18102 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: PM / devfreq: Fixed buffer overflow in transstatshow. Fixed buffer overflow in transstatshow. Changed the use of simple snprintf to the safer scnprintf, with PAGESIZE as an additional parameter. Added condition checking to see...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: The handling of setting the fpc register was corrected. If the value of the floating-point control fpc register of a traced process is modified using the ptrace interface, the new value is tested for validity by...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: rt2x00 – The beacon queue is restarted when a hardware reset occurs. When a hardware reset is triggered, all registers are reset, causing all queues to be stopped in the hardware interface. However, mac80211 does not...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fixed the issue with locking the mcast list. The release of priv-lock while iterating over priv-multicastlist in ipoibmcastjointask creates a situation where ipoibmcastdevFlush may remove the items while the iteration i...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add a lock when modifying the device list. The device list requires its associated lock to be held when being modified; otherwise, the list might become corrupted, as discovered by syzbot...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Null pointer dereferencing has been prevented in nvmefciogetuuid. The nvmefcfcpop structure, which describes an AEN operation, is initialized with a null pointer to the request structure. An FC LLDD may make a call to...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing the OPCINBSETCONTROLLERCONFIG command. The tags allocated for the OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fixed a NULL pointer issue in the channel unregistration function. The dmaasyncdevicechannelregister function may fail. In the event of a failure, chan-local is freed with freepercpu, and chan-local becomes null. When...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm: Do not accidentally unreference the same framebuffer multiple times due to deadlock handling. If a deadlock occurs after the fb lookup in drmmodepageflipioctl, we proceed to unreference the fb and then retry the entire proce...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Protection against access to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields within udev-bos without checking whether they have been allocated and...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. The...
Astra Linux – Vulnerability in Zabbix
JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: drm: bridge/panel: Cleans up the connector when the bridge is detached If we do not call drmconnectorcleanup manually in panelbridgedetach, the connector will be cleaned up along with other DRM objects during the call to...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel through version 6.3.8. A use-after-free was found in ravbremove in drivers/net/ethernet/renesas/ravbmain.c...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A denial-of-service vulnerability due to a deadlock was discovered in sctpautoasconfinit in the net/sctp/socket.c file within the SCTP subsystem of the Linux kernel. This flaw allows users with local user privileges to trigger a deadlock and potentially cause the system to crash...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: “aio”: fixed the issue with mremap after a fork operation involving null-dereferencing. The commit e4a0d3e720e7 “aio: Makes it possible to remap the aio ring” introduced a null-dereference if mremap is called on an old aio mappin...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A deadlock flaw was discovered in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fixed an out-of-bounds access in sndemu10k1pcmchannelalloc The voice allocator sometimes begins allocating from near the end of the array, and then wraps around. However, sndemu10k1pcmchannelalloc accesses the newl...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads to kernel crash. Reproducer: 1. Do ethtool offline test followed immediately by another one host...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check within the loop body of unflattendtnodes. This could lead to an...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fixed bugs that led to out-of-bounds accesses due to the absence of skb-macheader. If an AFPACKET socket is used to send packets through ipvlan, and the default xmit function of the AFPACKET socket is changed from...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fixed an OOP error in the dasdaliasgetstartdev function due to a missing pavgroup pointer. The OOP error occurred because the pavgroup pointer was set to NULL before the function was entered, without holding the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drm/plane: The check for formatcount was moved earlier in the process. While the check for formatcount 64 in drmuniversalplaneinit shouldn’t occur it results in a warning, in its current position, it will cause the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Add a wrapper around the mlx5etxreporterdumpsq function to extract the SQ value from the struct mlx5etxtimeoutctx structure and set it as the dump callback for the TX-timeout-recovery flow. The mlx5etxreporterdumpsq...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free vulnerability was discovered in the rtsxusbmsdrvremove function in the drivers/memstick/host/rtsxusbms.c file within the memstick module of the Linux kernel. In this flaw, a local attacker with user privileges could compromise the confidentiality of system resources. This...