Astra Linux – Vulnerability in Linux

A buffer overflow at the framebuffer layer in the fbcon code within the Linux kernel, prior to version 5.8.15, could be exploited by local attackers to read kernel memory, referred to as CID-6735b4632def...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel in versions prior to 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel. This allows anyone between the two endpoints to read the unencrypted...

Astra Linux – Vulnerability in Linux

A flaw involving double-free memory corruption in the Linux kernel’s HCI device initialization subsystem was discovered. This flaw allows a malicious HCI TTY Bluetooth device to be attached to the system. A local user could exploit this flaw to crash the system. This flaw affects all Linux kernel...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the HDLCPPP module of the Linux kernel in versions prior to 5.9-rc7. Memory corruption and a read overflow occur due to improper input validation in the pppcpparsecr function, which can cause the system to crash or lead to a denial of service. The greatest threat posed by...

Astra Linux – Vulnerability in Linux 5.10

In the dplinksettingswrite function in the file drivers/gpu/drm/amd/display/amdgpudm/amdgpudmdebugfs.c in the Linux kernel, up to version 5.14.14, there is a vulnerability that allows for a heap-based buffer overflow by an attacker. This vulnerability arises because the attacker can write a strin...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A memory leak flaw was discovered in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user initiates a malicious networking service, and someone connects to this service. This could allow a local user to deplete resources, resulting in a denial of service...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOCHDCP clock enabled. Keep the NOCHDCP clock always enabled to address the potential hang caused by the NoC ADB400 port power-down handshake...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the Linux kernel’s driver for ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet devices. The vulnerability involves multiple out-of-bounds reads and possible out-of-bounds writes...

Astra Linux – Vulnerability in Linux 5.10

A vulnerability was discovered in the net/tipc/crypto.c file within the Linux kernel before version 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit a lack of sufficient validation of the user-supplied sizes for the MSGCRYPTO message type...

Astra Linux – Vulnerability in Linux

In the rbd block device driver located in drivers/block/rbd.c within the Linux kernel, up to version 5.8.9, incomplete permission checks were used for accessing rbd devices. This could have been exploited by local attackers to map or unmap rbd block devices, specifically the CID-f44d04e696fe devi...

Astra Linux – Vulnerability in Linux

In the binderreleasework function of binder.c, there is a potential use-after-free issue due to improper locking. This could lead to a local escalation of privileges in the kernel, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...

Astra Linux – Vulnerability in Linux, Linux 5.10

A memory leak flaw was discovered in the Linux kernel’s ccprunaesgcmcmd function, which allows an attacker to cause a denial of service. This vulnerability is similar to the older CVE-2019-18808. The greatest threat posed by this vulnerability is to system availability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rtc: Check whether the rtcreadtime call was successful in rtctimerdowork. If the rtcreadtime call fails, the struct rtctime tm; structure may contain uninitialized data, or an illegal date/time reading from the RTC hardware may...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed KASAN: slab-out-of-bounds read in fib6nhflushexceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag ‘fixes’ of git://git.kernel.org/pub/scm/… git tree:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsbmaplookupatlevel in the file fs/nilfs2/inode.c of the nilfs2 component. Manipulation of this function can lead to a null pointer dereference. The attack can be launched...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free flaw was discovered in the Linux kernel due to a race condition in the unix garbage collector’s deletion of SKB races involving the unixstreamread generic function on the socket onto which the SKB is queued...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free vulnerability exists in the Linux kernel’s net/sched: schqfq component, which can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers a use-after-free in qfqdequeue, due to the incorrect .pe...

Astra Linux - Vulnerability in linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: riscv: Move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from the kernel image mapping. The regions arrays need to be "reallocated" from memblock and accessed through linear mapping ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Resources are freed after they are unregistered. The unbind operation of the DP component iterates through the submodules to unregister them and clean up the situation. However, if the unbind occurs because the DP...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the incorrect setting of maxcorrreaderrors. There is no input validation when using the echo md/maxreaderrors command, and an overflow might occur. Add validation for the input number...