Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Use callrcu to free endpoints This patch delays the endpoint freeing process by calling callrcu, in order to address another use-after-free issue in sctpsockdump: BUG: KASAN: Use-after-free in lockacquire+0x36d9/0x4c20...

Astra Linux – Vulnerability in Linux

The kernel/bpf/verifier.c file in the Linux kernel, as of version 5.12.1, performs undesirable speculative loads. This leads to the disclosure of stack contents through side-channel attacks, known as CID-801c6058d14a. The main issue is that the BPF stack area is not properly protected against...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel in versions prior to 5.4.92 regarding the BPF protocol. This flaw allows an attacker with a local account to disclose information about kernel internal addresses. The greatest threat posed by this vulnerability relates to confidentiality...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled. If the hfi1 module is loaded with HFI1CAPSDMA disabled, a call to hfi1writeiter will dereference a NULL pointer, resulting in a panic. A typical stack frame looks like this:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ptp: Unregistering virtual clocks when unregistering a physical clock. When unregistering a physical clock that contains virtual clocks, the virtual clocks must also be unregistered. This fix resolves the following errors that...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fixed a panic that occurs when the ipoib sendqueuesize is increased beyond the default value. When the ipoib sendqueuesize is increased, the following panic occurs: RIP: 0010:hfi1ipoibdraintxring+0x45/0xf0 hfi1 Code: 31 ...

Astra Linux – Vulnerability in Linux

JIT compilers in the Linux kernel from version 5.11.12 have incorrect calculations of branch displacements, allowing them to execute arbitrary code within the kernel context. This issue affects the files arch/x86/net/bpfjitcomp.c and arch/x86/net/bpfjitcomp32.c...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: pagepool: Fixed a use-after-free in pagepoolrecycleinring. syzbot reported a UAF Use-After-Free in pagepoolrecycleinring: BUG: KASAN: Slab-use-after-free in lockrelease+0x151/0xa30 in kernel/locking/lockdep.c:5862. A size 8 re...

Astra Linux – Vulnerability in Linux

A issue was discovered in the kernel of NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated with the AP. This could be exploited in Wi-Fi networks to launch denial-of-service attacks against connected clients, and it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid issuing a WARNON when configuring MQPRIO with HTB offload enabled. When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns -EINVAL and triggers a WARNON, resulting i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs: dlm: fixed use-after-free in midcomms commit While working on processing dlm messages in the softirq context, I encountered the following KASAN use-after-free warnings: 151.760477...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: cxusb: No longer judges rbuf when the write fails syzbot reported a uninit-value in cxusbi2cxfer. Only when the write operation of usbbulkmsg in dvbusbgenericrw succeeds and rlen is greater than 0, the read operation of...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Fix invalid drvstaprercuRemove calls for non-uploaded stations. This issue prevents potential data corruption issues caused by uninitialized driver-related private data structures...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fixed a potential use-after-free issue in the work function. When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “block, bfq”: fixed a potential use-after-free UAF in bfqexiticqbfqq. The commit 64dc8c732f5c “block, bfq: fix possible UAF for ‘bfqq-bic’” addresses the issue where bfqexiticqbfqq might access ‘bic-bfqq’ before calling bicsetbfq...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fixed missing NULL checks. The scarlett2inputselectctlinfo function sets up the string arrays using kasprintf, but it fails to perform NULL checks. This could lead to NULL dereferencing errors. We need to ad...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed the smbdirectrecvio leak in the smbdnegotiate error path. During tests of another unrelated patch, I was able to trigger this error: Objects remaining on kmemcacheshutdown...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: hifusb: A use-after-free issue has been fixed in ath9khifusbregincb. It is possible that the skb buffer is freed during ath9khtcrxmsg, and then usbsubmiturb fails. As a result, we try to free the skb buffer again,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a resource leak in ksmbdsessionrpcopen. When ksmbdrpcopen fails, it must call ksmbdrpcidfree to undo the result of ksmbdipcidalloc...