395 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
A race condition was detected in the Bluetooth device driver of the Linux kernel’s min,maxkeysizeset function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
KGDB and KDB allow read and write access to kernel memory, and therefore should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger, so it is important that the debugger respects the lockdown mode when/if it is triggered. CVSS 3.1 Base Score: 6.7...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dma-debug: Do not call dmaentryalloccheckleak under freeentrieslock. dmaentryalloccheckleak calls into printk, which outputs to the serial console qcom geni. It also acquires port-lock under freeentrieslock. This involves a rever...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransDestroy calls listdel, but the transaction was never placed on a list—the list head contains only zeros, which results in a NULL pointer being dereferenced...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: Avoid leaking ctx on the error path of dsatag8021qregister If dsatag8021qsetup fails, for example due to the inability of the device to install a VLAN, the tag8021q context of the switch will be leaked. Make...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A NULL pointer dereference flaw was discovered in the rawv6pushpendingframes function in net/ipv6/raw.c within the network subcomponent of the Linux kernel. This flaw can cause the system to crash...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel through version 6.0.9. In the file drivers/media/dvb-core/dvbnet.c, there is a race condition between .disconnect and dvbdeviceopen, which leads to a use-after-free situation...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fixed a potential buffer overflow issue caused by snprintf. The snprintf function returns the size of the string that would be filled if it exceeds the given buffer size. Therefore, using this value may lea...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
Closing an event channel in the Linux kernel can lead to a deadlock. This occurs when the closure operation is performed in parallel with an unrelated Xen console action, and the handling of a Xen console interrupt occurs in a unprivileged guest. The closure of an event channel is triggered, for...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A null pointer dereference flaw was discovered in the hugetlbfsfillsuper function within the Linux kernel’s hugetlbfs Huge TLB pages functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A flaw was discovered in the Linux kernel. The existing KVM SEV API contains a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in an AMD CPU that supports Secure Encrypted Virtualization SEV...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously, the cp2112 driver called INITDELAYEDWORK within cp2112 gpioirqstartup, resulting in duplicate initializations of the workqueue during subsequent IRQ starts after an...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on summary information As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i2c: Fixed a potential use after free The adap structure should only be freed after we have finished using it. This patch simply moves the putdevice function slightly to avoid the potential issue after freeing the structure. wsa:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark the target gfn of the emulated atomic instruction as dirty. When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to execute but fails without...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: FS:JFS:UBSAN: array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 Index 196694 is out of range for type ‘s81365’ aka ‘signed char1365’ CPU:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fixed the polling for GICRCTLR.RWP. It turns out that our polling of RWP is completely incorrect when checking for it in the redistributors. We were testing the distributor bit index, but it’s actually a different...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed a reference leak in the GID entry when the createah operation fails. If the AH create request fails, the sgidattr should be released to avoid a reference leak during the release of the GID table...