18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed a memory leak in dhchapsecretstore Free the dhchapsecret from dhchapsecretstore before returning. Fixed the following kmemleak: Unreferenced object 0xffff8886376ea800 size 64: Command “check”, PID 22048,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fixed a use-after-free in the “remove” path of the driver. When devm runs functions in the “remove” path for a device, it executes them in reverse order. This means that if there are parts of your driver...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: ocelot: The function dsatag8021qunregister is called under rtnllock when removing a driver. When the currently used tagging protocol is “ocelot-8021q”, and we unbind the driver, we encounter this error: bash $ echo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fixed connector access for scdc The commit 5d844091f237 “drm/scdc-helper: Pimp SCDC debugs” changed the scdc interface to retrieve an i2c adapter from a connector. However, in the case of dwhdmi, the wrong...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda/ca0132: fixed a buffer overflow issue in tuningctlset The tuningctlset function might cause a buffer overflow if it does not break from the loop by matching A. static int tuningctlset... for i = 0; i TUNINGCTLSCOUNT;...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue of information leakage in f2fsmoveInlinedirents has been fixed. When converting an inline directory to a regular one, f2fs leaks uninitialized memory to the disk because it does not initialize the entire directory...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: Fix for null pointer dereferencing in partially configured DT configurations. When some of the da9063 regulators do not have corresponding DT nodes, a null pointer dereference occurs during bootup. This happens...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed a memory leak in dhchapctrlsecret. Free dhchapsecret from nvmectrldhchapctrlsecretstore before returning, when nvmeauthGenerateKey returns an error...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nilfs2: A use-after-free bug in nilfsroot has been fixed in nilfsevictinode. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: clk: clocking-wizard: Fixed an error in clkwzrdregisterdivider. A match was detected for a potential error of dereferencing the pointer in clkwzrdregisterdivider. If devmclkHWRegister fails, it sets “hw” to an error pointer, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improved page fault error reporting If the IOMMU domain for the device group is not properly set up, we may encounter an IOMMU page fault. The current page fault handler assumes that the domain is always set up...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increment the refcount. syzkaller identified a race condition where IOMMUFDDESTROY increments the refcount: c obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: perf tool x86: Fixed the memory leak in perfenv. Detected by LeakSanitizer: ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 bytes in 1 objects allocated from: 0 0x7f2953a7077b in interceptorstrdup...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: BPF: bpfskstorage: Fixed invalid wait context lockdep report "The ./testprogs -t testlocalstorage" command reported a splat error: 27.137569 ============================= 27.138122 BUG: Invalid wait context 27.138650...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fixed NULL dereferencing during snapshot cleanup. In cases of early initialization errors, and on platforms that do not use the DPU controller, the deinitialization code can be called with the kms pointer set to NULL...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: usb-storage: alauda: Fixed an issue where an uninitialized value was used in alaudacheckmedia. Syzbot reported that KMSAN complained about accessing an uninitialized value within the alauda subdriver of usb-storage. Bug: KMSAN...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the structure struct...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: fixed the divide by 0 error in calclcoefs The issue arises when the value of u64 type is used in the DIVROUNDUPULL operation. A divide by 0 error can occur if bps plus IOCPAGESIZE is greater than ULLONGMAX. This could...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nilfs2: A infinite loop has been fixed in nilfsmdtgetblock. If the disk image that nilfs2 mounts is corrupted, and the virtual block address obtained through block lookup for a metadata file is invalid, nilfsbmaplookupatlevel may...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: htchst: In the ath9khtcrxmsg function, if there is no callback function, the provided skb is not freed. It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of the pppol2tp socket is passed as a file descriptor of the UDP socket, a recursive deadlock occurs in l2tptunnelregister. This issue is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: fixed a memory leak in mwifiexhistogramread. Always free the zeroed page upon returning from ‘mwifiexhistogramread’...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: soc-compress: Repositioned and added pcmmutex. If paniconwarn is set and the compress stream DPCM is initiated, then a kernel panic occurs because card-pcmmutex is not properly locked. In the following functions, a warni...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: It is necessary to use ktimet instead of int when dealing with timestamps. Code that interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not provide enough spa...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: EROFs: Avoid linking hooked chains to prevent loops in deduplicated compressed images. After subjecting EROFS to heavy stress using several images that included a handcrafted image with repeated patterns for over 46 days, I...
