Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: The issue in tipcnlcompatnametabledumpheader regarding the check of the msg-req TLV length was fixed. This is a follow-up to commit 974cb0e3e7c9 “tipc: fixing uninit-value in tipcnlcompatnametabledump". In that commit, a ty...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fixed the warning during failed attribute validation. The TCAMPLSLABEL attribute is of type NLAU32, but its validation type is NLAVALIDATEFUNCTION. This is an invalid combination according to the comment above...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fixed legacy IPoIB issues due to an incorrect number of queues. The referenced commit creates child PKEY interfaces through netlink, which involve multiple TX and RX queues. However, some devices do not support more tha...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Changed the nlapolicy for bearer-related names to NLANULSTRING. The syzbot reported the following uninit-value access issues 1: ===================================================== BUG: KMSAN: uninit-value in strlen...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: sr – fixed possible use-after-free and nullptrderef issues. The pernet operations structure for the subsystem must be registered before registering the generic netlink family...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: gtp: Fixed use-after-free and null-ptr-deref issues in gtpgenldumppdp. The gtpnetops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller reported a “general...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: The error logic for writing back the IFLABRIDGEFLAGS flags has been fixed. In the commit d73ef2d69c0d “rtnetlink: let rtnlbridgesetlink checks IFLABRIDGEMODE length”, an adjustment was made to the old loop logic in the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Reduced Rtnl pressure in smcpnetcreatepnetidslist. Many syzbot reports indicate extreme Rtnl pressure, and many of them suggest that smc acquires Rtnl during the creation of netnames without any valid reason 1. This patc...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fixed an illegal access to rmbdesc during SMC-D connection dumping. A crash was detected when dumping SMC-D connections. This issue can be reproduced by performing the following steps: 1. Run the nginx/wrk test: smcrun...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netlink: Fixed wraparounds of sk-skrmemalloc. Netlink has this pattern in some places: c if atomicread&sk-skrmemalloc sk-skrcvbuf atomicaddskb-truesize, &sk-skrmemalloc; This issue was also fixed in commit 5a465a0da13e “udp: Fixe...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: fixed the integer overflow in the geneveopt structure’s length field. The struct geneveopt uses 5 bits to represent the length of each individual option. This means that the size of each option should be less than 128 bytes...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: rtnetlink: Allocate sufficient vfinfo size for VF GUIDs when supported. Commit 30aad41721e0 "net/core: Add support for getting VF GUIDs" added support for obtaining VF port and node GUIDs in netlink’s ifinfo messages. However,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of fib6dumpdone during netlink socket destruction. 1 According to the log, syzkaller sent an AFUNSPEC RTMGETROUTE message, and then th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Converting the blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding/removing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: vdpa: Added the featuresattr attribute to vdpanlpolicy for checking the nlattr length. The vdpanlpolicy structure is used to validate the nlattr when parsing incoming nlmsg. It ensures that the described attribute produces a vali...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walking over the current view in netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on this mechanism to infer which view o...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Correctly check the presence of LSNLATYPEDGID. The netlink response for RDMANLLSOPIPRESOLVE should always contain an LSNLATYPEDGID attribute; it is invalid if it is missing. Properly use the nl parsing logic and cal...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netlink: avoided infinite retry loops in netlinkunicast The netlinkattachskb function checks the read memory allocation constraints of the socket. First, it checks whether the newly increased rmem value fits within the socket’...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...