530 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak. This issue was fixed by using the syzbot tool to detect the KMSAN kernel-infoleak. The variable ‘opt’ in tcfifedump was partially initialized using a...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: wifi: Avoid exposing kernel data to user space through struct iwpoint struct iwpoint contains a 32-bit field on 64-bit architectures. c struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / Number ...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...
Astra Linux – Vulnerability in Linux, Linux 5.10
A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c within the Linux kernel. This flaw allows a local attacker with special user privileges CAPSYSADMIN or CAPSYSRAWIO to cause confidentiality issues...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...
Astra Linux - Vulnerability in linux-5.10
A vulnerability was discovered in the btrfsgetrootref function in fs/btrfs/disk-io.c within the Btrfs filesystem of the Linux kernel, caused by a double decrement of the reference count. This issue could allow a local attacker with user privileges to crash the system or lead to the disclosure of...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A use-after-free flaw was discovered in xgenehwmonremove in drivers/hwmon/xgene-hwmon.c within the Hardware Monitoring Linux Kernel Driver xgene-hwmon. This flaw could allow a local attacker to cause the system to crash due to a race condition. This vulnerability could even lead to a situation...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A use-after-free flaw was discovered in vhostnetsetbackend in drivers/vhost/net.c within the virtio network subcomponent of the Linux kernel, due to a double fget operation. This flaw could allow a local attacker to cause the system to crash, and could even lead to a kernel information leak issue...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: inetdiag: fixed a kernel-infoleak issue for UDP sockets KMSAN reported a kernel-infoleak issue 1 that could be exploited by unprivileged users. After analysis, it turned out that UDP was not initializing r-idiagexpires. Other...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dosysnametohandle: kzalloc was used to fix a kernel-infoleak vulnerability. The syzbot identified a kernel information leak vulnerability in dosysnametohandle. A report was issued regarding this issue 1. 1 “BUG: KMSAN:...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free read flaw was discovered in the sockgetsockopt function in net/core/sock.c, due to race conditions involving SOPEERCRED and SOPEERGROUPS functions when used with listen and connect in the Linux kernel. In this flaw, an attacker with user privileges could potentially crash the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A out-of-bounds memory access flaw was discovered in the Linux kernel, specifically in the relayfilereadstartpos function within kernel/relay.c in relayfs. This flaw could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actskbmod: prevent kernel-infoleak The syzbot discovered that tcfskbmoddump was copying four bytes from the kernel stack to user space 1. The issue here is that ‘struct tcskbmod’ has a four-byte hole. We need to cle...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed an information leak in btrfsioctllogicaltoino. Syzbot reported the following information leaks related to btrfsioctllogicaltoino: - BUG: KMSAN: A kernel-infoleak exists in instrumentcopytouser from...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A use-after-free flaw was discovered in r592remove in drivers/memstick/host/r592.c, responsible for media access in the Linux kernel. This flaw allows a local attacker to crash the system upon device disconnection, potentially leading to a kernel information leak...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...