Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to insufficient memory, the ‘config’ pointer can also become NULL. A check should be added to prevent NULL dereferencing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrementing rereceiving on early exit paths In cases where rpcrdmapostrecvs fails to create a work request due to memory allocation failures, for example or exits early, we should decrement ep-rereceiving before...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: removed calls to xchkxfiledescr macros. The xchkxfiledescr macros use kasprintf, which may fail to allocate memory if the formatted string is longer than 16 bytes or whatever value nofail currently guarantees. Some of the...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data. The driver needs to keep track of all possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256, and the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet: Device: am65-cpsw-nuss: Fixed the skb size by taking into account skbsharedinfo. While transitioning from netdevallocip Align to buildskb, memory for the “skbsharedinfo” member of an “skb” was not allocated...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: Added an upper bound on maxvclocks. syzbot reported a WARNING regarding maxvclocksstore. This occurs when the argument max is too large for kcalloc to handle. The protection mechanism was extended to prevent values that are...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity directly calls decompression instead of triggering another workqueue context for minimal scheduling latency. Th...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: wcn36xx – Fix the memory allocation size for channel survey. KASAN reported a memory allocation issue in wcn-chansurvey, due to incorrect size calculations. This commit uses kcalloc to allocate memory for wcn-chansurvey,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: a potential memory leak has been fixed in ext4fcrecordregions. Since krealloc may return NULL, in this case, state-fcregions may not be freed by krealloc. However, state-fcregions is already set to NULL. This could lead to ...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: Xilinx: Do not perform sleepable memory allocations from an atomic context. The following issue was discovered using lockdep: 6.691371 BUG: A sleeping function is called from an invalid context at...

Astra Linux - уязвимость в jbigkit

In LibTIFF 4.0.8, there is a memory allocation failure in the tifjbig.c file. A specially crafted TIFF document can cause an abort, leading to a remote denial-of-service attack...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fixed possible NULL dereferencing. If sndhdagenaddkctl fails to allocate memory and returns NULL, then a NULL pointer dereferencing will occur in the next line. Since the dolphinfixups function is a hdafixup...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions improperly handle XML entities, resulting in an infinite loop where memory allocation occurs...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fixed null pointer dereferencing in pinctrldttomap Here is the BUG report by KASAN regarding null pointer dereferencing: BUG: KASAN: nullptrderef in strcmp+0x2e/0x50 A read of size 1 was performed at address...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: unittest – Fix null pointer dereferencing in ofunittestfindnodebyname Description: When kmalloc fails to allocate memory in kasprintf, name or fullname will be NULL, and strcmp will cause a null pointer dereference...

Astra Linux - уязвимость в harfbuzz

HarfBuzz is a text shaping engine. Prior to version 12.3.0, there was a null pointer dereference vulnerability in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check whether hbmalloc returns NULL before using placement new to construct an...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mm: slub: Avoid waking up kswapd in settrackprepare settrackprepare may cause lock recursion. The issue arises when it is called from hrtimerstartrangens, which holds percpuhrtimerbasesn.lock. However, when CONFIGDEBUGOBJECTSTIME...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Added a NULL check in imxcardprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, imxcardprobe does not check for this case, which results in a NULL pointer being dereferenced. Ad...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations. The exec and vmbind ioctls allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs value can force an excessively large...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fixed a deadlock in memory allocation under spinlock. A deadlock occurred in the refillskbs function, where memory allocation while holding skbpool-lock could trigger a recursive lock acquisition attempt. This deadlock...