251600 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ofnuma: Fixed uninitialized memory nodes that caused kernel panic. When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit includes the following...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix the double-free of fwnode in i2cunregisterdevice Before committing the change df6d7277e552 “i2c: core: Do not dereference fwnode in struct device”, i2cunregisterdevice only called fwnodehandleput on ofnode-s by...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: A refcount bug was fixed in qrtrrecvmsg. Syzbot reported the following bug: refcountt: An addition operation resulted in 0; a use-after-free occurred. … RIP: 0010:refcountwarnsaturate+0x17c/0x1f0, lib/refcount.c:25. …...
Astra Linux - уязвимость в node-tar
The npm package “tar” also known as node-tar in versions prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has a vulnerability related to arbitrary file creation/overwriting, due to insufficient symlink protection. node-tar aims to ensure that any file whose location would be modified by a symbolic link i...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fixed a potential use-after-free issue in airohanpuget. np-name was being used after calling ofnodeputnp, which releases the node and could lead to a use-after-free bug. Previously, ofnodeputnp was called...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Place the child node before the return statement. Placing the child node before the return statement helps to prevent potential reference count leaks. Typically, the reference count of a child node is automatically...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fixed the refcount leak in wusb3801probe I encountered the following report during the fault injection test: OF: ERROR: memory leak; the expected refcount was 4 instead of 1. ofnodeget/ofnodeput is unbalance...
Astra Linux - уязвимость в node-getobject
A vulnerability in the “getobject” version 0.1.0 prototype allows an attacker to cause a denial of service and may lead to remote code execution...
Astra Linux - уязвимость в nodejs
A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Address the issue reported by KCSAN regarding bpflrulist. KCSAN reported a data-race when accessing node-ref. Although node-ref doesn’t need to be accurate, take this opportunity to use a more common READONCE and WRITEONC...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: Prevent NULL dereferencing in cifscomposemountoptions. The optional @ref parameter may contain a NULL nodename, so dereferencing it in cifscomposemountoptions should be prevented. Addresses-Coverity: 1476408 “Explicit NULL...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fixed node corruption in the “ar-arvifs” list In the current WLAN recovery code flow, the ath11kcorehalt function only re initializes the “arvifs” list head. This causes the list node immediately following the list...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Memory issue: tegra20-emc – fixed a bug related to references to OF nodes in tegraemcfindnodebyramcode. When the offindnodebyname function releases the reference to the argument “device node”, the tegraemcfindnodebyramcode functi...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/spufs: Fixed a refcount leak in spufsinitisolatedloader. The function offindnodebypath returns a nodepointer for a remote device, with the refcount incremented. We should use ofnodeput on it after processing. Add the...
Astra Linux - уязвимость в node-tar
The npm package “tar” also known as node-tar in versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent the extraction of absolute file paths by converting absolute paths into relative...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ath10k: Error handling in ath10ksetupmsaresources has been fixed. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only call...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: All reserved memblocks on Node0 are set at initialization. After the commit 61167ad5fecdea "mm: pass nid to reservebootmemregion", a panic occurs if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the vport QoS cleanup mechanism in case of errors. When enabling vport QoS fails, the scheduling node never gets freed, leading to a leak. Added the missing free operation and reset the vport scheduling node point...
Astra Linux - уязвимость в nodejs
A memory leak could occur when a remote peer abruptly closes the socket without sending a “GOAWAY” notification. Additionally, if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer, the same memory leak will be triggered. This flaw could lead to increase...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: A refcount leak was fixed in ofgetocmem. ofparsephandle returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the missing ofnodeput function to avoid...