Astra Linux - уязвимость в node-semver

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

Astra Linux - уязвимость в nghttp2

nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an issue involving an untrusted unsigned subtraction operation. The following warnings from the “SMatch static checker” have also been fixed: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket Warning: Untrusted unsigned...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Remove ppath from ext4extreplayupdateex to avoid double-free. When calling ext4forcesplitextentat&ppath in ext4extreplayupdateex, ppath is updated, but it is path that is freed. This potentially triggers a double-free in th...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tools/nolibc/stdlib: fixed a memory error in realloc Pass userplen to memcpy, instead of heap-len, to prevent realloc from copying an extra sizeofheap bytes beyond the allocated region...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a suspicious RCU usage warning I received the following warning while running cthon on an Ontap server running pNFS: 57.202521 ============================= 57.202522 WARNING: Suspicious RCU usage 57.202523...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – Fixed RCU usage in the connect path. With lockdep enabled, calls to the connect function from the cfg802.11 layer lead to the following warning: ============================= WARNING: Suspicious RCU usage...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: nfc: Fixed potential resource leaks nfcgetdevice now takes a reference to the device and adds it; nfcputdevice is added to release it when no longer needed. Additionally, the warning message was corrected by using the error co...

Astra Linux - уязвимость в sqlite3

In SQLite 3.30.1, the sqlite3Select function in select.c can cause a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usages...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fixed a possible memory leak if deviceadd fails. If deviceadd returns an error, the name allocated by devsetname needs to be freed. As noted in the comments for deviceadd, putdevice should be used to reduce the...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The commit 5ec8e8ea8b77 “mm/sparsemem: fix race in accessing memorysection-usage” changed pfnsectionvalid to include a READONCE call around “ms-usage” to address a race condition with sectiondeactivate. In this case, ms-usage can...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fixed the imbalance in the PM usage counter during power-on. The pmruntimegetsync function will increment the PM usage counter even if it fails. Forgetting to perform the necessary operations could lead to a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: nxp: imx8-isi: m2m: Fixed streaming cleanup upon release. If the calls for “streamon” and “streamoff” are imbalanced, such as when exiting an application using Ctrl+C while streaming, the m2m usagecount will never reach...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net:mctp: Fixed the device reference leak that occurred during probe failures. The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to ho...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: lib/crypto: arm64/poly1305 – Fixed register corruption in no-SIMD contexts. The SIMD usability check, which was removed with the commit a59e5468a921 “crypto: arm64/poly1305 – Added block-only interface”, has been restored. Thi...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: dm raid: Fixed access issues beyond the end of the raid member array. When the dm-raid table is loaded using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is determined by the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: geneve: Do not assume that the MAC header is set in genevexmitskb. We should not assume this; instead, use skbethhdr instead of ethhdr to fix the issue. sysbot reported the following: WARNING: CPU: 0 PID: 11635 at...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifscopyfilerange has been fixed. If the file is used by swap, before returning -EOPNOTSUPP, the xid should be freed. Otherwise, the xid will be leaked...