Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix an off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fixed a possible null-ptr-deref issue when initializing hardware. The result of the avsdaifindpathtemplate function must be verified before being used. Since the ‘template’ is already known when...

Astra Linux - уязвимость в freeglut

It was discovered that freeglut 3.4.0 contains a memory leak due to a memory leak involving the menuEntry variable within the glutAddSubMenu function...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handles datavault when the value is ZEROSIZEPTR. In some cases, GDDV returns a packet with a buffer of zero length. This causes kmemdup to return ZEROSIZEPTR 0x10. As a result, datavaultread encounters a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block: Release rq/qos structures for queues without disk. The blkcginitqueue function may add rq/qos structures to the request queue. Previously, blkcleanupqueue called rqqosexit to release these structures. However, in the commi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Fixing management registration locking issues The issue with management registration locking was addressed. The list was locked for each wdev, but the cfg80211mgmtregistrationsupdate function iterated over it without...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a potential memory leak in DMUB hwinit Why When resuming, we perform DMUB hwinit, which allocates memory using dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc. This can lead to a memory leak in suspend/resume...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the startup race issue with nsfd again. The commit bd5ae9288d64 "nfsd: register pernet ops last, unregister first" re-opened the race in rpcpipefsevent, which was related to the registration of nfsdnetid using...

Astra Linux - уязвимость в linux

A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed an infinite recursive call of clippush. syzbot reported this issue below. 0 This issue occurs when we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push; during the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: acct: A potential integer overflow has been fixed in encodecompt. The integer overflow is described with the following code: c 317 static compt encodecomptu64 value 318 319 int exp, rnd; ...... 341 exp 342 exp += value; 343 retur...

Astra Linux - уязвимость в parsec

The vulnerability of the typefromtext function in the PARSEC security subsystem is related to accessing beyond the global buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iommu/arm-smmu-qcom: Added SM6115 MDSS compatibility. Added SM6115 MDSS compatibility to the list of compatible devices, as it also requires that workaround. Without this workaround, for example, the QRB4210 RB2, which is base...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: atm: Added lecmutex. The issue was discovered in net/atm/lec.c, where a error path was found in lecdattach. This path could leave a dangling pointer in devlec. A mutex was added to protect the use of devlec from lecdattac...

Astra Linux - уязвимость в linux-5.10

Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. The timesinstall function calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: Fixed an use-after-free in hfcmultitx Do not dereference sp after calling devkfreeskbsp...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: security/keys: Fixed an out-of-bounds read in keytaskpermission. KASAN reports an out-of-bounds read: - BUG: KASAN: Out-of-bounds read in kuidval, include/linux/uidgid.h:36. - BUG: KASAN: Out-of-bounds read in uideq,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: block/rqqos: The rqqos API is protected with a new lock. Commit 50e34d78815e “block: disable the elevator int delgendisk” The function rqqosexit was moved from diskrelease to delgendisk. This may introduce some issues: 1 If...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fixed the leak from the dev tracker. At the stage of direction checks, the netdev reference tracker is already initialized, but it is released with the wrong put call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store the vhost pointer during subcrq allocation Currently, the back pointer from a queue to the vhost adapter is not set until after the subcrq interrupt registration. This value becomes available when a queue is...