Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fixed an issue where the wrong pointer was passed as an argument to vpvdparemove. In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference to a pointer as an argument to kfree. This is a wrong...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: Fix possible null-ptr-defer in sndmts64interrupt I received a “null-ptr-defer” error report when performing the following tests on the QEMU platform: I executed the following commands: make defconfig and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate the window where the TLB flush may be inadvertently skipped TL;DR: There is a window in the MM switching code where the new CR3 is set, and the CPU should receive TLB flushes for the new MM. However,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: It has been ensured that teql can only be used as a root qdisc. The design intention of teql is that it should only be used as a root qdisc. Therefore, we need to ensure this constraint is respected. Although not very...

Astra Linux – Vulnerability in Linux 5.10

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel, as of v5.16-rc5, did not properly update the bounds when handling the mov32 instruction. This issue allows local users to obtain potentially sensitive address information, also known as a “pointer leak.”...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt – Fixed the hungtask issue for PADATARESET We identified a hungtask bug in testaeadveccfg as follows: INFO: Task cryptomgrtest:391009 was blocked for more than 120 seconds. Enabling the echo 0...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree because ext4mbdiscardgrouppreallocation may...

Astra Linux – Vulnerability in ICU

It was discovered that International Components for Unicode ICU-20850 v66.1 contains a use after free bug in the pkgcreateWithAssemblyCode function in the tools/pkgdata/pkgdata.cpp file...

Astra Linux – Vulnerability in Linux 5.10

The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ICE: Fixed ‘scheduling while atomic’ in aux critical error interrupts There’s a kernel bug related to processing aux critical error interrupts in icemiscintr: 2100.917085 BUG: Scheduling while atomic: swapper/15/0/0x00010000… …...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel 6.0.8, there is a use-after-free in the rununpack function in fs/ntfs3/run.c, which is related to a difference between the NTFS sector size and the media sector size...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spmi: In the trace function, there was an issue where access to memory was out of bounds. This issue was fixed by using the length “len” instead of “len + 1”. The functions tracespmiwritebegin and tracespmireadend both use memcpy...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for a race condition in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes that bqenqueue and...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fixed the WARN message in netifnapidellocked when a USB device is disconnected. The redundant call to netifnapidel was removed from the disconnect path. A WARN message may be triggered in netifnapidellocked...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fixed the BUGON in the probe function. The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following issue: 9.625915 ------------ Cut here ----------...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: geneve: Make sure to pull the inner header in geneverx. syzbot triggered a bug in geneverx 1 The issue is similar to the one I fixed in commit 8d975c15c0cd: "ip6tunnel: Make sure to pull the inner header in ip6tnlrcv" We need ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the inode leak in btrfsiget. BUG There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: - BTRFS info device loop1: Last unmount of the filesystem...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zcolor.c in Artifex Ghostscript prior to version 10.04.0. There is a buffer overflow vulnerability when reading colors from the indexed color space...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fixed a possible NULL pointer dereferencing caused by driver concurrency. In dwc2hcdurbenqueue, the statement “urb-hcpriv = NULL” is executed without holding the lock “hsotg-lock”. In dwc2hcdurbdequeue: c...

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Previously, urllib3 would not remove the HTTP request body when an HTTP redirect response was received using status 301, 302, or 303 after the request’s method changed from one that could accept a request body such as POST to GET, as...