Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipc: A memory leak has been fixed in initmqueuefs. When setupmqsysctls failed in initmqueuefs, the mqueueinodecachep variable was not released. To address this issue, the release path has been reordered...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: fixed a UAF Use-after-Allocation issue in xattr repair. The xchksetupxattrbuf function can allocate a new value buffer; therefore, any reference to ab-value before the call could become a dangling pointer. This issue was...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: The device was stopped in bondsetupbyslave. The commit 9eed321cde22 "net: lapbether: only support Ethernet devices" was able to keep syzbot away from net/lapb until today. In the following issue 1, a lapbether device...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: mtkethsoc: Reset the progptr to oldprog in case of an error in mtkxdpsetup. Reset the eBPF program pointer to oldprog, and do not decrease its reference count if the mtkopen routine in mtkxdpsetup fails...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is used only for the DP83822 PHY. The private data pointer remains uninitialized for the smaller DP83825/26 models. Although all uses of the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fixed a race condition between concurrent splits and refaults The splitting of a PUD entry in walkpudrange can cause a race with a concurrent thread that refaults the PUD leaf entry. This can result in trying to walk...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: um: Fixed an out-of-bounds read in LDT setup syscallstubdata expects the datacount parameter to be the number of longs, not bytes. ================================================================== Bugs: KASAN: Out-of-bounds acce...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mm/mempolicy: fixed an issue where uninit-value was present in mpolrebindpolicy. mpolsetnodemask mm/mempolicy.c does not set the nodemask when pol-mode is MPOLLOCAL. Check pol-mode before accessing pol-w.cpusetmemsallowed in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The linked list elements and pointers are not stored in the same memory as the HDMA controller register. If the doorbell register is toggled...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed the UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops.init fails, data is released. However, the pointer ptr in net.gen becomes invalid. In this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: of/fdt: Perform SOC memory setup when earlyinitdtscanmemory fails. If memory is found, earlyinitdtscanmemory now returns 1. If no memory is found, it returns 0, allowing other memory setup mechanisms to proceed. Previously,...

Astra Linux - уязвимость в qemu

A vulnerability related to out-of-bounds read/write access was discovered in the USB emulator of QEMU in versions prior to 5.2.0. This issue occurs during the processing of USB packets from a guest, when the value of USBDevice’s ‘setuplen’ exceeds the value of ‘databuf4096’ in the dotokenin and...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: codecs: wcd938x: fixed missing mbhc initialization error handling The initialization of MBHC may fail, so additional error handling is needed to avoid dereferencing an error pointer during later configuration of the jack...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fixed a use-after-free due to an enslave failure after updating the slave array. This issue occurs because the new slave can be used immediately after being added to the array. Since the new slave can be used for...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: st: Fixed a memory leak in stofquadfssetup. If stclkregisterquadfspll fails, @lock should be freed before going to @errexit; otherwise, it will cause a memory leak. Fix this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improved page fault error reporting If the IOMMU domain for the device group is not properly set up, we may encounter an IOMMU page fault. The current page fault handler assumes that the domain is always set up; howeve...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the mech token during session setup. If a client sends an invalid mech token in a session setup request, ksmbd validates it and reports an error if the token is invalid...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup at the following line: while ops-regsi This issue occurs on most platforms, as the regs field in the flexible array is empty...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason, it can lead to a double-free when unloading amd-pmf. This occurs because dev-buf was freed but never set to NULL, and then freed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Invalid parameter check in dpusetupdspppcc The function performs a check on the “ctx” input parameter, however, it is used before the check. The “base” variable is initialized after the sanity check to avoid a possib...