Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: The x-tunnel variable is deleted as soon as the x variable is deleted. The IPcomp fallback tunnels currently get deleted from various lists and hashtables because the last user state that relied on those fallbacks is...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fixed a warning caused by destroying non-initial netns. After the commit 5ce2dced8e95 “RDMA/ipoib: Set rtnllinkops for ipoib interfaces”, if the IPOIB device is moved to a non-initial netns, destroying that netns caus...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed the UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops.init fails, data is released. However, the pointer ptr in net.gen becomes invalid. In this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak has been fixed in allocns. After changes in commit a1bd627b46d1 “AppArmor: sharing the profile name during replacement”, the hname member of the struct aapolicy is not a valid slab object; however, it is a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: conntrack: Serialize hash resizes and cleanups Syzbot was able to trigger the following warning 1 No repro found by syzbot yet, but I was able to trigger a similar issue by having two scripts running in parallel,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: Fixed a race condition related to port output. Assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows. 2. Two network namespaces: “server” and “client”. 3...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs: dropping peer group IDs under namespace lock When cleaning up peer group IDs in the failure path, we need to ensure that the namespace lock is retained. Otherwise, another thread might simultaneously change the mount status...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability was discovered in the cgroupreleaseagentwrite function of the Linux kernel, within the kernel/cgroup/cgroup-v1.c file. Under certain circumstances, this flaw allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass namespace isolation unexpectedly...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: In the function xtables, there is a issue where a block of memory allocated for the percpu counter leaks during an error-prone path when creating new netns. The stack where this memory allocation occurs is as follows: ...

Astra Linux - уязвимость в firejail

A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...

Astra Linux - уязвимость в linux, linux-5.10

In the net/netfilter/nftablesapi.c file within the Linux kernel, up to version 5.18.1, it is possible for a local user who can create user/net namespaces to escalate privileges to root. This occurs because an incorrect NFTSTATEFULEXPR check leads to a use-after-free vulnerability...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: move the initialization of the reply cache cache counters back into nfsdinitnet The commit f5f9d4a314da “nfsd: move the reply cache initialization into nfsd startup” moved the initialization of the reply cache into nfsd...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Apparmor: Avoid a crash when parsing an empty profile name. When processing a packed profile in unpackprofile, the string “:samba-dcerpcd” is parsed as a fully qualified name and then passed to aasplitnfqname. aasplitnfqname trea...

Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

In xmlparse.c within Expat also known as libexpat, prior to version 2.4.5, attackers could insert namespace-separator characters into namespace URIs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “net/mlx5: Block entering switchdev mode with ns inconsistency” This fix involves reverting the commit 662404b24a4c4d839839ed25e3097571f5938b9b. The reversion is necessary because there was suspicion that this issue might cause...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mr: Consolidated the checks for ipmrcanfreetable. Guoyu Yin reported a crash in the ipmr netns cleanup process. WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmrfreetable net/ipv4/ipmr.c:440 inline WARNING:CPU: 2 PID: 145...

Astra Linux - уязвимость в linux-5.10

Due to a vulnerability in the iouring subsystem, it is possible to leak kernel memory information to the user process. The timesinstall function calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s...

Astra Linux - уязвимость в docker.io

In Docker versions prior to 9.03.15 and 20.10.3, there is a vulnerability related to the --userns-remap option. This option allows access to the remapped root directory, enabling privilege escalation to the actual root directory. When using --userns-remap, if the root user in the remapped namespa...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing it. The function dofanotifymark does not validate whether mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pfcp: The device is destroyed along with the udp socket’s netns. The pfcpnewlink function links the device to a list in devnet instead of net, where an udp tunnel socket is created. Even when net is removed, the device remains...