Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: i3c: Added a NULL pointer check in i3cmasterqueueibi The I3C master driver may receive an IBI from a target device that has not yet been probed. In such cases, the master calls i3cmasterqueueibi to queue an IBI work task, leading...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fixed DIO failure due to insufficient transaction credits The code in ocfs2dioendiowrite estimates the number of transaction credits required using ocfs2calcextendcredits. However, this does not take into account that the ...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filtering vsyscall addresses We have found that a panic can occur when a vsyscall is executed while LBR sampling is active. If the vsyscall is interrupted via NMI for perf sampling purposes, the following call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fixed the kernel panic by avoiding accessing unallocated eeprom.data. The MT7921 driver no longer uses eeprom.data, but the relevant code has not been completely removed since the commit 16d98b548365 “mt76: mt7921:...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: A fix was made to avoid potential panics during recovery. During recovery, if FAULTBLOCK is enabled, it is possible that f2fsreservenewblock will return -ENOSPC during recovery, which may trigger a panic. Additionally, i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: perf: Check the return value of findfirstbit We must check the return value of findfirstbit before using its value as an index array, as it may cause the array to overflow and lead to a panic: 107.318430 Kernel BUG 1...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: A fix was made to perform a sanity check on the destination blkaddr during recovery. As Wenqing Liu reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: A change in capacity was detected, from 0...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1

A race condition was detected in the Linux kernel’s scsi device driver, specifically in the lpfcunregisterfcfrescan function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed SError causing kernel panic upon closing. The occurrence of SError causing kernel panic was rare during testing. The root cause was entering suspend mode due to an timeout of the autosuspend delay...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: Register the MDIO bus under devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: preventing dereferencing of ZEROSIZEPTR when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc, with ethsw-swattr.numifs as the element count. When the device reports zero...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Verify the availability of the driver for the pathevent call. If no driver is attached to a device, or if the driver does not provide the pathevent function, an FCES path-event on this device could result in a...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. In RXE, there is a lack of update of the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation...

Astra Linux - уязвимость в golang-1.15

In versions of Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count present in the archive’s header can lead to a panic in NewReader or OpenReader...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: hv: vmbus: Disabled the option to deactivate sysctlrecordpanicmsg by default in isolated guests. The hvpanicpage may contain information sensitive to guests; do not dump this information to Hyper-V by default in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the paprscm probe is called. The panic occurs as follows, and it only occurs...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: scsi: fcoe: Fixed the issue where the transport object is not detached when fcoeifinit fails. fcoeinit calls fcoetransportattach&fcoeswtransport, but when fcoeifinit fails, &fcoeswtransport is not detached, and the freed...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsllpuart: disable dma rx/tx use flags in lpuartdmashutdown lpuartdmashutdown tears down the lpuart DMA, but lpuartflushbuffer can still occur, which attempts to access DMA APIs if the lpuartdmatxuse flag is true...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe also fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fixed kernel panic during ndotxtimeout callback The Xeon validation group has conducted some load tests with various hardware configurations. During these tests, some transmit queue timeouts occurred. This caused the reset...