296 matches found
Debian dla-4671 : linux-config-6.1 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4671 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4671-1 [email protected]...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ocfs2: The BUG function was replaced with ocfs2error in ocfs2MoveExtent. In ocfs2MoveExtent, the BUG function was changed to ocfs2error simply to avoid causing the entire kernel to crash due to filesystem corruption...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/v3d: Set the DMA segment size to avoid debug warnings. When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This occurs because ‘maxsegsize’ is not set. The kern...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid updating zero-sized extents in the extent cache. As reported by syzbot: F2FS-fs loop0: updateextenttreerange: extent length is zero, type: 0, extent 0, 0, 0, age 0, 0. ------------ Cut here ------------ Kerne...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Treating $Extend records as regular files. Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature 154563.214890 nvme nvme2: NVME-FC1: controller connect complete 154564.169363 qla2xxx 0000:b0:00.1-3002:2: nvme: Sched: Set ZIO...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fixed the use-of-memory issue in powersupplychanged. By using the devm variant to request the IRQ before using the devm variant to allocate/register the powersupply handle, it becomes possible that the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Do not skip unrelated instructions if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream changes...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KEYS: Trusted – Fixed a memory leak in tpm2loadcmd. tpm2loadcmd allocates a temporary blob indirectly through tpm2keydecode, but the blob is not freed during failure paths. This issue can be addressed by wrapping the blob with a...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In btusb, there is an issue where the cleanup operations during btusbdisconnect are not performed in the correct order, leading to a Use-After-Free UAF condition. There is also a KASAN issue in btusbdisconnect: A re...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv4: A reference count leak was fixed when using error routes with nexthop objects. When a nexthop object is deleted, it is marked as “dead”, and then fibtableFlush is called to flush all routes that use the dead nexthop. The...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: tpm: Limit the number of PCR banks The function tpm2getpcrallocation does not impose any upper limit on the number of banks. The limit is set to eight banks, so values that exceed this limit from external I/O cause only limite...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: The error code in mchpeicdomainalloc has been fixed. If irqdomaintranslatetwocell sets “hwirq” to = MCHPEICNIRQ 2, it may lead to an out-of-bounds access. The code checks for invalid values, but does not set the...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed xattr-related buffer overflow issues… Willy Tarreau forwarded me a message from Disclosure , containing the following warning: The helper function xattrkey uses the pointer variable in the loop condition, rather...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fixed integer overflow in sample size validation The wavefrontsendsample function has a problem with integer overflow when validating the sample size. The header-size field is of type u32, but it is cast to int f...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey – fixed memory corruption upon unloading. It should be labeled as “priv”, but we accidentally passed “&priv”, which is an address in the stack. This can lead to memory corruption when the imxsckeyaction function i...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gue: Fixed a skb memory leak associated with the inner IP protocol 0. The syzbot reported a skb memory leak below. 0 The repro process generated a GUE packet with its inner protocol set to 0. The function gueudprecv returns...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV” This issue is addressed by committing 05703271c3cd “PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV”. This commit causes a deadlock by...