Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can cause a heap-based buffer overflow in ntfs inodelookupbyname in NTFS-3G 2021.8.22...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fix the race condition between the quota enable operation and the quota rescan ioctl call. When enabling quotas, in the btrfsquotaenable function, after committing the transaction, we update fsinfo-quotaroot to point to th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a NULL pointer dereferencing in gfs2logFlush. In gfs2jindexfree, sdp-sdjdesc was set to NULL under the log flush lock to prevent dereferencing of sdp-sdjdesc during gfs2logFlush. In gfs2logFlush, it was checked whethe...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check the folio pointer to ensure it is not NULL. It can become NULL if the bbmap function is called...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfs4: Fixed a memory leak when allocating slots failed. If one of the slot allocations fails, all other allocated slots should be cleaned up. Otherwise, the allocated slots will cause a leak: - Unreferenced object...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In situations with low memory availability, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305updatearch error: memcpy 'dctx-buf' too small 16 vs u32max This issue arises because Smatch marks ‘linklen’...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Actions must be defined for the new timedeleg FATTR4 attributes. NFSv4 clients will not send legitimate GETATTR requests for these new attributes, as they are intended to be used only with CBGETATTR and SETATTR. However,...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed an error in nfsdautomount When mounting from an NFSv4 reference, path-dentry may end up being a negative dentry. Therefore, the struct nfsserver structure is derived from the dentry itself instead...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to out-of-bounds reads in ntfsattrfind and ntfsexternalattrfind in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: The NFSINOLAYOUTCOMMIT field was cleared in pnfsmarklayoutstateidInvalidial. This fix prevents a crash occurring when the layout is null during this call stack: write inode - nfs4write inode - pnfslayoutcommit inode...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check to attrloadrunsvcn Some metadata files are processed before the MFT. This requires adding a null pointer check for certain corner cases that could lead to NPD when reading these metadata...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access, which can be...

Astra Linux – Vulnerability in ntfs-3g

The file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed the NULL dereference in nfs3svcencodegetaclres In error cases, the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but I think that was unnecessary—a zero status...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue of dereferencing a stale list iterator after the loop body has been executed has been fixed. The list iterator variable will become a bogus pointer if no break is executed. Dereferencing it in this case, cur-page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fscache: Fixed race condition related to invalidation/lookup operations If an NFS file is opened for writing and then closed, the fscacheinvalidate function will be called to invalidate the file. However, if the cookie is in t...

Astra Linux – Vulnerability in ntfs-3g

A buffer overflow was discovered in NTFS-3G before October 3, 2022. Metadata created within an NTFS image can lead to code execution. A local attacker can exploit this vulnerability if the ntfs-3g binary has the setuid root privilege. An attacker who is physically nearby can also exploit this...