11901 matches found
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerabilities have been resolved: USB: usbfs: Do not issue a WARN message regarding excessively large memory allocations. Syzbot discovered that the kernel generates a WARN message if the user attempts to perform a bulk transfer using usbfs with a buffer that ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Fixed memory leaks in the error path. The memory allocated by vxlanvnigroupinit is not freed during the error path, leading to memory leaks 1. This issue was fixed by calling vxlanvnigroupuninit in the error path. The...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a6xx: Fixed the issue where kvzalloc was used instead of statekcalloc. The adrenoshowobject function is a bug. It reallocates the pointer passed during the first call, when the data is encoded as ascii85. To address...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: exfat: Use kvmallocarray/kvfree instead of kmallocarray/kfree. The call stack shown below represents a scenario in the Linux 4.19 kernel. Memory allocation failed for the exfat file system, due to system memory fragmentation, whi...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devmkasprintf devmkasprintf returns a pointer to dynamically allocated memory. The pointer might be NULL if the allocation fails. It is necessary to check the validity of the pointer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to allocskmsg syzbot found that allocskmsg could be called from a non sleepable context. skpsockverdictrecv uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. syzbot...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed DMA mapping leaks During the reallocation of RX buffers, new DMA mappings are created for those buffers. Steps to reproduce the issue are as follows: While loop: Do For i=0; i=8160; i=i+32 Do ethtool -G enp130s0f0 ...
Astra Linux - уязвимость в ffmpeg5
A flaw was discovered in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services a...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerabilities have been resolved: media: staging/intel-ipu3: Fixed error handling for setfmt. If an error occurs during the setfmt operation, do not overwrite the previous sizes with the invalid configuration. Without this patch, v4l2-compliance will end up...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with PID 5071 at file mm/pagealloc.c:5525 allocpages+0x30a/0x560. Quota mode: None. fscrypt:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsiconn-dddata only if memory is allocated. In the case of an ibfastregmr allocation failure during iSER setup, the system may encounter a panic because iscsiconn-dddata is initialized unconditionally...
Astra Linux - уязвимость в libsoup2.4
A flaw was discovered in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which could cause libsoup to allocate memory and lead to a denial of service DoS attack...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed the missing error check for xastore. xastore may fail. It returns xaerr-EINVAL if the entry cannot be stored in an XArray, or xaerr-ENOMEM if memory allocation fails. Therefore, a check for errors in xastore is...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixed potential deadlocks caused by newly created symlinks. Syzbot reported that the pagesymlink function, called by nilfssymlink, triggers memory reclamation involving the filesystem layer. This can lead to circular lock...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add a NULL check in udmaprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, resulting in a NULL pointer being dereferenced. Add a NULL chec...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: fixed a segfault in nfcgenldumpdevicesdone When kmalloc in nfcgenldumpdevices fails, nfcgenldumpdevicesdone causes a segfault as follows: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f CPU: 0 PID: 25...
Astra Linux - уязвимость в linux
A issue was discovered in the Linux kernel through version 5.11.3, when it was used with Xen PV. A certain part of the netback driver lacks proper handling of errors, such as failed memory allocations as a result of changes to the way errors related to grant mapping are handled. A denial-of-servi...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: vhost/vsock: Use kvmalloc/kvfree for larger packets. When copying a large file via sftp using vsock, the data size is usually 32 kB. In such cases, kmalloc seems to fail when attempting to allocate 32 32 kB regions. vhost-5837...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list The struct sdcacontrol structure declares the “values” field as an integer array. However, the memory allocated for this field is actually a char array. This causes a...
Astra Linux - уязвимость в grub2
Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...