Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – fixed a potential array out-of-bounds access issue. The parameter IWLSECWEPKEYOFFSET will be used as needed during verification, along with determining the keylen value in the iwlmvmseckeyadd function...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Handling of errors when calling otx2mboxgetrsp in otx2dcbnl.c has been improved. A check for the error pointer was added after calling otx2mboxgetrsp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: ti: am65-cpsw: Fixed segmentation fault during module unloading. The call to am65cpswnussphylinkcleanup has been moved to after am65cpswnusscleanupndev, so phylink remains valid. This prevents the segmentation faul...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the memory leak of PBLE objects. In the case of rmmod for irdma, the memory of PBLE objects is not freed. PBLE objects’ memory is not statically allocated at the time of function initialization—unlike other HMC...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. The alternative would be to make ipip6devfree robust against multiple invocations,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fixed potential crashes during module unloading The vmbus driver relies on the panic notifier infrastructure to perform certain operations when a panic event is detected. Since vmbus can be built as a module, ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fixed a memory leak in testfirmwareinit. When miscregister failed in testfirmwareinit, the memory pointed to by testfwconfig-name was not released. The memory leak information is as follows: Unreferenced object...

Astra Linux - уязвимость в glibc

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...

Astra Linux - уязвимость в pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Module: Ensure that kobjectput is safe for the module type kobjects. In lookuporcreatemodulekobject, an internal kobject is created using modulektype. Therefore, calling kobjectput during error handling causes an attempt to use a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: The issue related to ref-counting on the PMU “vpapmu” has been fixed. Commit 176cda0619b6 “powerpc/perf: Add a perf interface to expose vpa counters” introduced “vpapmu” to expose the Book3s-HV nested APIv2. This...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Ice: The logic for copying the last block was omitted in icegetmoduleeeprom. icegetmoduleeeprom is broken since the commit e9c9692c8a81 “Ice: Reimplement module reads used by ethtool”. In this refactoring, icegetmoduleeeprom read...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Properly handle module initialization failures in staticcalldelmodule. The process of module insertion invokes staticcalladdmodule to initialize the static calls within a module. staticcalladdmodule calls...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: kprobes: Fixed a possible use-after-free issue during kprobe registration. When unloading a module, its state changes from MODULESTATELIVE to MODULESTATEGOING, and then to MODULESTATEUNFORMED. Each of these changes takes some...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: hda: Fixed UAF when reloading the module The function hdagenericmachineselect appends "-idisp" to the tplg filename by allocating a new string using devmkasprintf, and then storing that string back into the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a UAF issue when looking up kallsym after ftrace is disabled. The following issue occurs with a buggy module: BUG: Unable to handle a page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Do not destroy the workqueue from work items running on it. This issue was triggered by a decrease in the value of kref. The destroyworkqueue function might be called from within a work item to destroy its own...

Astra Linux - уязвимость в python3.11, python3.7

The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fixed a possible NULL dereference. In iwlmvmremovetimeevent, a check was added to ensure that ‘tedata-vif’ is NULL before dereferencing it...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed a use-after-free in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RCU grace...