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0 to 9.4.56, a buffer can be released incorrectly when encountering a gzip error during the inflation of a request body. This can lead to corrupted data and/or inadvertent sharing of data between requests...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: ses: Fixed a slab-out-of-bounds issue in sesenclosuredataprocess. Bug: KASAN: A slab-out-of-bounds issue occurred in sesenclosuredataprocess+0x949/0xe30 ses. A read of size 1 was performed at address ffff88a1b043a451 by...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource during the swapout movement operation. If moving the buffer to the system for swapout failed, we were leaking a resource. This issue has been fixed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fixed a deadlock in r5lexitlog. The commit b13015af94cf “md/raid5-cache: Clear conf-log after finishing work” introduced a new problem: // The caller holds reconfigmutex r5lexitlog flushwork&log-disablewritebackwo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: rejecting negative ifindex values Recent changes in net-next commit 759ab1edb56c reorganized the handling of pre-assigned ifindex values. This led to a latent issue in ovs. ovs does not validate ifindex values,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: Fixed a race condition related to port output. Assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows. 2. Two network namespaces: “server” and “client”. 3...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver, as it will be released soon...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal. The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component devic...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: A memory leak has been fixed in dwc3qcominterconnectinit. In the alloc Resources for path handle function of oficcget, resources should be released when they are no longer needed. This should be done similarly in...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfctarget before being used A slab-out-of-bounds read occurred in nlaput, called from nfcgenlsendtarget. This issue arises when target-sensbreslen is too large; this value is duplicated from an nfctarget in pn53...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: RISC-V: Ensure that port I/O string accessors actually work properly. Fixed port I/O string accessors such as insb’, outsb’, etc., which use the physical PCI port I/O address rather than the corresponding memory mapping to...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: aoss: The issue of a reference count leak in qmpcoolingdevicesregister has been fixed. In every iteration of the foreachavailablechildofnode loop, the reference count of the previous node is decremented. When exiting t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: Fix for failing to find the peer with peerid 0 when disconnected There is a failure log associated with this issue, located at ath11kdbg in ath11kdprxprocessmonstatus. When debugmask is not set, the following messag...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: A memory leak has been fixed in hnsroceallocmr. When hnsrocemrenable fails in hnsroceallocmr, mrkey is not released. This issue only affects compiled tests...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: A possible memory leak has been fixed in stmmacdvrprobe. The bitmapfree function should be called to release priv-afxdpzcqps when createsinglethreadworkqueue fails. Otherwise, a memory leak will occur. Therefore, we...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: io-wq: Fixed a memory leak during worker creation. If the CPU mask allocation for a node fails, the memory allocated for the iowqe structure of the current node does not get freed during error handling, since it has not yet been...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: A memory leak has been fixed in qcomcpufreqhwreadlut. If qcomcpufreqhwreadlut fails to obtain the operation table, the program will terminate, resulting in the “table” resource not being released...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ARM: OMAP2+: pdata-quirks: Fixed a refcount leak bug In pdataquirksinitclocks, the loop contains offindnodebyname, but there is no corresponding ofnodeput...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed the UAF Use-After-Free issue in the wear-leveling entry of eraseblkcountseqshow. The wear-leveling entry could be freed during an error-prone path, and this entry might be accessed again in eraseblkcountseqshow, for...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Flush the inode if the atomic file is aborted. We need to flush the inode that was aborted during the atomic operation, to avoid stale dirty inodes during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2f...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports a use-after-free in hciaddadvmonitor. When adding an adv monitor, hciaddadvmonitor calls msftaddmonitorpattern, which in turn calls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xhci: A null pointer dereference was fixed in the remove function if xHC has only one roothub. The remove function in the xhci platform driver attempts to remove both the main hcd and the shared hcd, even if only the main hcd...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...