Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: All requests are flushed after setting CACHEFILESDEAD. In ondemand mode, when the daemon is processing an open request, if the kernel marks the cache as CACHEFILESDEAD, the cachefilesdaemonwrite function will always...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixed the reference count leak issue of the netdevice object. There is a reference count leak issue with the object “netdevice” in the function ax25devdevicedown. When the ax25 device is being shut down, the ax25devdevicedo...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: gpio: amd8111: Fixed the issue with the reference count leak of PCI devices. The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference coun...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Better tracking of kernel sockets’ lifetimes While kernel sockets are destroyed during pernetoperations-exit, their freeing can be delayed due to any TX packets still held in qdisc or device queues. This occurs because of...

Astra Linux - уязвимость в libdbi-perl

A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device’s release function refers to its parent device, but does not keep a reference to it. When registering the altmode, a reference to the parent device should be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Makes bpfrefcountacquire failable for references that are not owned by the program. This patch fixes an incorrect assumption made in the original bpfrefcount series 0. Specifically, it assumes that the BPF program calling...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/sched: Fixed the leak caused by referencing the fence’s reference count. The lastscheduledfence variable leaks when an entity is being terminated, and the cleanup callback fails. The reference count of prev should be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak The commit 20d72b00ca81 “netfs: Fix the request’s work item to not require a ref” modifies netfsallocrequest to initialize the reference counter to 2 instead of 1. The rationale is that the request’s...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ARM: versatile: Added ofnodeput in dcscbinit. The devicenode pointer is returned by offindcompatiblenode, with the reference count incremented. We should use ofnodeput to avoid the reference count leak...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the issue where a new block group that becomes unused after creation could lead to a use-after-free condition. If a task creates a new block group and that block group becomes unused before it is fully created, durin...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: A possible memory leak caused by the absence of pcidevput has been fixed. pcigetdevice will increase the reference count of the returned pcidev. We need to use pcidev PUT to decrease the reference count before...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv4: A reference count leak was addressed when using error routes with nexthop objects. When a nexthop object is deleted, it is marked as “dead”, and then fibtableFlush is called to flush all routes that use the dead nexthop. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: fs, fix UAF in flow counter release Fixed a kernel issue caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte. In this case, the refcount and mutex of the HWS action were not initialized,...

Astra Linux - уязвимость в postgresql-11

Inclusion of untrusted data in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for execution during dump restoration, as the client operating system account running psql restores the dump using psql meta-commands. pgdumpall is also affected. pgresto...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Memory issue: tegra20-emc – fixed a bug related to references to OF nodes in tegraemcfindnodebyramcode. When the offindnodebyname function releases the reference to the argument “device node”, the tegraemcfindnodebyramcode functi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net:mctp: Fixed the device reference leak that occurred during probe failures. The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to ho...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes a memory leak in iucvsockdestruct. Passing the MSGPEEK flag to skbrecvdatagram increments the skb refcount skb-users, while iucvsockrecvmsg does not decrement the skb refcount at exit. This results in a...