23128 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs: Pass the ATGETATTRNOSEC flag to the getattr interface function. When vfsgetattrnosec calls the getattr interface function of a filesystem, the nosec flag should be propagated into this function, so that vfsgetattrnosec can be...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ovl: fixed the warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-d inode The reason is that the cgroup2 filesystem returns from mkdir without...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for corruption during online resizing We observed corruption during online resizing of a file system that is larger than 16 TiB and has a 4k block size. When there are more than 2^32 blocks, resizeinode is turned off by...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A issue was discovered in the Linux kernel before version 6.3.3. There is an out-of-bounds read in the crc16 function in lib/crc16.c when called from fs/ext4/super.c, because ext4groupdesccsum does not properly check an offset. NOTE: This issue is disputed by third parties, as the kernel is not...
Astra Linux - уязвимость в linux-5.10, linux
A use-after-free vulnerability was discovered in the Linux kernel’s ext4 file system, particularly regarding the handling of the additional inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot identified a crash issue: UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug lies in the missing check on bmp-dbagl2size. This field can be larger than 64, leading to ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A flaw was discovered in the Linux kernel, where unauthorized access to the execution of the setuid file with specific capabilities was detected within the OverlayFS subsystem of the Linux kernel. This issue occurs when a user copies a file with capabilities from a nosuid mount to another mount...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Protect folio::private when attaching an extent buffer for folios. BUG Since version 6.8, several people have reported rare kernel crashes. The common cause is incorrect page status error messages like this: BUG: Incorrect...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the bug in estreesearch caused by an invalid boot loader inode. We have encountered the following issues: kernel BUG at fs/ext4/extentsstatus.c:203! invalid opcode: 0000 1 PREEMPT SMP CPU: 1 PID: 945 Comm: cat Not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed dynamic root getattr The recent patch to modify afagetattr to consult the server did not take into account the pseudo-inodes used by the dynamic root-type afa superblock. As a result, there was an oops when such a...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...
Astra Linux - уязвимость в f2fs-tools
There is an exploitable information disclosure vulnerability in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixed an underflow in calculations for the second superblock position. The macro NILFSSB2OFFSETBYTES calculates the position of the second superblock. This calculation results in an underflow when the devicesize argument ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a memory leak in parseapplysbmountoptions If processing the disk-mounted options fails after any memory has been allocated in the ext4FS context, such as for sqfnames, then this memory is leaked. This issue can be fix...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: We can avoid panics if extenttree is not created. This patch prevents the following panics: pc: lookupextenttree+0xd8/0x760 lr: f2fsdowritedatapage+0x104/0x87c sp: ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28:...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading the superblock. Fuzzers often modify sbbsizeshift, but in reality it’s very unlikely that this field would be corrupted on its own. Nevertheless, it should still be checked to avoid potentia...
Astra Linux - уязвимость в grub2
An integer overflow flaw was discovered in the BFS file system driver within grub2. When reading a file using an indirect extent map, grub2 fails to validate the number of extent entries to be read. A maliciously crafted or corrupted BFS file system may cause an integer overflow during file...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: xfs: Do not perform irele after failing to perform iget in xfsattrirecoverwork. xlogrecoveryiget never sets @ip to a valid pointer if it returns an error; therefore, this irele will cause a dangling pointer. This issue has bee...
Astra Linux - уязвимость в linux, linux-5.10
A race condition was discovered in ext4writeinlinedataend in fs/ext4/inline.c within the ext4 subsystem of the Linux kernel, as of version 5.13.13...