Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: When the current fan speed state is enforced from sysfs, a non-zero return value is generated. The minimum fan speed can be enforced from sysfs. For example, setting the current fan speed to 20 is used to ensure that the f...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A use-after-free bug in nilfsroot has been fixed in nilfsevictinode. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfs2 detaches its writer in nilfsdetachlogwriter. However, since...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix tree mod log mishandling of reallocated nodes We have been seeing the following panic in production kernel BUG at fs/btrfs/tree-mod-log.c:677! invalid opcode: 0000 1 SMP RIP: 0010:treemodlogrewind+0x1b4/0x200 RSP:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parseapplysbmountoptions strscpypad can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 "string.h: Introduce memtostr and memtostrpad" provid...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Issue with zones: fixed to avoid inconsistencies between SIT and SSA. With the above testcase, inconsistencies may occur between SIT and SSA. Code snippet: createnullblk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: The BUG function was replaced with ocfs2error in ocfs2MoveExtent. In ocfs2MoveExtent, the BUG function was changed to ocfs2error simply to avoid causing the entire kernel to crash due to filesystem corruption...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of clearing dirty inodes in f2fsevictinode. As reported by Yanming in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215904 The kernel message is as follows: Kernel BUG at fs/f2fs/inode.c:825! Call...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on sbi-totalvalidblockcount. syzbot reported a f2fs bug as follows: ------------ cut here ------------ Kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010: decvalidblockcount + 0x3b2/0x3c0, fs/f2fs/f2fs.h:25...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Added bounds checking to ocfs2checkdirentry. This adds sanity checks for ocfs2direntry to ensure that all members of ocfs2direntry do not go beyond the valid memory region...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch, and at the same time, ffsepfilerelease is called from the user space. ffsepfilerelea...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for access to uninitialized lock in the fc replay path. The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with the fast-commit feature enabled: INFO: Trying to regist...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: FS:JFS:UBSAN: array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 The index 196694 is out of range for the type ‘s81365’ also known as...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed ext4mbmarkbb with flexbg and fastcommit. In the case of the flexbg feature which is enabled by default, extents for any given inode may span across blocks from two different block groups. ext4mbmarkbb only reads the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed a null pointer panic in the tracepoint of replaceatomicwriteblock. A kernel panic occurs when oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: Null pointer dereferencing in the kernel; address:...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than EXT4FCTAGBASELEN which will lead to out of bound read when mounting corrupt file...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Make sure the first directory block is not a hole. The syzbot constructs a directory that has no dirblock, but it is not inline; in other words, the first directory block is a hole. No errors are reported when creating file...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: use of a stale path after allocation in ext4extinsertextent As Ojaswin mentioned in the link, in ext4extinsertextent, if the path is reallocated during ext4extcreatenewleaf, we will use a stale path, leading to a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree because ext4mbdiscardgrouppreallocation may...

Astra Linux - уязвимость в linux-5.15

A use-after-free flaw was discovered in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c within the NFS filesystem of the Linux kernel. This issue could allow a local attacker to crash the system or may lead to a kernel information leak...