Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Ext4 File System, where a user can trigger multiple file operations simultaneously using the overlay FS mechanism. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. Only if patch...

Astra Linux – Vulnerability in Linux 5.15

A use-after-free flaw was discovered in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c within the NFS filesystem of the Linux kernel. This issue could allow a local attacker to crash the system or may lead to a kernel information leak...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: TCP: Added sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro function changed the RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNON...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the OverlayFS subsystem of the Linux kernel, regarding the way users mount the TmpFS filesystem using OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s Memory Management subsystem, where a user can win two races simultaneously due to a failure in the masprevSlot function. This issue could allow a local user to crash the system...

Astra Linux – Vulnerability in Linux, Linux 5.10

The Linux kernel may allow a local attacker to execute arbitrary code on the system, due to a concurrency use-after-free flaw in the badflpintr function. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial-of-service...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1

A “use-after-free” vulnerability in the Linux kernel’s ipv4:igmp component can be exploited to achieve local privilege escalation. A race condition can also be exploited, causing a timer to be mistakenly registered on a RCU read-locked object that is then freed by another thread. We recommend...

Astra Linux – Vulnerability in Linux 5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The amvdecsetcanvases function in the drivers/staging/media/meson/vdec/vdechelpers.c file lacks a check on the return value of kzalloc. This could lead to a null pointer dereferencing...

Astra Linux – Vulnerability found in linux-astra-modules-5.4, linux-astra-modules-5.10, linux-astra-modules-5.15, and linux-astra-modules-6.1

The vulnerability of the parsecsecid and pscsecidtolbl functions in Linux Astra Modules is related to errors during thread blocking. Exploiting this vulnerability allows a perpetrator to cause service failures...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability was discovered in the siano smsusb module within the Linux kernel. The bug occurs during device initialization, when the siano device is plugged in. This flaw allows a local user to crash the system, resulting in a denial-of-service condition...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A vulnerability was discovered in the HCI socket implementation due to a missing capability check in the net/bluetooth/hcisock.c file within the Linux kernel. This flaw allows an attacker to execute management commands without authorization, compromising the confidentiality, integrity, and...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free vulnerability in the Linux kernel’s afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function attempts to add data to the last skb in the peer’s recv queue without locking the queue. This creates a race condition where...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been identified in the Linux kernel. It has been declared as problematic. The function “followpagepte” in the file “mm/gup.c” of the component BPF is affected by this vulnerability. This manipulation leads to a race condition. The attack can be launched remotely. It is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid dereferencing the fcport pointer. Klocwork reported a warning that a NULL pointer might be dereferenced. The routine exits when saCTL is NULL and fcport is allocated after the exit call. This causes the NULL...

Astra Linux – Vulnerability in Linux, Linux 5.10

preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the Linux kernel for PowerPC before version 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to a bug in the implementation of arch/powerpc/kvm/book3shvrmhandlers.S, which handles the values of the SRR1 register...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw was discovered in the Linux kernel. A use-after-free vulnerability in the NFC stack can pose a threat to confidentiality, integrity, and system availability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fixed the lockdep issue in qdisctreereducebacklog The qdisctreereducebacklog function is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup. syzbot reported: WARNING:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fat: Fixed an uninitialized field in the nostale filehandles. When the fatencodefhnostale function encodes a file handle without a parent handle, it only stores the first 10 bytes of the file handle. However, the length of the fi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: Fix unexpected zeroed page mapping with zram swap In cases where two processes are cloning under CLONEVM, a user process may be corrupted when zeroed pages are unexpectedly displayed. CPU A | CPU B --- | --- doswappage |...