Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free vulnerability in the Linux kernel’s afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function attempts to add data to the last skb in the peer’s recv queue without locking the queue. This creates a race condition where...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been identified in the Linux kernel. It has been declared as problematic. The function “followpagepte” in the file “mm/gup.c” of the component BPF is affected by this vulnerability. This manipulation leads to a race condition. The attack can be launched remotely. It is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid dereferencing the fcport pointer. Klocwork reported a warning that a NULL pointer might be dereferenced. The routine exits when saCTL is NULL and fcport is allocated after the exit call. This causes the NULL...

Astra Linux – Vulnerability in Linux, Linux 5.10

preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the Linux kernel for PowerPC before version 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to a bug in the implementation of arch/powerpc/kvm/book3shvrmhandlers.S, which handles the values of the SRR1 register...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the Linux kernel. A use-after-free vulnerability in the NFC stack can pose a threat to confidentiality, integrity, and system availability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fixed the lockdep issue in qdisctreereducebacklog The qdisctreereducebacklog function is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup. syzbot reported: WARNING:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fat: Fixed an uninitialized field in the nostale filehandles. When the fatencodefhnostale function encodes a file handle without a parent handle, it only stores the first 10 bytes of the file handle. However, the length of the fi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: Fix unexpected zeroed page mapping with zram swap In cases where two processes are cloning under CLONEVM, a user process may be corrupted when zeroed pages are unexpectedly displayed. CPU A | CPU B --- | --- doswappage |...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm integrity: Memory corruption occurs when tagsize is less than digestsize. It is possible to configure dm-integrity in such a way that the tagsize parameter is smaller than the actual digestsize. In this case, a portion of the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fixed a use-after-free issue when volume creation failed. There is a use-after-free problem related to ‘ebatbl’ in the error handling path of ubicreatevolume. c ubiebareplacetablevol, ebatbl vol-ebatbl = tbl...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroywork queue before calling bnx2fcinterfaceput The bnx2fcdestroy function removes the interface before calling destroywork. This causes multiple WARNings from sysfsremovegroup, as the controller rport...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: um: Fixed an out-of-bounds read in LDT setup syscallstubdata expects the datacount parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: Out-of-bounds acces...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: A bug in pvr2i2ccoreinit caused an array index out of bounds issue. Syzbot reported that -1 was used as an array index. The problem lay in the lack of a validation check. The value of hdw-unitnumber is initialized...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fixed the null-pointer-dereference issue in slgtclean. When the driver fails at allochdlcdev, and then we remove the driver module, we will encounter the following error: 25.065966 General protection fault; likel...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a null pointer dereferencing after failing to issue FLOGI and PLOGI commands. If lpfcissueelsflogi fails and returns a non-zero status, the node’s reference count is decremented to trigger the release of the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/virtio: fixed a NULL pointer dereference in virtiogpuconngetmodes drmcvtmode may return NULL, and we should check for this. This bug was discovered by syzkaller: FAULTINJECTION stacktrace: 168.567394 FAULTINJECTION: forcin...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exec: Force a single empty string when argv is empty Quoting 1 Ariadne Conill: “In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program. This prevents scenarios...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a data race around sysctltcpprobethreshold. When reading sysctltcpprobethreshold, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fixed the use of variables after they are freed in fcexchabtsresp. The function fcexchrelease/ep decreases the reference count of the ep variable. When the reference count reaches zero, the ep variable is freed...