Astra Linux – Vulnerability in Wireshark

In Wireshark versions 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This issue was addressed in the epan/dissectors/packet-bacapp.c file by limiting the amount of recursion...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: added more sanity checks to qdiscpktleninit. One of the approaches handles SKBGSODODGY, assuming that skb-len is greater than hdrlen. The function virtionethdrtoskb does not fully dissect TCP headers; it only ensures that th...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Added BHB mitigation to the epilogue for cBPF programs. A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. Upon exiting a cBPF program, the BHB...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/packet: fixed a slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket uses PACKETCOPYTHRESH and mmap operations, tpacketrcv queues skbs with garbage in skb-cb, causing an excessive copy 1...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: Skip the evaluation of rules for confirmed conntrack entries. The nftctexpectobjeval function calls nfctextadd for confirmed conntrack entries. However, nfctextadd can only be called when !nfctisconfirmed is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: A “off-by-one” error occurred in buildprologue. Vincent reported that running BPF programs with tailcalls on LoongArch causes a kernel hard lockup. Debugging these issues revealed that the JIT-compiled code missed...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when bufferlimit is set to bufferlimit. The following setup can trigger a warning in htbactivate due to the condition: !cl-leaf.q-q.qlen. Example command: bash tc qdisc del dev lo root...

Astra Linux – Vulnerability in grub2

Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: hsr: Avoid potential out-of-bound access in fillframeinfo. syzbot can inject a packet with 14 bytes, pretending it is a VLAN packet. Since fillframeinfo already relies on skb-maclen, extend the check to cover this case....

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the bounds of the register are not correct. In particular, its...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: Fixed a potential crash during handling of gsoskb. SFQ assumes that it is always able to queue at least one packet. However, after the committed change, sch-q.len can be inflated by packets in sch-gsoskb. An...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the metadatadst leak in bpfredirectneigh for arguments bpfredirectneighv4,6 Cilium includes a BPF egress gateway feature that forces outgoing Kubernetes Pods’ traffic to pass through dedicated egress gateways. This...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver fails to populate the ndochangemtu function, allowing for a buffer overflow. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The onl...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed a crash that occurred due to out-of-bounds access to reg2btfids. When the commit e6ac2450d6de “bpf: Support bpf programs that call kernel functions” added support for kfunc, it defined reg2btfids as a convenient way...

Astra Linux – Vulnerability in Wireshark

Uncontrolled recursion in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or crafted capture files...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel in versions prior to 5.4.92 regarding the BPF protocol. This flaw allows an attacker with a local account to disclose information about kernel internal addresses. The greatest threat posed by this vulnerability relates to confidentiality...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: bounds checks were added to the host bulk flow fairness counts. Although we fixed a logic error in the commit cited below, the syzbot still managed to cause an underflow in the per-host bulk flow counters, resulti...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed an array bounds error with maygoto. Maygoto uses an additional 8 bytes on the stack, causing the interpreters array to go out of bounds when calculating the index using stacksize. 1. If a BPF program is rewritten,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Packet corruption occurred in vmxnet3xdpxmitframe. Andrew and Nikolay reported connectivity issues with Cilium’s service load-balancing in the case of vmxnet3. If a BPF program for native XDP adds an encapsulation header...