Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: HID: core: removed the unnecessary WARNON function in implement. The syzkaller triggered a warning 1 when calling implement, attempting to write a value into a field of smaller size in an output report. Since implement already ha...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fixed an info leak in hidsubmitctrl. In hidsubmitctrl, the way of calculating the report length does not take into account that report-size can be zero. When running the syzkaller reproducer, a report of size 0 cause...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fixed potential NULL pointer dereferencing in ncmbitrate In Google’s internal bug report 265639009, we received a crash report from a aarch64 GKI 5.10.149-android13 running device. According to the report, the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereferencing in steamrecv,sendreport It is possible for a malicious device to fail to submit a Feature Report. The HID Steam driver currently does not handle this situation and dereferences the...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in a report descriptor that is smaller than 607 bytes. mtreportfixup attempts...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the issue “KASAN: slab-use-after-free Read in ibdevicerename”. Call Trace: dumpstack: lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0: lib/dumpstack.c:120 printaddressdescription: mm/kasan/report.c:408 inline...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: bpfskstorage: Fixed invalid wait context lockdep report "The ./testprogs -t testlocalstorage" command reported a splat error: 27.137569 ============================= 27.138122 BUG: Invalid wait context 27.138650...

Astra Linux - уязвимость в firefox, thunderbird

Through the use of reportValidity and window.open, a plain-text validation message could be displayed on another origin, potentially causing confusion for users and allowing for spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: Block, bfq: Fixed a potential UAF issue for bfqq-bic when using the merge chain. 1 Initial state: Three tasks: - Process 1 Process 2 Process 3 - BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | V | V | V bfqq1 bfqq2 bfqq3 Process referenc...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Ensure that the index calculations will never cause an overflow. WHY & HOW Ensure that the calculations of vmid0p72idx, vnom0p8idx, and vmax0p9idx will never cause an overflow or exceed the array size. This fi...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: HID: logitech-dj: Fixed a memory leak in logidjrecvswitchtodjmode. Fixed a memory leak in the logidjrecvsendreport error path...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Remove the unreasonable unlock in ocfs2readblocks. Patches in the “Misc fixes for ocfs2readblocks” series, version 5. This series includes two fixes for ocfs2readblocks. The first patch addresses the issue reported by...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in roseneigh refcount The current implementation maintains two separate reference counting mechanisms: the count field in the struct roseneigh structure tracks references from rosenode structure...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: afunix: fixed the issue of struct pid leaks in OOB support. The issue was that the queueoob function called maybeaddcreds, which potentially holds a reference to a pid. However, the skb-destructor was not set either directly o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotpsendmsg: added a result check for waiteventinterruptible. The waiteventinterruptible function is used to wait for complete transmission, but the result of this function, which may be interrupted, is not checked...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: Benchmark: Properly handling NUMANONODE. The cpumaskofnode function can be called within domapbenchmark when dealing with NUMANONODE. This results in the following issue reported by the sanitizer tool: UBSAN: Array...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: blk-cgroup: fixed a UAF vulnerability by acquiring the blkcg lock before destroying the blkg. KASAN reports a use-after-free issue during the fuzz test: 693354.104835...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fixed a use-after-free in bpfxdplinkrelease The issue occurs between devgetbyindex and devxdpattachlink. At this point, devxdpuninstall is called. As a result, the xdp link will not be automatically detached when the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue of index out of bounds occurred when the index ‘i’ exceeded the number of transfer function points TRANSFERFUNCPOINTS...