MAL-2026-4581 Malicious code in idlidosa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93244f4468caec1832fe03d87c7403d7ab1dac835f12605a35667acfd3b87c39 The package ships shared/keys.json containing 9 AES-256-GCM-encrypted Groq API keys. The decryption key is a fixed byte sequence 'pageai-pool-v2'...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF A hung task trace was observed during LOGO processing. 974.309060 0000:00:00.0: qedfehdevicereset:868: 1:0:2:0: LUN RESET issued… 974.309065 0000:00:00.0:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueue, and the return value is not checked. This may result in a NULL return value. A null-ptr-deref could occur as a result: starttask...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The warning message “Do not call blocking operations when !TASKRUNNING” has been fixed. The waiteventtimeout function will set the state of the current task to TASKUNINTERRUPTIBLE before performing the condition check. Thi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. The task may exit early via a signal, and its taskstruct will be released. A pending vhosttaskwa...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rcuscale: Move rcuscalewriter’s scheduletimeoutuninterruptible function to idle. The rcuscale.holdoff module parameter can be used to delay the start of rcuscalewriter’s kthread. However, the hung-task timeout will trigger when t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Preemption between scxclaimexit and the kicking of helper tasks is disabled. scxclaimexit atomically sets the exitkind value, preventing scxerror from triggering further error handling. After claiming exit, the caller...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed a hang that occurred when freeing a sigtrap event. Perfection can hang when freeing a sigtrap event if a related deferred signal fails to be sent before the file is closed: perfeventoverflow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed a null-ptr-deref in iotctxexitcb Syzkaller reported a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in iotctxexitcb+0x53/0xd3 A size 4 read at address 0000000000000138 by task file1/1955 CPU: 1 PID: 1955...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cnic: Fixed use-after-free bugs in cnicdeletetask. The original code used canceldelayedwork in cniccmstopbnx2xHW, which does not guarantee that the delayed work item “deletetask” has fully completed if it was already running...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Do not balance tasks to their current running CPUs. We encountered a situation where the balancer attempts to balance a migrated task with disabled status, triggering a warning in settaskcpu. The detailed error messag...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: Error handling in the inittask during loading was fixed. If the inittask fails during driver loading, we end up with no vports and netdevs, effectively failing the entire process. In that state, a subsequent reset will resu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: Ensure that ctx-rings is stable when manipulating task work flags. If DEFERTASKRUN | SETUPTASKRUN is used, and task work is added while the ring is being resized, there is a possibility that the OR operation of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: iscsi: Fixed the issue where iscsitask was used after freeing it. The commit d39df158518c "scsi: iscsi: Have abort handler get ref to conn" added calls to iscsigetconn/iscsiputconn during abort handling. However, it also...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: pid: taking a reference when initializing cadpid During boot, kernelinitfreeable initializes cadpid to the struct pid of the init task. Later, we may change cadpid via sysctl. When this happens, procdocadpid will increment the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: The issue of losing the “young/dirty” bits during the pagemap scan has been fixed. The function makeuffdwpwppte used to perform these operations was previously executed as follows: c pte = ptepgetptep;...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free issue related to aborted SSP/STP sastask operations. Currently, a use-after-free might occur if an sastask is aborted by the upper layer before we handle the I/O completion in functions like...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed stale direct dispatch state in ddspdsqid @p-scx.ddspdsqid can be left set non-SCXDSQINVALID, causing a spurious warning in markdirectdispatch when the next wakeup’s ops.selectcpu calls scxbpfdsqinsert. For example...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: The sig-statslock lock is used to gather statistics about threads/children. The locktasksighand function can cause a hard lockup. If NRCPUS threads call dotaskstat at the same time, and the process has...

Astra Linux - уязвимость в firefox, thunderbird

During operations on MessageTasks, a task may be removed while it is still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.15, Thunderbird 91.2, Firefox ESR 91.2, Firefox ESR 78.15, and Firefox 93...