Malicious code in wallet-backup-verifier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3537e19be49ba9b1222856a7df147f5751a129e0b9eac69158467e21c0a1755a Package presents itself as a 'Community Security Alliance' MCP server for verifying cryptocurrency wallet backups, but performs three concrete...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable from mtkiommuremove. After the commit b34ea31fe013 “iommu/mediatek: Always enable the clk on resume”, the iommu clock is controlled by the runtime callback. Therefore, clkdisable was removed from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dpaa2-switch: Fixed a memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove. The cmdbuff needs to be freed when an error occurs in dpaa2switchaclentryadd and dpaa2switchaclentryremove...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also be processed by calling dput; otherwise, memory leaks will occur over time. To simplify things,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firewire: ohci: prevents leakage of leftover IRQs when unbinding The commit 5a95f1ded28691e6 “Firewire: ohci: uses a devres for the requested IRQ” also removed the call to freeirq in pciremove. This resulted in a leftover IRQ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free flaw was discovered in btsdioremove in the drivers\bluetooth\btsdio.c file within the Linux kernel. In this flaw, calling btsdioremove with an unfinished job may lead to a race condition, resulting in a User Account Fault UAF on HDev devices...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: qcom/emac – fixed a UAF Use-after-Free issue in emacremove. “adpt” is netdev private data, and it cannot be used after the freenetdev call. Using “adpt” after freenetdev can cause a UAF bug. This issue was fixed by movi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtkscp: Fixed a potential double-free issue. scp-rproc is allocated using devmrprocalloc, so there is no need to explicitly free it in the remove function...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: removed BUGON functions in addnewfreespace In addnewfreespace, there are BUGON functions that are used to handle any failures in adding free space to the in-memory free space cache. Such failures are mostly due to ENOME...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of platform device leakage during module removal. Avoid resetting the i8042platformdevice pointer across modules in i8042probe or i8042remove, so that the device can be properly destroyed by i8042ex...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fixed a race condition between netvscprobe and netvscremove. In commit ac5047671758 “hvnetvsc: Disabling NAPI before closing the VMBus channel”, napidisable was called for all channels, including all subchannels, withou...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kernfs: fixed the potential NULL dereference in kernfsremove. When lockdep is enabled, lockdepassertheldwrite could cause a potential NULL pointer dereference. The following smatch warnings have been fixed: fs/kernfs/dir.c:1353...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: sideband: do not dereference a freed ring when removing a sideband endpoint. In the xhcisidebandremoveendpoint function, it is incorrect to assume that the endpoint is running and has a valid transfer ring. Lianqin...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fixed a resource leak in the remove callback. The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of the SPI controller and other resources. This issue has been addressed by...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fixed a use-after-free bug in qediremove In qediprobe, we call qediprobe, which initializes &qedi-recoverywork with qedirecoveryhandler and &qedi-boarddisablework with qediboarddisablework. When...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: moxart: fixed potential use-after-free when removing a path. It was reported that the mmc host structure could be accessed after it was freed in moxartremove. Therefore, this issue was addressed by saving the base register of the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: trace/blktrace: A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must also call dput, otherwise a memory leak will occur over time. To simplify things, simply call debugfslookupandremove, whi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fixed a memory leak in 'host1xremove'. A missing call to 'host1xchannellistfree' was added in the remove function, just as already done in the error handling path of the probe function...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Do not skip cleanup in the error path of the remove function. Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue ...