Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdceem: Fix for the leak in eemfixup when usbnet transmits a skb. When usbnet transmits a skb, it is processed in eemtxfixup. If skbcopyexpand fails, it returns NULL. In this case, usbnetstartxmit has no chance to free the...

Astra Linux - уязвимость в avahi

A flaw was discovered in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not handled correctly in the clientwork function, allowing a local attacker to trigger an infinite loop. The most significant threat from this...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: inet: Sk-skrxdst was converted to RCU rules. The syzbot reported various issues related to early demux processing. One of these issues is included in this changelog 1. Sk-skrxdst uses RCU protection without proper documentatio...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetching the skb context after calling tipcmsgvalidate As shown in the call trace, the original skb was freed during the execution of tipcmsgvalidate. Dereferencing the old skb context would cause a “use-after-free” cras...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: dev: canrestart: fix use after free bug After calling netifrxniskb, dereferencing skb is unsafe. In particular, the canframe field, which aliases skb memory, is accessed after the netifrxni function in: stats-rxbytes +=...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: The destructor was restored after a submission failure. The handshakereqsubmit function replaces sk-skdestruct, but never restores it when the submission fails before the request is hashed. In this case,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition related to the refcnt of skb after locking operations. There is a race condition where the skb from the skpsockbacklog can be referenced after the user-space side has already consumed the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fixed a possible memory leak in the mt7915mcuaddsta routine. The allocated skb was freed in the mt7915mcuaddsta routine in case of failures...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue where listen sets the backlog to too high for preallocation rings. The listen handler of AFRXRPC allows you to set the backlog to 32 if you increase sysctl. However, although the preallocation circular...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tls: Purging the asynchold element from tlsdecryptwait The asynchold queue retains encrypted input data while the AEAD engine references their scatterlist data. Once tlsdecryptwait returns, every AEAD operation is completed, and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fixed the issue of double-allocation of slots due to incorrect alignment handling. The commit bbb73a103fbb “swiotlb: fix a braino in the alignment check fix” was a fix for the commit 0eee5ae10256 “swiotlb: fix slot...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/handshake: fixed null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if the socket lookup fails. Additionally, we should call tracehandshakecmddoneerr before releasing the file; otherwise,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: The recycle buffer was handled in cases where the Rx queue was full. A missing call to xskbufffree was added when xskrcvzc failed to produce a descriptor for the XSK Rx queue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pfcp: The device is destroyed along with the udp socket’s netns. The pfcpnewlink function links the device to a list in devnet instead of net, where an udp tunnel socket is created. Even when net is removed, the device remains...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb’s Upon an error, the ieee802154xmitcomplete helper is not called. Only ieee802154wakequeue is called manually. In the Tx case, the skb structure is leaked. The skb structure should be...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Added a check on the len parameter to prevent empty skb objects. This prevents a division error in the netemenqueue function, which occurs when skb-len=0 and skb-datalen=0 during the randomized corruption...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: seg6: Fixed the iif in the IPv6 socket control block. When an IPv4 packet is received, the iprcvcore... function sets the receiving interface index into the IPv4 socket control block v5.16-rc4, net/ipv4/ipinput.c, line 510: c...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: A use-after-free issue was addressed in emacmactxbufsend. In emacmactxbufsend, it calls emactxfilltpd.., skb,... If an error occurs in emactxfilltpd, the skb will be freed via devkfreeskbskb in the error branch...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Prevent BPF from accessing lowat from a subflow socket. Alexei reported the following error: WARNING: CPU: 32, PID: 3276, in net/mptcp/subflow.c:1430, function subflowdataready+0x147/0x1c0. Linked modules: dummy,...