12422 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: added retry logic in net6rtnotify inet6rtnotify can only be called under RCU protection. This means that the route may be changed concurrently, and rt6fillnode may return -EMSGSIZE. Resize the skb when this occurs and...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: kcm: An annotate data-race around kcm-rxpsock has been fixed. kcm-rxpsock can now be read without a lock in kcmrfree. The read and write operations have been adjusted accordingly. The same approach is used for kcm-rxwait in th...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU NBD Server. This vulnerability allows for a Denial-of-Service DoS attack through improper synchronization during socket closure, where a client keeps a socket open while the server is offline...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevented NULL dereferencing in clippush The committed code failed to account for calls to vccDestroySocket where clippush is used with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: udp: fixed the race condition between close and udpabort Kaustubh reported and diagnosed a panic condition in udpliblookup. The root cause is that udpabort races with close. Both functions attempt to acquire the socket lock, but...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jumps to the out Fail label and returns without calling mcanreceiveskb. This means that the skb...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisock: Prevent race conditions in socket write iteration and sockbind. There is a potential race condition between sockBind and socketwriteiter. bind may free the same memory location through mgmtPending before th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix for crashes that occur when the regular task queue is reactivated. When the regular task queue is reactivated after the XSK socket is closed, it may read stale cancellation requests cqe, which can eventually...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mlx5: fixed the potential use-of-free condition when using the PTP queue’s FIFO mechanism. FIFO indexes are not checked during pop operations, which can lead to a use-of-free issue when popping items from an empty queue. This...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fixed a potential memory leak in bcmaspxmit. The bcmaspxmit function returns NETDEVTXOK without freeing the skb object in case of mapping failures. Add devkfreeskb to address this issue...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: gro: fixed ownership transfer If packets are received using GRO, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a problem because...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: xsk: prohibit usage of non-balanced queue ID Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z The above refers to a situation where a user wants to attach an XSK socket in txonly mode at a...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipvlan: Do not use skb-sk in ipvlanprocessv4,6outbound Raw packets from the PFPACKET socket on an IPv6-backed ipvlan device will trigger a WARNONONCE call in skmcloop, through the schdirectxmit path. Warning: CPU: 2 PID: 0 at...
Astra Linux – Vulnerability in Apache Log4j2
In Apache Log4j Core versions 2.0-beta9 through 2.25.2, the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostNa...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fixed the issue where no check was performed to determine whether skb actually contained an ACL header. Otherwise, the code might attempt to access uninitialized/invalid memory beyond the valid skb-data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ionic: Use devconsumeskbany outside of NAPI. If we are not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb. Specifically, we need to call it with budget == 0 to signal that we are not in a safe...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: nbd: Fixed an issue where an io hung state occurred during device disconnection. In our tests, “qemu-nbd” triggered an io hung state: INFO: Task “qemu-nbd”: 11445 is blocked for more than 368 seconds. Not tainted...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fixed a memory leak in nonstaticreleaseresourcedb. When nonstaticreleaseresourcedb frees all resources associated with a PCMCIA socket, it forgets to free socketdata as well, resulting in a memory leak that...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refusal to enable an unbound pipe The ioctl function implicitly assumed that the socket was already bound to a valid local socket name, i.e., a Phonet object. If the socket was not bound, two problems would occur: 1 W...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a double-free on the socket destructor function When an MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to ‘inetopt’ for the new socket has the same value as the...