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the rxrpclocal leak in rxrpclookuppeer. It is necessary to call rxrpcputlocal for the peer candidate before kfree, as it holds a reference to rxrpclocal. DH: v2: The peer freeing code has been abstracted into a...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fixed the issue of null pointer dereferencing on the pointer block. The pointer block returns from sndgf1dmanextblock, and it may be null. Therefore, there is a potential issue of null pointer dereferencing. This issue...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fixed corruption in the listadd function within lpfcdraintxq. When parsing the txq list in lpfcdraintxq, the driver attempts to pass the requests to the adapter. If this attempt fails, a local “failmsg” string is set...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed the memory ordering between normal and ordered work functions. Ordered work functions are not guaranteed to be handled by the same thread that executes the normal work functions. The only way to synchronize...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed NULL pointer dereferencing in VSI filter synchronization. The issue of NULL pointer dereferencing in sync VSI filters has been eliminated. A new I40EVSIRELEASING flag was added to indicate the deletion and release of...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platformgetresource This vulnerability could lead to a nullptrderef error if platformgetresource returns NULL. Therefore, we need to check the return value of this function...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: Initialize ssifinfo-client early. During the probe process, ssifinfo-client is dereferenced in a faulty path. However, it is set after some error checking has already been performed. This causes a kernel crash if an...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: usb: mtu3: Fix for the listhead check warning caused by uninitialization of listhead. This issue is due to the lack of initialization of listhead. BUG: KASAN: Use-after-free in listdelentryvalid+0x34/0xe4. Call trace:...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fixed a NULL pointer dereference in pnfsmarkmatchinglsegsreturn. The commit de144ff4234f fixes the issue by changing pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn, with NULL passed as the argument to the...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fixed a memory leak in uss720probe. uss720probe forgets to decrease the refcount of usbdev in uss720probe. This issue is fixed by decreasing the refcount of usbdev using usbputdev. BUG: Memory leak Unreferenced objec...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: USB: usbfs: Do not issue a WARN message regarding excessively large memory allocations Syzbot discovered that the kernel generates a WARN message if the user attempts to perform a bulk transfer using usbfs with a buffer that i...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: Use ‘requestfirmware’ instead of ‘requestfirmwarenowait’. In ‘rp2probe’, the driver registers ‘rp2uartinterrupt’, then calls ‘rp2fwcb’ using ‘requestfirmwarenowait’. If the firmware does not exist, the function simpl...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: NFS: Do not corrupt the value of pgbyteswritten in nfsdorecoalesce The value of mirror-pgbyteswritten should only be updated after a successful attempt to flush out the requests on the list...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed an oopsable condition in nfspageioaddrequest. Ensured that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also changed the test in...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It’s not a good idea to append the frag skb to a skb’s fraglist if the fraglist already contains skbs from elsewhere. For example, this frag skb was created by pskbcopy, wher...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: A resource leak was fixed in the error handling path. The call dspirequestdma should be undone by a call to dspireleasedma in the error handling path of the probe function, as already done in the remove functio...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fixed a potential null-ptr-deref issue. In fmvj18xgethwinfo, if ioremap fails, a NULL pointer may be dereferenced. To address this issue, check the return value of ioremap and return -1 to the caller in case of...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net: fec: fixed the potential memory leak in fecenetinit. If the memory allocated for cbdbase fails, it should free the memory allocated for the queues; otherwise, a memory leak will occur. And if the memory allocated for the...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: gve: Added NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv-msixvectors. If we fail to allocate priv-msixvectors see abortwithmsixvectors, this could lead to a NULL pointer dereferencing if t...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a use-after-free issue. It seems that we forgot to set ttm-sg to NULL. This caused a panic. 1235.844104 General protection fault, likely for a non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 1 SMP DEBUGPAGEALLOC...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: cxgb4: Avoid accessing registers when clearing filters. A hardware register that contains the server TID base can contain invalid values when the adapter is in a faulty state for example, due to an AER fatal error. Reading these...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: x86/kvm: The teardown of PV features also occurs during boot-up. Various PV features Async PF, PV EOI, steal time work through memory shared with the hypervisor. When we resume from hibernation, we must properly teardown all...