Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode.” However, freedevicenode is used for dlc-ofnode, but it need...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: The issue with bchbtreenodealloc has been fixed to ensure that the failure behavior is consistent. In some specific situations, the return value of bchbtreenodealloc might be NULL. This could lead to a potential NULL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fixed OF node reference count leakage. Automated reviews identified a leakage of the OF node reference count when checking whether the ‘leds’ child node exists. The Call ofputnode function is used to correct...

Astra Linux - уязвимость в node-cipher-base

There is a vulnerability in improper input validation in the cipher-base module, which allows for manipulation of input data. This issue affects cipher-base version 1.0.4...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid accessing uninitialized data in f2fssanitychecknodefooter. syzbot reported the following bug: BUG: KMSAN: Access to uninitialized data in f2fssanitychecknodefooter+0x374/0xa20; file...

Astra Linux - уязвимость в node-shelljs

ShellJS is vulnerable to improper privilege management...

Astra Linux - уязвимость в node-y18n

The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fixed the refcount leak in esdhcsignalvoltageswitch. The offindmatchingnode function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Ad...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/alpine-msi: The refcount leak in alpinemsixinitdomains has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add...

Astra Linux - уязвимость в gpac

A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fixed the refcount leak issue. In pmaccpufreqinitMacRISC3, we need to add the corresponding ofnodeput function for the three node pointers whose refcount has been incremented by offindnodebyname...

Astra Linux - уязвимость в f2fs-tools

There is an exploitable information disclosure vulnerability in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...

Astra Linux - уязвимость в http-parser

Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

Astra Linux - уязвимость в ansible

A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...

Astra Linux - уязвимость в libraw

In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...

Astra Linux - уязвимость в node-thenify

This affects the thenify package before version 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this value is passed to the eval function without any sanitization...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fixed a refcount leak in gamecubertcreadoffsetfromsram. The offindcompatiblenode function returns a node pointer whose refcount is incremented. We should use ofnodeput on it after processing. Also, add the missing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fixed error handling in mt8195mt6359rt1019rt5682devprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ARM: exynos: Fixed a refcount leak in exynosmappmu. The offindmatchingnode function returns a node pointer with a refcount incremented. We should use ofnodeput on this pointer when it is no longer needed. Added missing ofnodep...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix for ofk3udmaglueParsechnbyid The ofk3udmaglueParsechnbyid helper function erroneously invokes “ofnodeput” on the “udmaxnp” device node that was passed to it. Additionally, its reference count was...