Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: “recordmcount”: Fixed memory leaks in the uwrite function. “Common realloc mistake”: The “file.Append” pointer was set to null, but it wasn’t freed upon failure...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdccrtcsetcrcsource, the struct drmcrtc was dereferenced before the pointer check by the containerof function. This could cause kernel panic. Fix this “match warning”:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev. Do not assign the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device; drivers should not override this value. Fixed a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igb: Fixed the issue where igbdown got hung when removing the Thunderbolt hub. In a setup where a Thunderbolt hub is connected to Ethernet and a display via USB Type-C, users may experience a task-hanging timeout when they remove...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: added a NULL check in xfrmupdateaeparams Normally, x-replayesn and x-preplayesn should be allocated in xfrmallocreplaystateesn..., hence xfrmupdateaeparams... can update them. However, the current implementation of...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k: Fixed corruption of SKBs in the REO destination ring. While running traffic for a long time, a random RX descriptor filled with the value “0” from the REO destination ring is received. This invalid descriptor...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset The commit 7c01dbfc8a1c5f “iavf: periodically cache PHC time” introduced a worker that was responsible for caching PHC time. However, it failed to stop this worker during resets or to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers both sdio and spi, which can lead to kernel panic. For example, this issue occurs when using SPI:...

Astra Linux – Vulnerability in Linux 5.10, Linux

A NULL pointer dereference flaw exists in the diFree function in the fs/jfs/inode.c file of the Journaled File System JFS in the Linux kernel. This flaw could allow a local attacker to crash the system or leak internal kernel information...

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Bluetooth subsystem. In this flaw, users can simultaneously call the connect and disconnect functions on the socket, leading to a race condition. This flaw may cause the system to crash or allow an escalation of privileges. The most...

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in ncirequest in net/nfc/nci/core.c within the NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race issue while the device is being removed, leading to a privilege escalation...

Astra Linux – Vulnerability in Linux

A out-of-bounds memory write flaw was discovered in the Linux kernel’s joystick devices subsystem in versions prior to 5.9-rc1. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. The greatest threat posed by this vulnerability is related to...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the sctpmakestrresetreq function within the net/sctp/smmakechunk.c file, located in the SCTP network protocol in the Linux kernel. This flaw involves attempting to use more buffer space than is allocated, which triggers a BUGON issue, resulting in a denial of service DOS...

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Ext4 File System, where a user can trigger multiple file operations simultaneously using the overlay FS mechanism. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. Only if patch...

Astra Linux – Vulnerability in Linux 5.15

A use-after-free flaw was discovered in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c within the NFS filesystem of the Linux kernel. This issue could allow a local attacker to crash the system or may lead to a kernel information leak...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: TCP: Added sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro function changed the RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNON...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the OverlayFS subsystem of the Linux kernel, regarding the way users mount the TmpFS filesystem using OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Memory Management subsystem, where a user can win two races simultaneously due to a failure in the masprevSlot function. This issue could allow a local user to crash the system...

Astra Linux – Vulnerability in Linux, Linux 5.10

The Linux kernel may allow a local attacker to execute arbitrary code on the system, due to a concurrency use-after-free flaw in the badflpintr function. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial-of-service...