Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: rtl8187: Fixed a potential buffer underflow in rtl8187rxcb. The rtl8187rxcb function calculates the RX descriptor header address by subtracting its size from the skbtailptr. However, it does not validate whether th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: A kernel panic occurs when dealing with unknown packet types. In the very rare case where a packet type is unknown to the driver, idpfrxprocessskbfields will return early without calling ethtypetrans to set the skb protocol...

Astra Linux – Vulnerability in libslirp

In ncsi.c within libslirp up to 4.3.1, there is an issue of buffer over-reading. This occurs because the program attempts to read a certain amount of header data, even when that amount exceeds the total packet length...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Pass the correct message length to ip6.AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To address this issue, we chec...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for checking attempts to corrupt spilled pointers When a register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus possibly a few more bytes depending on the actual spill size...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed corrupted packets for XDPSHAREDUMEM. A issue was addressed in the XDPSHAREDUMEM mode, along with the aligned mode, where packets were corrupted for the second and any subsequent sockets bound to the same umem. In other...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: Skip non-Ethernet packets Currently, tcfskbmodact assumes that packets use Ethernet as their L2 protocol, which is not always the case. For example, for CAN devices: bash $ ip link add dev vcan0 type vcan $ ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixed the reference count leak issue of netdevice. There is a reference count leak issue with the object “netdevice” in ax25devdevicedown. When the ax25 device is being shut down, ax25devdevicedown reduces the reference cou...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using free after in WebRTC in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted SCTP packet...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fixed the jump offset calculation in tailcall. The additional call to bpfintjitcompile skips the JIT context initialization. This effectively skips the offset calculation, resulting in outoffset = -1. Therefore, t...

Astra Linux – Vulnerability in Wireshark

In Wireshark versions 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This issue was addressed in the epan/dissectors/packet-multipart.c file by correcting the deallocation of invalid MIME parts...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Freeing special fields when updating lru,percpuhash maps Since lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to ‘bpfobjfreefields’ in ‘pcpucopyvalue’ could cause the memory referenced by BPFKPTRREF,PERCPU fiel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix for constant blinding in PROBEMEM32 stores The immediate stores of BPFST|BPFMEM32 are not handled by bpfjitblindinsn. This allows user-controlled 32-bit immediate values to survive blinding and be included in JIT-compile...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: r8169: Fixed possible ring buffer corruption due to fragmented Tx packets. An issue was discovered in the RTL8125b driver when transmitting small, fragmented packets. Invalid entries were inserted into the transmit ring buffer,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the ice module, the issue of using an untrusted value of pktlen in the icevcfdirparseRaw function has been fixed. This issue was addressed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

Astra Linux – Vulnerability in Linux, Linux 5.10

A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...

Astra Linux – Vulnerability in Qemu

The ethgetgsotype function in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process by sending packet data that lacks a valid Layer 3 protocol...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/bpf: Fixed the detection of BPF atomic instructions. The commit 91c960b0056672 “bpf: Rename BPFXADD and prepare to encode other atomic instructions in .imm” changed BPFXADD to BPFATOMIC and added a mechanism to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: cfg80211: Values of NL80211ATTRTXQQUANTUM are restricted. syzbot can trigger soft lockups by setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, which was fixed in the commit d9e15a273306 „pktsched: f...