.c has been improved. A check for an error pointer was added after calling otx2mboxgetrsp...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fixed the BUGON in mmapPROTWRITE, MAPPRIVATE. A lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flags, causing a kernel panic due to BUGON i...
DEBIAN-CVE-2025-21648
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INTMAX Use INTMAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is...
UBUNTU-CVE-2025-21637
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...