18102 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fixed potential array out-of-bound access issues. A sentinel was added at the end of the maps to prevent potential array out-of-bound access in the iio core...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfc: nxp-nci: Fixed a potential memory leak in nxpncisend The nxpncisend function calls nxpncii2cwrite. The skb is only freed when nxpncii2cwrite fails. However, even if nxpncii2cwrite succeeds, the skb is not freed within...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Prevent calls to updatelockedrq with a NULL rq. Avoid invoking updatelockedrq when the runqueue .rq pointer is NULL in the SCXCALLOP and SCXCALLOPRET macros. Previously, calling updatelockedrqNULL with preemption enabl...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed a race condition between cache write completion and the setting of ALLQUEUED. When netfslib issues subrequests, these subrequests start processing immediately and may complete before we reach the end of the issuing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1d8 as critical The pll1d8 clock is enabled by the bootloader, and it is ultimately a parent clock for numerous other clocks, including those used by the APB and AXI buses. Guodong Xu discovered that thi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rcv: fixed the runtime constant support for nommu kernels The runtimefixup32 function does not handle the case where val is zero correctly as may occur when patching a nommu kernel and referring to a physical address below the 4G...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fix for the unset padding field being copied back to userspace. The introduction of a padding field in the gpibboardinfoioctl structure appears as initialized data on the stack frame that is copied back to userspa...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: Fixed the WARNON message for the monitor mode on some devices. On devices without WANTMONITORVIF and likely without channel context support, we receive a WARNON message when changing the per-link settings of a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcidevcddump: Fixed an out-of-bounds error caused by devcoredumpv. Currently, both devcoredumpv and skbPutData in hcidevcddump use hdev-dump.head. However, devcoredumpv can free the buffer. According to the...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed a use-after-free issue related to KFENCE violations during the sysfs firmware write process. During the sysfs firmware write process, a use-after-free read warning was logged from the lpfcwrobject routine: BUG:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: bcm63xxudc: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simply call...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fixed resource leaks in offinddevicebynode. Use putdevice to release the object obtained through offinddevicebynode, thereby avoiding resource leaks...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fixes the issue where notifiers are shared between PCI and VIO buses. The failiommusetup function registers the failiommubusnotifier struct for both PCI and VIO buses. The struct notifierblock is a linked-list node...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: rt2x00 – The beacon queue is restarted when a hardware reset occurs. When a hardware reset is triggered, all registers are reset, causing all queues to be stopped in the hardware interface. However, mac80211 does not...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved checks. This issue is fixed in iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in aom
It was discovered that AOM v2.0.1 contains a NULL pointer dereferencing issue through the ratehist.c component...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: nbd: The function genlunregisterfamily is called first in nbdcleanup. Otherwise, there may be a race between the removal of the module and the handling of the netlink command, which can lead to an oops as shown below: BUG: Kernel...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: Integrity: Fixed memory leakage in the keyring allocation error path. Keys are allocated in the integrityinitkeyring function. However, if the keyring allocation fails, the allocated keys are not freed, resulting in memory lea...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: DSA: Fix for panic upon shutdown if the multi-chip tree fails to probe. DSA probing is atypical because the device tree must probe all devices at once. Thus, out of N switches that call dsatreesetuproutingtable during probin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed deadlock issues during suspend and resume operations. When an application sends a query IOCTL while auto suspend is in progress, a deadlock can occur. The query process first acquires devlock, then calls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: A NULL pointer dereference occurred in iomsgsendfd. Syzkaller produced the following call trace: BUG: KASAN: NULL pointer dereference in iomsgring+0x3cb/0x9f0 A value of 8 was written to address 0000000000000070 ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: Minor fix for a potential memory leak in mlxswmlinecardsinit. The line cards array is not freed during the error path of mlxswmlinecardsinit, which could lead to a memory leak. This issue was addressed by freeing the array...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cgroup/dmem: avoided UAF in the pool An UAF issue was observed: BUG: KASAN: slab-use-after-free in pagecounteruncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: The issue of out-of-bounds shift during spinorseterasetype has been fixed. spinorseterasetype was used either to set or to mask an erase type. When it was used to mask an erase type, an out-of-bounds condition...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: usbnet: A sanity check for maxpacket. A value of 0 for maxpacket makes no sense, and it causes an error because we need to divide by it. Given up. V2: Typos in the log have been corrected, and stylistic issues have also been...