15233 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fixed cache corruption in regcachemaple Drop. When retaining the upper bound of a cache block entry, the entry array must be indexed by the offset from the base register of the block, i.e., max - mas.index. The cod...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa – Fix for the asyncdisable descriptor leak The paths for disabling asyncdisable in functions like iaacompress and decompress do not free the idxd descriptors when asyncdisable is set. Currently, this issue only occurs...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bfq: fixed a use-after-free in bfqdispatchrequest KASAN reported a use-after-free when performing normal scsi-mq tests 69832.239032 ================================================================== 69832.241810 BUG: KASAN:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential null-ptr-dereference issue in tracearray within kprobeeventgentestexit. When testgenkprobecmd fails after kprobeeventgencmdend, it will go to delete, which will call kprobeeventdelete and releas...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: A memory leak was fixed in testgensynthcmd and testemptysynthevent. In testgensynthcmd, the buffer is freed only in the “fail” path. Therefore, the buffer may be leaked when there is no failure. Adding kfreebuf preven...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bpf, testrun: Fixed an alignment issue in bpfprogtestrunskb. We encountered a syzkaller issue due to an alignment fault for aarch64 architectures when KFENCE is enabled. When the size provided by the user’s bpf program is an o...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A memory leak flaw, along with potential division by zero and integer overflow issues, have been detected in the Linux kernel’s V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as the VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp – Fixed out-of-bounds memory read access in KUnit tests. KASAN reported an out-of-bounds access issue with csdspmockbinaddnameorinfo, because the length of the source string was rounded up to the allocation siz...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Fixed out-of-bounds memory read access in KUnit tests wmfw info KASAN reported an out-of-bounds access – csdspmockwmfwaddinfo, because the length of the source string was rounded up to the allocation size...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Fixed an out-of-bounds memory read access in KUnit tests ctlcache. KASAN reported an out-of-bounds access: csdspctlcacheinitmultipleoffsets. The code used mockcoefftemplate.lengthbytes 4 bytes for register value...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fortify: Fixed the compiletimestrlen function under UBSANBOUNDSLOCAL conditions. With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observed a runtime panic when running Android’s Compatibility Test Suite CTS. This iss...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: xfrm: Reinjecting transport-mode packets through the workqueue. The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: Soft lockup – CPU0 stuck for 22...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tracing/userevents: Ensure that the write index cannot be negative. The write index indicates which event the data corresponds to and accesses a per-file array. This index is passed by user processes during write calls as the fir...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommuv2: Fixed the issue where the refcount for pasidstate was decremented to 0 during pasid unbind. When pasid is unbound, there is a race condition related to outstanding page faults. To prevent this, the pasidstate...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: “misc: pciendpointtest”: Fixed an array underflow in pciendpointtestioctl. The commit eefb83790a0d “misc: pciendpointtest: Add doorbell test case” added NOBAR -1 to the pcibarno enum. In practical terms, this changes the enum...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Holding the reservation lock around madvise Acquiring and releasing the GEM object’s reservation lock during calls to the object’s madvide operation. The tests use drmgemshmemmadviselocked, which caused errors...
Astra Linux – Vulnerability in sudo
The “sudoedit” personality of Sudo before version 1.9.5 might allow a local unprivileged user to perform arbitrary directory existence tests by exploiting a race condition in the “sudoedit.c” code, which allows a user-controlled directory to be replaced with a symlink pointing to an arbitrary pat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fixed a possible double-free of kmemcache When running the slubdebug test, the kfence’s “testmemcachetypesafebyrcu” kunit test case caused a use-after-free error: BUG: KASAN: use-after-free in kobjectdel+0x14/0x30...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: clk: Fixed clkhwgetclk when dev is NULL. Any registered clkcore structure may have a NULL pointer in its dev field. Although this has never been officially documented, this is evident from the widespread use of clkregister and...