Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: The mask PEBSENABLE must be set for the guest when the value of vCPU is used. When generating the MSRIA32PEBSENABLE value that will be loaded on the VM-Entry to a KVM guest, the value should be masked with th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: The segfault caused by PEBS-via-PT with a sample frequency has been fixed. Currently, using PEBS-via-PT with a sample frequency instead of a sample period causes a segfault. For example: BUG: Kernel NULL pointer...

Astra Linux - уязвимость в linux

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of performance APIs in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Firefox

The Performance API did not properly hide the fact that whether a request to a cross-origin resource has observed redirects. This vulnerability affects Firefox versions less than 100...

Astra Linux – Vulnerability in Firefox

When using the Performance API, attackers were able to detect subtle differences between PerformanceEntries, thereby determining whether the target URL had undergone a redirect. This vulnerability affects Firefox 103...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fixed powerpmudisable to call clearpmiirqpending only if PMI is pending Running a self-test with CONFIGPPCIRQSOFTMASKDEBUG enabled in the kernel triggered the following warning: 172.851380 ------------ Cut here...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out-of-bounds access when parsing CPC data If the NumEntries field in the CPC return packet is less than 2, do not attempt to access the “Revision” element of that packet, because it may not be present at that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the vPMEM is used and the paprscm probe is called. The panic occurs as...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fixed an unchecked MSR access error related to HSW. The fuzzer triggers the following trace: 7763.384369 Unchecked MSR access error: WRMSR to 0x689 attempted to write 0x1fffffff8101349e at rIP:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable status which contains the unhandled overflow bits is not being properly masked in some cases, resulting in the following warning: WARNING: CPU: 156 PID: 475601 at...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86/pmu: Disabled support for adaptive PEBS. Support for virtualizing adaptive PEBS has been discontinued. This is because KVM’s implementation is architecturally broken without an obvious or easy way to address this issu...

Astra Linux – Vulnerability in edk2

The BootPerformanceTable pointer is retrieved from an NVRAM variable within PEI. It is recommended that the PcdFirmwarePerformanceDataTableS3Support be set to FALSE...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: The active performance monitor must be stopped before it is destroyed. When the file descriptor is closed, the active performance monitor is not stopped. Although all performance monitors are destroyed in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fixed a potential division-by-zero error in emcomputecosts. When the device is of a non-CPU type, tablei.performance will not be initialized in the previous eminitperformance call. This results in a division by zero when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a system hang caused by CPU-clock usage. CPU-clock usage by the async-profiler tool can trigger a system hang. This issue was fixed starting with the following commit by Octavia Togami: 18dbcbfabfff “perf: Fixed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: converting workqueues to unbound mode When a workqueue is created with WQUNBOUND, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration i.e.,...

Astra Linux – Vulnerability in Firefox, Thunderbird

A violation of the same-origin policy could have allowed the theft of cross-origin URL entries, leading to the leakage of the results of a redirect, through the use of performance.getEntries. This vulnerability affects Firefox 106, Firefox ESR 102.4, and Thunderbird 102.4...