Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fixed a race condition between concurrent call paths that invoke dwc3removerequests. This patch addresses a race condition caused by unsynchronized execution of multiple call paths that invoke dwc3removerequests, leadi...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fixed a use-after-free bug in ndlcremove due to a race condition. This bug affects both stncii2cremove and stncispiremove. Take stncii2cremove as an example. In stncii2cprobe, it calls ndlcprobe and binds &ndlc-smwor...

Astra Linux - уязвимость в rustc

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: dd: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must have the dput function called upon it. Otherwise, a memory leak will occur over time. To simplify things,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there’s a use-after-free in hciremoveadvmonitor. By examining the disassembly, it can be seen that the issue arises from the access in...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: A resource leak has been fixed in the zorro7xxremoveone function. The error-handling code of the probe releases a resource that is not actually freed within the remove function. In some cases, the ioremap operatio...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: s390/dcssblk: fixed the kernel crash caused by corruption in listadd. The commit fb08a1908cb1 “dax: simplified the daxdevice gendisk association” introduced new logic for gendisk association, requiring drivers to explicitly ca...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PM: EM: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: md-raid10: fixed the KASAN warning There is a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We have fixed this warning by verifying that the value “number” is valid. BUG: KASAN:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: remove the cpuhp instance node before removing the cpuhp state The functions cpuhpstateaddinstance and cpuhpstateremoveinstance should be used in pairs. Otherwise, a warning will be issued during the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, a memory leak will occur over time. To simplify things, simply call...

Astra Linux - уязвимость в fribidi

A segmentation fault flaw was detected in the Fribidi package, affecting the fribidiremovebidimarks function in the lib/fribidi.c file. This flaw allows an attacker to submit a specially crafted file to Fribidi, resulting in a crash and causing a denial of service...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handling of the case where pmruntimeget fails in .remove. In the unlikely event that pmruntimeget disguised as pmruntimeresumeandget fails, the remove callback returns an error early. The problem with this is tha...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “sh: push-switch: Reorder cleanup operations to avoid use-after-free bug” The original code placed “flushwork” before “timershutdownsync” in “switchdrvremove”. Although we use “flushwork” to stop the worker, it could be reschedul...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, a memory leak will occur over time. To simplify things, simply call...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fixed a use-after-free in epremovewaitqueue If a non-root cgroup is removed while there is a thread that registered a trigger and is polling on a pressure file within the cgroup, the polling waitqueue will be freed in...

Astra Linux - уязвимость в linux-5.10, linux-5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the rkvdecremove function in drivers/staging/media/rkvdec/rkvdec.c...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83792d Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7 NULL pointer...