Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jbd2: Avoid the bugon in jbd2journalgetcreateaccess when the file system is corrupted. The issue occurs when the file system is corrupted: ------------ Cut here --- Kernel BUG at fs/jbd2/transaction.c:1289! Oops: Invalid opcod...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nubus: Partially reversed the conversion of proccreatesingledata. The conversion to proccreatesingledata introduced a regression, where reading a file from /proc/bus/nubus resulted in a segmentation fault: grep -r...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Use the volume UUID in FSOBJECTIDINFORMATION. Use sb-suuid as the primary identifier for volumes. For file systems that do not provide a UUID, fallback to stfs.ffsid, which is obtained from vfsstatfs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed ext4mbmarkbb with flexbg and fastcommit. In the case of the flexbg feature which is enabled by default, extents for any given inode may span across blocks from two different block groups. ext4mbmarkbb only reads the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfat: fixed missing checks for the return value of sbminblocksize When emulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, but without a file system format, a kernel panic was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c:751:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed the early read unlock of pages with an EOF condition in the middle. The collection of read results for buffered reads seems to occur ahead of the completion of subrequests under certain circumstances, as can be seen ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Ensure that sb-sfsinfo is always cleaned up. When hfsplus was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Sysv: Do not call sbbread with pointerlock held. syzbot reports sleep in atomic context in the SysV filesystem 1. For sbbread, the function is called with rwspinlock held. There were two bugs: one was a “deadlock due to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a race condition when detecting delalloc ranges during fiemap For fiemap, we recently stopped locking the target extent range for the entire duration of the fiemap call, in order to avoid a deadlock in scenarios wher...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with PID 5071 at file mm/pagealloc.c:5525 allocpages+0x30a/0x560. Quota mode: None. fscrypt:...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Added bounds checking in getmaxinlinexattrvaluesize Normally, extended attributes within the inode body would be checked when the inode was first opened. However, if someone writes to the block device while the file system ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fsdax: Force the dirty mark to be cleared if CoW is used XFS allows CoW on non-shared extents to combat fragmentation1. The old non-shared extent can be rewritten before use; its dax entry is marked as “dirty”. This results in a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the Linux kernel, where unauthorized access to the execution of the setuid file with specific capabilities was detected within the OverlayFS subsystem of the Linux kernel. This issue occurs when a user copies a file with capabilities from a nosuid mount to another mount...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check the return value of indxfind to avoid infinite loops We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: Fixed the issue where the function f2fswaitonpagewriteback was called within f2fswriterawpages. This issue would trigger a bug when writing files concurrently, because the same page could be written back multiple...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux - уязвимость в f2fs-tools

There is an exploitable information disclosure vulnerability in the getdnodeofdata functionality of the F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can lead to information disclosure. An attacker can provide a malicious file that triggers this vulnerability...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid the use of f2fsbugon in decvalidnodecount. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215897 I have encountered a bug in the F2FS file system in the kernel version...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Error checking was added to ext4extreplaysetiblocks. If the call to ext4mapblocks fails due to a corrupted file system, ext4extreplaysetiblocks may get stuck in an infinite loop. This issue can be reproduced by running...