329 matches found
Debian dla-4671 : linux-config-6.1 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4671 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4671-1 [email protected]...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ocfs2: The BUG function was replaced with ocfs2error in ocfs2MoveExtent. In ocfs2MoveExtent, the BUG function was changed to ocfs2error simply to avoid causing the entire kernel to crash due to filesystem corruption...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: There is a race condition where the error handler is only awakened when the last running command completes or times out. The order of execution of marking commands—either completed or failed—is not properly ordered...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv4: A reference count leak was fixed when using error routes with nexthop objects. When a nexthop object is deleted, it is marked as “dead”, and then fibtableFlush is called to flush all routes that use the dead nexthop. The...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported a MPTCP deadlock during the fallback process: WARNING: Possible recursive locking detected 6.18.0-rc7-virtme 1 Not tainted...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey – fixed memory corruption upon unloading. It should be labeled as “priv”, but we accidentally passed “&priv”, which is an address in the stack. This can lead to memory corruption when the imxsckeyaction function i...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In btusb, there is an issue where the cleanup operations during btusbdisconnect are not performed in the correct order, leading to a Use-After-Free UAF condition. There is also a KASAN issue in btusbdisconnect: A re...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/v3d: Set the DMA segment size to avoid debug warnings. When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This occurs because ‘maxsegsize’ is not set. The kern...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Do not skip unrelated instructions if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream changes...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature 154563.214890 nvme nvme2: NVME-FC1: controller connect complete 154564.169363 qla2xxx 0000:b0:00.1-3002:2: nvme: Sched: Set ZIO...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV” This issue is addressed by committing 05703271c3cd “PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV”. This commit causes a deadlock by...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: ti: dma-crossbar: fixed a device leak during am335x route allocation. Make sure to remove the reference used when accessing the crossbar platform device during am335x route allocation...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Ceph: Proper snapshot context was provided for the cephzeropartialobject function. The cephzeropartialobject function lacked the correct snapshot context for its OSD write operations, which could lead to inconsistencies in...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Treating $Extend records as regular files. Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid updating zero-sized extents in the extent cache. As reported by syzbot: F2FS-fs loop0: updateextenttreerange: extent length is zero, type: 0, extent 0, 0, 0, age 0, 0. ------------ Cut here ------------ Kerne...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fixed the use-of-memory issue in powersupplychanged. By using the devm variant to request the IRQ before using the devm variant to allocate/register the powersupply handle, it becomes possible that the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gue: Fixed a skb memory leak associated with the inner IP protocol 0. The syzbot reported a skb memory leak below. 0 The repro process generated a GUE packet with its inner protocol set to 0. The function gueudprecv returns...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ip6gre: made ip6greheader more robust. Over the years, syzbot has identified many ways in which the kernel can crash due to issues related to ip6greheader. This involves the ability of team or bonding drivers to dynamically chang...