Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: At the ata module, there is a bug in libata: the pending work is cancelled after clearing deferredqc. Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning a non-zero value before issuing the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch object. The freewatch function does everything except for actually freeing the watch object. This issue is fixed by adding the missing kfree call. kmemleak generates a report similar to the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed an issue where incomplete state saving occurred in rxerequester. If a send packet is dropped by the IP layer in rxerequester, the call to rxexmitpacket may fail with an error code -EAGAIN. To recover, the state of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed error handling after opening. Closing a queue does not guarantee that all associated page pools are terminated immediately; let the refcounting handle this process instead of releasing the zcrx ctx directly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: The ctx variable was initialized to avoid a memory allocation error. It is possible that the ctx variable in nfqnlbuildpacketmessage could be used before it is properly initialized. It is only initializ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fixed a accounting bug when using peek in hfscenqueue. When enqueuing the first packet to an HFSC class, hfscenqueue calls the peek operation of the child qdisc before incrementing sch-q.qlen and sch-qstats.backlog. If t...

Astra Linux - уязвимость в linux

A issue was discovered in the Linux kernel through version 5.11.10. In the drivers/net/ethernet/freescale/gianfar.c file of the Freescale Gianfar Ethernet driver, it was found that a negative fragment size can be calculated in situations where an rx queue overrun occurs when jumbo packets are use...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Do not destroy the workqueue from work items running on it. This issue was triggered by a decrease in the value of kref. The destroyworkqueue function might be called from within a work item to destroy its own...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones. However, if rxeqpfrominit fails, the QP fields may be filled with garbage, causing the followi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - bus: mhi: core: Fixed an invalid error that was returned in mhiqueue. - mhiqueue returns an error when the doorbell is not accessible in the current state. This can occur when the device is in a non-M0 state, such as M3, and...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Improved robustness of audit queue handling If the audit daemon becomes stuck in a stopped state, the kauditdthread function in the kernel might get blocked while attempting to send audit records to the audit daemon in the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Added a timeout to acquiring the command queue semaphore. Prevented forced completion handling on an entry that has not yet been assigned an index, causing an out-of-bounds access at idx = -22. Instead of waiting...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: io-wq: Check for wq exit after adding a new worker taskwork. We check the IOWQBITEXIT flag before attempting to create a new worker. The wq exit cancels any pending tasks if there are any. However, it’s possible for a race...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list mlx5wqllpop. For SHAMPO, it is possible to receive CQEs with 0 consumed strides fo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ICE: xsk: prohibit usage of non-balanced queue ID Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z The above refers to a situation where a user wants to attach an XSK socket in txonly mode at a...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed a heap-based buffer overflow in the queuerun function, through two sender options: -R and -S. This could lead to privilege escalation from the exim user to the root user...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: Reverted “scsi: fcoe: Fix potential deadlock on &fip-ctlrlock”. This reversion involves commit 1a1975551943f681772720f639ff42fbaa746212. This commit caused interrupts for FCoE devices to be lost, as it changed the sping loc...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: codel: The check sch-q.qlen was removed before the call to qdisctreereducebacklog. After making all calls to -qlennotify idempotent, it is now safe to remove the check for qlen!=0 from both fqcodeldequeue and codelqdiscdequeue...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – injects an error before stopping the queue. The master OOO cannot be completely closed when the accelerator core reports a memory error. Therefore, the driver needs to inject the qm error to close the maste...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...