2021 matches found
kernel: proc: fix UAF in proc_get_inode()
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: arm64: The issue was fixed in the concurrently setting of insnemulation sysctls. The emulationprochandler function changes table-data for procdointvecminmax. However, it may cause an OOPs error if called concurrently with itself:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ping: Fixed a potential NULL dereference for /proc/net/icmp. After committing the change dbca1596bbb0 “ping: Converted to RCU lookups, removed rwlock”, we use RCU for ping sockets. However, we should still use a spinlock for...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the newly added packettype by reading the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: Do not read mapcount for migration entries The syzbot reported the following bug: Kernel bug at include/linux/page-flags.h: 785 Invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1; PID: 4392; Comm: syz-executor560...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firewire: ohci: prevents leakage of leftover IRQs when unbinding The commit 5a95f1ded28691e6 “Firewire: ohci: uses a devres for the requested IRQ” also removed the call to freeirq in pciremove. This resulted in a leftover IRQ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: raw: Fixed NULL dereference in rawgetnext. Dae R. Jeong reported a NULL dereference in rawgetnext. It seems that the reproduction test was running these sequences in parallel, so one thread was iterating over a socket that was...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed another UAF in binderdevices. The commit e77aff5528a18 "binderfs: fixed a use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: The issue of clearing the user buffer was fixed by properly using clearuser. To clear a user buffer, we cannot simply use memset; we must use clearuser. When using a virtio-mem device that registers a vmcorecb and ha...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed an error in ip6routenetexitlate During the initialization of ip6routenetinitlate, if the files ipv6route or rt6stats fail to be created, the initialization is successful by default. Therefore, the ipv6route or rt6stat...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed an error in ipvsappnetcleanup During the initialization of ipvsappnetinit, if the file ipvsapp fails to be created, the initialization will still succeed by default. Therefore, the ipvsapp file will not be found durin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression related to the removal of the procfs host directory. The scsiprochostdirrm function decreases a reference counter; therefore, it should only be called once per host that is removed. This change...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ipvs: fixed an error in ipvscleanupbatch. During the initialization of ipvsconnnetinit, if the files ipvsconn or ipvsconnsync fail to be created, the initialization is successful by default. Therefore, the ipvsconn or...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppacasharedproc to avoid DEBUGPREEMPT. lppacasharedproc takes a pointer to the lppaca, which is typically accessed through getlppaca. With DEBUGPREEMPT enabled, this leads to checking whether preemption i...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fixed races among concurrent prealloc/proc write operations. We currently have no protection against concurrent changes to PCM buffer preallocations via proc files. This could potentially lead to UAF or other strange...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. The syzbot reported a warning below 1 after a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
Astra Linux – Vulnerability in xorg-server
A use-after-free vulnerability was discovered in the ProcRenderAddGlyphs function of Xorg servers. This issue arises when the AllocateGlyph function is called to store new glyphs sent by the client to the X server. As a result, multiple entries may point to the same non-refcounted glyphs...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nubus: The conversion of proccreatesingledata has been partially reversed. The conversion to proccreatesingledata introduced a regression, where reading a file from /proc/bus/nubus results in a segmentation fault: bash grep -r...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free bug in cifsdebugdataprocShow Skipped SMB sessions that are being terminated e.g., @ses-sesstatus == SESEXITING in cifsdebugdataProcShow to avoid use-after-free issues with @ses. This fix...