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a data race around the sysctltcpprobethreshold function. When reading sysctltcpprobethreshold, it can be changed concurrently. Therefore, we need to add READONCE to its reader...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: Fixed a use-after-free issue in igbcleantxring. Fixed the following use-after-free bug in the igbcleantxring routine when the NIC is running in XDP mode. This issue can be triggered by redirecting traffic to the igb NIC a...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: Fixed the use-after-free warning. Fixed the following use-after-free warnings that were observed during controller reset: refcountt: Underflow; use-after-free. WARNING: CPU: 23; PID: 5399; Location:...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: parisc: Fixed a data TLB miss in sbaunmapsg Rolf Eike Beer reported the following bug: 1274934.746891 Bad Address null pointer deref?: Code=15 Data TLB miss fault at addr 0000004140000018 1274934.746891 CPU: 3 PID: 5549 Comm:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: Fix for use-after-free in ublkpartitionscanwork There exists a race condition between the async partition scan work and the device teardown, which can lead to a use-after-free of ub-ubdisk. 1. blkctrlstartdev schedules...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check the return value after calling platformgetresourcebyname. If platformgetresourcebyname returns NULL, it may lead to a null-ptr-deref issue. Therefore, we need to check the return value. Patchwork:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed a deadlock issue during reading mqd from debugfs An erroneous disk backup on my desktop entered the debugfs directory, triggering the following deadlock scenario in the amdgpu debugfs files. The machine also...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rethook: Fix a potential memory leak in rethookalloc. In rethookalloc, the variable rh is not freed or passed out if handler is NULL. This could lead to a memory leak. Fix this issue. Masami: Added the "rethook:" tag to the title...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will eventually...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check whether the returned RPORT is valid. Klocwork reported a warning that the RPORT might be NULL and would be dereferenced. The RPORT returned by the call to fcbsgtorport could be NULL and would be dereferenced...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: A buffer overflow bug has been fixed in ismtaccess. When the driver does not check the data from the user, the variable ‘data-block0’ may become very large, leading to a buffer overflow bug. The following log can revea...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: igb: Do not free qvector unless a new one was allocated. Avoid potential use-after-free conditions under memory pressure. If kzalloc fails, qvector will be freed, but it will remain in the original adapter-qvectorvidx array...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Honor the “dormant flag” from the netdev release event path. Check for the “dormant flag” of the table otherwise the netdev release event path attempts to unregister an already unregistered hook...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Related to overlay: fixing a null pointer dereferencing issue in finddupcsetnodeentry and finddupcsetprop. When kmalloc fails to allocate memory in kasprintf, fn1 or fn2 will be NULL, and strcmp will lead to a null pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether the transferred 2D BO is a shmem BO. The transferred 2D BO must always be a shmem BO. Add a check to prevent NULL dereferencing if the user space passes a VRAM BO...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: Reduced Rtnl pressure in smcpnetcreatepnetidslist. Many syzbot reports indicate extreme Rtnl pressure, and many of them suggest that smc acquires Rtnl during the creation of netnames without any valid reason 1. This patc...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid allocating blocks from a group with a corrupted block bitmap in ext4mbtrybestfound. Determine whether the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to prevent allocating blocks from a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fixed a NULL pointer issue in the channel unregistration function. The dmaasyncdevicechannelregister function may fail. In the event of a failure, chan-local is freed with freepercpu, and chan-local becomes null. When...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: core: Fixed a use-after-free in sndsocexit. KASAN reported a use-after-free: BUG: KASAN: use-after-free in devicedel+0xb5b/0xc60. Size 8 was read at addr ffff888008655050 by task rmmod/387. CPU: 2 PID: 387 Comm: rmmod...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: fixed a use-after-free in nfregisternethook. We must not dereference @newhooks after the nfhookmutex has been released, because other threads may have already freed the allocated hooks. BUG: KASAN: use-after-free in...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: tun: avoided double-free in tunfreenetdev Avoid double-free in tunfreenetdev by moving the dev-tstats and tun-security allocations to a new ndoinit routine tunnetinit, which will be called by registernetdevice. ndoinit is paired...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: TI: am65-cpsw-nuss: Fixed null pointer dereferencing for ndev. In the TX completion packet stage of TI SoCs with a CPSW2G instance, which has a single external Ethernet port, ndev is accessed without being...
Astra Linux – Vulnerability in WebKit2GTK
A type confusion issue has been addressed through improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2, and iPadOS 15.7.2, as well as iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a...