Astra Linux - уязвимость в cloud-init

In cloud-init through 25.1.2, the systemd socket unit cloud-init-hotplugd.socket is included, with a default SocketMode of 0666, allowing world-write permissions. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. A non-privileged user can trigger hotplug-hook commands...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: e100: Fixed possible use of memory after it is freed in e100xmitprepare. In e100xmitprepare, if it is not possible to map the skb, then -ENOMEM is returned. As a result, e100xmitframe will return NETDEVTXBUSY, and the upper layer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Fixed pages leaking when building skb in big mode. We attempt to use buildskb if there is sufficient “tailroom”. However, we forget to release the unused pages that are chained via private in big mode, which can lead ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: Ensure that the skb is freed when it is completely used. By using the TX BD to track the skb pointer, we have a simple and efficient way to free the skb buffer after the frame has been transmitted. However, in order...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fixed the issue of the sentcmd skb being leaked before it was freed. The sentcmd memory was not freed before freeing hcidev, causing it to leak its contents...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TCP/UDP: Fixed memory leaks related to sk and zerocopy SKBS with TX timestamps. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY SKBS. We can reproduce the problem with the following sequence: sk = socketAFINET,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing client-side handling of TLS alerts A security exploit was discovered in NFS over TLS in tlsalertrecv. This issue arose due to the assumption that there was valid data within the iterator’s kvec field of the msghdr...

Astra Linux - уязвимость в linux

A vulnerability was discovered in the Linux kernel, where the non-blocking socket operation in llcpsockconnect leads to a leak and ultimately causes the system to hang...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before version 6.4.10. There is a use-after-free issue, as the children of a sk object are handled incorrectly...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iouring: Any code related to SCMRIGHTS has been removed. This is dead code after we stopped supporting the use of iouring for handling file I/O via SCMRIGHTS; it can now be discarded...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed the LGR and link use-after-free issue. We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: nfc: fixed races in nfcllcpsockget and nfcllcpsockgetsn Sili Luo reported a race condition in nfcllcpsockget, which led to a Use-After-Value error. The process of getting a reference to the socket involved in a lookup...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fixed the issue where the memory of skmsg was charged twice. If tcpbpfsendmsg is running during a cleanup operation, psock may be freed. The sequence of operations is as follows: tcpbpfsendmsg, tcpbpfsendverdict,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: skbuff: fixed the coalescing behavior for pagepool fragment recycling. Fixed a use-after-free issue when using pagepool with page fragments. We encountered this problem during normal RX processing in the hns3 driver: 1 Initially,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: It is necessary to check that sock is valid before assigning it to the variable. The validity of sock should be checked to prevent incorrect values. This change was introduced in commit 57569c37f0ad...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: udp: Fixed multiple wraparounds of sk-skrmemalloc. udpenqueuescheduleskb has the following condition: if atomicread&sk-skrmemalloc sk-skrcvbuf goto drop; sk-skrcvbuf is initialized by net.core.rmemdefault and can later be...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes a memory leak in iucvsockdestruct. Passing the MSGPEEK flag to skbrecvdatagram increments the skb refcount skb-users, while iucvsockrecvmsg does not decrement the skb refcount at exit. This results in a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: The stale u-oobskb was cleared. syzkaller started reporting a deadlock of unixgclock after the commit. 4090fa373f0e “afunix: Replace the garbage collection algorithm.”, but it simply exposes a bug that has existed since t...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk from being released while still in use The functions iplocalout and others can pass skb-sk as a function argument. If the skb is a fragment and reassembly occurs before such a function call returns, t...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We have many more similar issues that need to be...