Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...

Astra Linux - уязвимость в poppler, poppler-22

Poppler is a PDF rendering library. Versions before 25.06.0 use std::atomicint for reference counting. Since std::atomicint is only 32 bits in size, it is possible for the reference count to overflow, leading to a use-after-free. Version 25.06.0 addresses this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: prevents the LSM program from leaking after a failed attach. In 0, we added the ability to use bpfprogattach for LSM programs within cgroups. However, during our validation to ensure that the program is indeed attached to...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed a reference leak in the GID entry when the createah operation fails. If the AH create request fails, the sgidattr should be released to avoid a reference leak during the release of the GID table...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Address the issue reported by KCSAN regarding bpflrulist. KCSAN reported a data-race when accessing node-ref. Although node-ref doesn’t need to be accurate, take this opportunity to use a more common READONCE and WRITEONC...

Astra Linux - уязвимость в parsec

The vulnerability of the PARSEC security subsystem is related to the improper release of memory before deleting the last reference. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: ipu6: Fixed a RPM reference leak in error handling paths. Several error paths in ipu6pciprobe allowed code to directly jump to outipu6busdeldevices without releasing the runtime PM reference. Added pmruntimeputsync befo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: A cred reference leak was fixed in nfsdnllistenersetdoit. The function nfsdnllistenersetdoit uses getcurrentcred without using putcred. As we can see from other calls, svcxprtcreatefromsa does not require an additional...

Astra Linux - уязвимость в firefox, thunderbird

If an AlignedBuffer is assigned to itself, the subsequent self-move operation may lead to an incorrect reference count, potentially causing a use-after-free issue. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fixed a reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routine has a clear reference leak in its error handling path. If the call to kernfsfindandget fails, kn will be NULL. As a result, th...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken every time it was used, but it was only released once, when the final reference to the tty struct was removed. This issue is fixed by taking th...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Place the child node before the return statement. Placing the child node before the return statement helps to prevent potential reference count leaks. Typically, the reference count of a child node is automatically...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fixed a reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented upon returning from lpi2cimxmasterenable. However, pmruntimegetsync will still increment the PM reference...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Prevent NULL dereferencing in cifscomposemountoptions. The optional @ref parameter may contain a NULL nodename, so dereferencing it in cifscomposemountoptions should be prevented. Addresses-Coverity: 1476408 “Explicit NULL...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/dpmst: Ensure that the mstprimary pointer is valid in drmdpmsthandleupreq. While receiving an MST up request message from one thread in drmdpmsthandleupreq, the MST topology might be removed by another thread via...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fixed the issue where the reference count of the platform device was checked during the error path. The probe function never performs any platform device allocation. Therefore, the error path “undoplatformdevalloc”...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: All requests are flushed after setting CACHEFILESDEAD. In ondemand mode, when the daemon is processing an open request, if the kernel marks the cache as CACHEFILESDEAD, the cachefilesdaemonwrite function will always...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixed the reference count leak issue of the netdevice object. There is a reference count leak issue with the object “netdevice” in the function ax25devdevicedown. When the ax25 device is being shut down, the ax25devdevicedo...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: gpio: amd8111: Fixed the issue with the reference count leak of PCI devices. The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference coun...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Better tracking of kernel sockets’ lifetimes While kernel sockets are destroyed during pernetoperations-exit, their freeing can be delayed due to any TX packets still held in qdisc or device queues. This occurs because of...