Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Avoid reading uninitialized memory in ath9khtcrxmsg. syzbot reports that the uninitialized value is accessed at ath9khtcrxmsg. For ioctlUSBRAWIOCTLEPWRITE, the function ath9khifusbrxstream may call ath9khtcrxmsg with...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the KASAN use-after-free Read issue in computeeffectiveprogs. Syzbot identified a use-after-free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, causing a failure in the injected allocation...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thereby receivi...

Astra Linux – Vulnerability in OpenLDAP

A flaw was discovered in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, thereby triggering an assertion failure. The greatest threat of this vulnerability is to system availability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Do not override the return value of subprog The verifier test "calls: div by 0 in subprog" triggers a panic at the ld.bu instruction. The ld.bu instruction attempts to load a byte from the memory address returned ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only drop the call reference if one was actually acquired. The function rxrpcinputpacketonconn can process a packet for the client after the current client call on the channel has already been terminated. In this case,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed a memory double-free issue when handling zero-length packets. Line 829: If request-complete, then: 830 – Unlock the lock of privdev. 831 – Called usbgadgetgivebackrequest&privep-endpoint, request. 833 – Lock the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The commit bc235cdb423a “bpf: Prevent deadlock from recursive bpftaskstorageget|delete” first introduced deadlock prevention for fentry/fexit programs attaching to bpftaskstorage...

Astra Linux – Vulnerability in Qemu

QEMU 5.0.0 has a use-after-free issue in the hw/usb/hcd-xhci.c file, as the return value of usbpacketmap is not checked...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net:bcmgenet: Added a check for oversized packets. Occasionally, we may receive oversized packets from the hardware that exceed the maximum buffer size of 2 KiB allocated for SKBs. A proactive check is added to discard such...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF Use-After-Free issue caused by a race between btftrygetmodule and loadmodule. While working on code to populate the BTF IDs for modules, I noticed that by the time the initcall is invoked, the module’s BTF can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls pagepooldevallocpages, but it does not handle the case where NULL is returned. A WARNON!newpage message is generated, but the program still proceeds...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Do not pass flowid to setrpscpu. The responsible commit made the assumption that the RPS table for each receive queue would have the same size, and that it would not change. When computing flowid in setrpscpu, do not...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afnetlink: Fixed an out-of-bounds shift in the group mask calculation When a netlink message is received, netlinkrecvmsg fills in the address of the sender. One of the fields is the 32-bit bitfield nlgroups, which carries the...

Astra Linux – Vulnerability in Wireshark

A large loop exists in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9, and 3.2.0 to 3.2.17, which allows for denial of service through packet injection or with crafted capture files...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed an issue where incomplete state saving occurred in rxerequester. If a send packet is dropped by the IP layer in rxerequester, the call to rxexmitpacket may fail with an error code of -EAGAIN. To recover from this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fixed the JIT code size calculation for the BPF trampoline. The archbpftrampolinesize function provides the JIT size of the BPF trampoline before the buffer for JIT compilation of it is allocated. The total number of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 architectures, there is a vulnerability where forcing an 8-byte alignment for the JIT buffer can prevent atomic tearing. The struct bpfplt structure contains a u64 target field. Currently, the BPF JIT allocat...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ppp: Fixed the “KMSAN: uninit-value” warning with bpf. Syzbot detected a “KMSAN: uninit-value” warning 1. This issue arises because the ppp driver does not initialize a 2-byte header when using socket filter. The following code c...