Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: hwrng: amd – Fix the PCI device reference count leak foreachpcidev is implemented through pcigetdevice. The comment for pcigetdevice states that it will increase the reference count of the returned pcidev, and also decrease th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a UAF issue in bpftrampolinelinkcgroupshim. The root cause of this bug is that when ‘bpflinkput’ reduces the refcount of ‘shimlink-link.link’ to zero, the resource is considered released, but may still be referenced vi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: mtkethsoc: Reset the progptr to oldprog in case of an error in mtkxdpsetup. Reset the eBPF program pointer to oldprog, and do not decrease its reference count if the mtkopen routine in mtkxdpsetup fails...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure that the reference to the DMA master OF node is also removed during late route allocation failures...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: perf/core: Returns early when perfmmap fails. When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 architecture, this may increase the perfrdpmcallowed reference counter...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fixed kernel panic during warm reset During warm reset, device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel pan...

Astra Linux - уязвимость в parsec-cups

The vulnerability of the Parsec Cups protection and marking mechanism is related to the improper release of memory before deleting the last reference. Exploiting this vulnerability allows a hacker to trigger a service failure...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: rose: convert ‘use’ field to refcountt The ‘use’ field in the struct roseneigh structure is used as a reference counter, but it lacks atomicity. This can lead to race conditions, where a roseneigh structure is freed while...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipmi:ipmb: The refcount leak in ipmiipmbprobe has been fixed. ofparsephandle returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add the missing ofnodeput call to avoid the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: EROFS: Fix for incorrect early exits in invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early exits, leading to folio reference leaks. However, this does not cause syste...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Ensure that traceeventfile has a ref counter. The following actions can cause the kernel to crash: bash cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&-...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a UAF in smb20oplockbreakack. removed references after using opinfo...

Astra Linux - уязвимость в thunderbird

After a VR process is destroyed, a reference to it may have been retained and used, leading to a “use-after-free” issue and potentially exploitable crashes. This vulnerability affects Thunderbird 91.8 and Firefox ESR 91.8...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TLS: Fix for race conditions between async notify and socket close The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Any code after that point...

Astra Linux - уязвимость в python3.7, php7.3

The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Taking a reference to psock after locking rxlock to avoid leaks At the beginning of tlsswrecvmsg, we take a reference to psock, and then call tlsrxreaderlock. If this call fails, we return directly without releasing the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: nfc: Fixed potential resource leaks nfcgetdevice now takes a reference to the device and adds it; nfcputdevice is added to release it when no longer needed. Additionally, the warning message was corrected by using the error co...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented; therefore, it needs to be decremented to prevent the options structure from being permanently locke...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference to usbgetdev is not released during the gpiompsseprobe error paths. This issue was fixed by using device-managed helper functions. Additionally, the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fixed the omission of ofnodeput in mt2701wm8960machineprobe. This node pointer is returned by ofparsephandle, and the refcount is incremented in this function. Calling ofnodeput is required to avoid the refcount...