4597 matches found
Malicious Package
Overview git-config-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Drivers: tty: serial: Fixed a deadlock in sa1100settermios There is a deadlock in sa1100settermios, as shown below: Thread 1 | Thread 2 | sa1100enablems sa1100settermios | modtimer spinlockirqsave //1 | Wait for a while ... |...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: e1000: Moved cancelworksync to avoid deadlock. Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which caused a deadlock. According to user reports and syzbot observations, a deadlock can...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Watchdog: Fixed a possible use-after-free by calling deltimersync. The remove function of this driver calls deltimer. However, that function does not wait for the timer handler to finish executing. This means that the timer handl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: md: making rdevaddable usable for rcu mode. Our testcase triggered a panic: BUG: Kernel NULL pointer dereferencing, address: 00000000000000e0 … Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ 94...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fixed a possible use-after-free in nicstarcleanup The remove path of this module calls deltimer. However, that function does not wait until the timer handler is finished. This means that the timer handler may still ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang. The reason is that while all other threads exit, the mounting thread ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed a crash that occurred during hcicreatecissync. When attempting to connect multiple ISO sockets without using DEFERSETUP, the following crash may occur: BUG: KASAN: Null pointer dereferencing in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ptp: ocp: fixed use-after-free bugs caused by ptpocpwatchdog. The ptpocpdetach function only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, timerdeletesync is not called. This...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Media: BTTV – Fixed an issue where a use-after-free error occurred due to the btv-timeout timer. There may be a race condition between the btvirqtimeout function and bttvremove. The timer is set up in the probe phase, and there i...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Watchdog: Fixed a possible use-after-free in wdtstartup. The remove path of this module calls deltimer. However, that function does not wait until the timer handler finishes. This means that the timer handler may still be running...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: rejecting malformed HCICMDSYNC commands In mgmthcicmdsync, check whether the size of the parameters passed in struct mgmtcphcicmdsync matches the total size of the data i.e., sizeofstruct mgmtcphcicmdsync plus th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fixed use-after-free bugs caused by pn532CmdTimeout. When the pn532 UART device is detached, the pn532uartRemove function is called. However, there are no functions in pn532uartRemove that can delete the cmdTimeout...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Automounted file systems should inherit the “ro”, “noexec”, “nodev”, and “sync” flags. When a file system is automatically mounted, it needs to preserve the user-set superblock mount options, such as the “ro” flag...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: Do not enable IRQ from syncprintobj Since the commit a6aa8fca4d79 “dma-buf/sw-sync: Reduce irqsave/irqrestore from known context” by error, spinunlockirqrestore was replaced with spinunlockirq for both...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin is missing, ath11k will crash during the ‘rmmod ath11kpci’ command. The reason for this is that we were using mhipowerup, which does not check for any errors. However, mhisyncpowerup do...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: macsec: sync features on RTMNEWLINK Syzkaller was able to lock the lower device via ETHTOOLSFEATURES: - netdevlock, include/linux/netdevice.h: 2761 inline - netdevops, include/net/netdevlock.h: 42 inline -...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A race condition was detected in the Linux kernel’s sound/hda device driver, specifically in the sndhdacregmapsync function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...
Astra Linux - уязвимость в 389-ds-base
When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, resulting in a crash...