Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Added ofnodeput before wcdb934xcodecparsedata. The devicenode pointer is returned by ofparsephandle with a refcount incremented. We should use ofnodeput on it after that operation. This is similar to the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed an issue where the dstclone function was used, but the result was set incorrectly. This issue arises because the entry might have a reference count of 0 or be already deleted, causing various problems...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: The dvbdev: device driver adopts a mechanism called refcnt to avoid Use-After-Free errors. It is known that the function dvbunregisterdevice is prone to use-after-free issues. In other words, the cleanup performed by...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Hash tables are only reset when supported. Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cachefiles: The issue of incorrect dentry refcount in cachefilescull has been fixed. The patch mentioned below changed cachefilesburyobject to expect 2 references to the ‘rep’ dentry. Three of the caller functions were changed to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drbd: Added krefget to the handlewriteconflicts function. With “two-primaries” enabled, DRBD attempts to detect “concurrent” writes and handle write conflicts. This ensures that even if you write to the same sector simultaneously...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the “disable” sysfs attribute. The show and store callback routines for the “disable” sysfs attribute in port.c acquire the device lock for the port’s parent hub. This can cause problems if another...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: pid: taking a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the struct pid of the init task. Later, we may change cadpid via sysctl. When this happens, procdocadpid will increment the...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb – fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented upon a return from the functions imgi2cxfer and imgi2cinit. However, pmruntimegetsync will still incremen...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fixed Use-after-Free, failed to increment the ref count of a skb while it was in use. This patch addresses a Use-after-Free issue identified by the syzbot. The problem arises when a skb is taken from the per-session s...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fixed a memory leak in uss720probe. uss720probe forgets to decrease the refcount of usbdev in uss720probe. This issue was fixed by decreasing the refcount of usbdev using usbputdev. BUG: memory leak. Unreferenced...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the remap of the arena. The BPF arena logic did not account for the mremap operation. Added a reference count for multiple mmap events to prevent use-after-free in arenavmclose...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphierspiprobe The issue occurs in several error paths within uniphierspiprobe. When either dmagetslavecaps or devmspiregistermaster returns an error code, the function forgets to...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tee, amdtee: fixed the use-after-free vulnerability in amdteeclosesession. There is a potential race condition in amdteeclosesession that may cause a use-after-free in amdteeopenSession. For example, if a session has a referen...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix for the race between nbdallocconfig and module removal When the nbd module is being removed, nbdallocconfig may be called concurrently by nbdgenlconnect. Although trymoduleget will return false, nbdallocconfig does not...

Astra Linux - уязвимость в firefox, thunderbird

Race conditions in reference counting code were identified through code analysis. These conditions could lead to exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, when the fence has already been signaled. We have created a helper function to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of two refcount values on its page. We are the owner o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: 9p: Fixed the fid refcount leak in v9fsvfsgetlink. We now check for protocol versions that are later than required, after a fid has been obtained. Simply move the version check to an earlier stage...