Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: EROFS: Fix for incorrect early exits in invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early exits, leading to folio reference leaks. However, this does not cause syste...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only drop the call reference if one has been acquired. The function rxrpcinputpacketonconn can process a packet for the client after the current client call on the channel has already been terminated. In this case, chan-ca...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: fixed the refcount leak in xfrmmigratepolicyfind Syzkaller reported a memory leak in xfrmpolicyalloc: BUG: Memory leak Unreferenced object 0xffff888114d79000 size 1024: comm “syz.1.17”, pid 931 … xfrmpolicyalloc+0xb3/0x4b0...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Under NFSv4.1, fix the issue where double svcxprtput operations on rpccreate cause failures. In error situations, clp-clcbconn.cbxprt should not be referenced as an xprt. Otherwise, both client cleanup and error handling...

Astra Linux - уязвимость в thunderbird

After a VR process is destroyed, a reference to it may have been retained and used, leading to a “use-after-free” issue and potentially exploitable crashes. This vulnerability affects Thunderbird 91.8 and Firefox ESR 91.8...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, when the fence has already been signaled. We have created a helper function to...

Astra Linux - уязвимость в firefox, thunderbird

Race conditions in reference counting code were identified through code analysis. These conditions could lead to exploitable use-after-free vulnerabilities. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “comedi: runflags cannot determine whether to reclaim chanlist” The syzbot reported a memory leak 1. The commit 4e1da516debb “comedi: Add reference counting for Comedi command handling” did not account for the exceptional exit ca...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fix neighbor use-after-free We sometimes observe use-after-free when dereferencing a neighbor 1. The problem seems to be that the driver stores a pointer to the neighbor, but does not hold a reference to it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The WARNON message in tracingbuffersmmapclose has been fixed. When a process forks, the child process copies the parent’s virtual memory addresses, but the reference count of usermapped is not incremented. As a result,...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in btrfsgetrootref in fs/btrfs/disk-io.c within the btrfs filesystem of the Linux kernel, due to a double decrement of the reference count. This issue may allow a local attacker with user privileges to crash the system or may lead to the leakage of internal kernel informatio...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: The issue of a reference leak during lpspipreparexferhardware has been fixed. pmruntimegetsync will increment the pm usage counter even if the operation fails. Forgetting to replace this operation with...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: Clearing MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvice with MADVSOFTOFFLINE. The bug is triggered when retrying getanypage. This occurs because the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ima: fixed a reference leak in asymmetricverify Do not leak a reference to the key if its algorithm is unknown...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fixed the mpolnew leak in sharedpolicyreplace. If mpolnew is allocated but not used during the restart loop, mpolnew will be freed via mpolput before returning to the caller. However, refcnt has not been initialized...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fixed a refcount leak in gamecubertcreadoffsetfromsram. The offindcompatiblenode function returns a node pointer whose refcount is incremented. We should use ofnodeput on it after processing. Also, add the missing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fixed error handling in mt8195mt6359rt1019rt5682devprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix for the race between nbdallocconfig and module removal When the nbd module is being removed, nbdallocconfig may be called concurrently by nbdgenlconnect. Although trymoduleget will return false, nbdallocconfig does not...