Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fixed a use-after-free in epremovewaitqueue If a non-root cgroup is removed while there is a thread that registered a trigger and is polling on a pressure file within the cgroup, the polling waitqueue will be freed in...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fixed the memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the memory leak in sashba.phy in mpi3mrremove. Released mrioc-sashba.phy during .remove...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: A buggy exit annotation for the remove function was removed. With tpd12s015remove marked with exit, this function is discarded when the driver is compiled as a built-in component. As a result, when the driv...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fixed a reference count leak in the probe and remove functions. rcarfcpget takes a reference, which should be balanced with rcarfcpput. Added the missing rcarfcpput function in fdp1remove, and corrected the error...

Astra Linux - уязвимость в ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, certain configurations of Rails::Html::Sanitizer could potentially introduce XSS vulnerabilities. An attacker could inject content if the application developer overrides the sanitizer’...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels larger during iavfremove, and waiting reset done would be timeout, then returned with error but changed numactivequeues directly, that will lead to OOB li...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A use-after-free flaw was discovered in ndlcremove in drivers/nfc/st-nci/ndlc.c within the Linux kernel. This flaw could allow an attacker to cause the system to crash due to a race condition...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed another UAF in binderdevices. The commit e77aff5528a18 "binderfs: fixed a use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, leading to a UAF and system crash. The driver does not...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fixed the omission of platformsetdrvdata Added platformsetdrvdata to armniprobe; otherwise, calling platformgetdrvdata in remove will return NULL...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: added a missing clkdisableunprepare call in intelethpciremove. The commit 09f012e64e4b “stmmac: intel: Fix clock handling on error and remove paths” removed this clkdisableunprepare call. This issue was partially...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: power: supply: bq27xxx: Fixed handling of pollinterval and races during removal operations. Before this patch, bq27xxxbatteryteardown set pollinterval to 0 to avoid requeuing the delayedwork item during bq27xxxbatteryupdate...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after removeprocentry. syzbot reported a warning in bcmrelease. 0 The corrected code fixed another warning that occurs when connect is called again for a socket whose connected device has been...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Do not use the strip and remove functions when the driver is built-in. Using exit for the remove function causes the remove callback to be discarded when CONFIGMMCDAVINCI=y. When such a device becomes unbound e.g.,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fixed a use-after-free in the “remove” path of the driver. When devm runs functions in the “remove” path for a device, it does so in reverse order. This means that if there are parts of your driver that do...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: imx: Do not skip cleanup in the error path of the remove function Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue i...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PM: domains: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must have had dput called upon it; otherwise, memory will leak over time. To simplify things, simply call...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: removing an entry instead of using null-ptr-dereference in ocfs2xaremove Syzkaller can trigger null-ptr-dereference in ocfs2xaremove: 57.319872 a.out,1161,7:ocfs2xaremove:2028 ERROR: status = -12 57.320420...