224336 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: A missing check was fixed to avoid NULL dereferencing. cacheent could potentially be set to NULL inside virtiogpucmdgetcapset, which would lead to a NULL dereferencing due to its recent use i.e., ptr =...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Fixed an out-of-bounds memory read access in KUnit tests ctlcache. The KASAN reported an out-of-bounds access in the function csdspctlcacheinitmultipleoffsets. The code used mockcoefftemplate.lengthbytes 4 bytes...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a stack buffer overflow in hcilebigcreatesync. The hcilebigcreatesync function uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack, with 0x11 17 slots available. However, conn-numbi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm, swap: Fixed a potential UAF issue related to VMA readahead. Since commit 78524b05f1a3 “mm, swap: avoiding redundant swap device pinning”, the common helper function for allocating and preparing a swap entry in the swap cache...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - For the spi: amlogic: spifc-a4 issue, the error handling for DMA mapping has been fixed. Three bugs have also been fixed in the amlsfcdmabuffersetup function: 1. Unnecessary goto: When the first DMA mapping sfc-daddr fails,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - usb: dwc2: gadget: Fixed the mismatch between spinlock and unlock calls in dwc2hsotgudcstop. - dwc2gadgetexitclockgating internally calls the callgadget macro. This macro expects hsotg-lock to be held since it performs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In the function htabmaplookupanddeletebatch, if htablockbucket returns -EBUSY, the operation proceeds to the next bucket. Moving to the next bucket may not only silently skip...
Astra Linux - уязвимость в linux, linux-5.10
A list management bug in BSS handling in the mac80211 stack of the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to corrupt a linked list and, in turn, potentially execute unauthorized code...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a use-after-free in ksmbdclosefd, through the use of a durable scavenger mechanism. When a durable file handle persists after a session disconnection TCP connection closed without SMB2LOGOFF, sessionfdcheck sets...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: zram: Fixed the race condition involving slot write operations. Parallel concurrent writes to the same zram index result in the zsmalloc handles being leaked. Schematically, it looks like this: CPU0 CPU1 zramslotlock zsfree...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fixed the refcount leak in rockchippinctrlparsegroups. The function offindnodebyphandle returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer necessary. Add th...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nullblk: fixed handling of poll request timeouts When performing the iouring benchmark on /dev/nullb0, it’s easy for the kernel to crash if poll requests time out, as reported by David. 1 BUG: Kernel NULL pointer dereferencing...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite the commit 0ad529d9fd2b “mptcp: fix possible divide by zero in recvmsg”, the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fixed an out-of-bounds read in cifssanitizeprepath. When cifssanitizeprepath is called with an empty string or a string containing only delimiters e.g., /, the current logic attempts to check cursor2 - 1 before...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validated rec-used in journal-replay file record check The checkfilerecord function validates rec-total against the record size, but never validates rec-used. The doaction journal-replay handlers read rec-used from the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe The ipv6stub-ipv6devfind function may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded. Passing this error pointer to devhold will cause a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Netwerk: Ethernet: xscale: Ensure proper check for PTP support. In the ixp4xxgettsinfo function, the ixp46xptpfind function is called unconditionally. This occurs because this feature only exists in ixp46x. This leads to the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: “power: supply: rk817” – Fixed the node refcount leak. Dan Carpenter reported that the Smatch static checker identified another refcount leak in the probe function. While the ofnodeput function was added in one of the return...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fixed error handling for devmregmapinitmmio. devmregmapinitmmio returns ERRPTR if it fails, instead of returning NULL. The original code checked for NULL, which would never trigger in case of errors, potentially...