Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in the kernel socket during the cleanupbearer function. syzkaller reported a use-after-free of the UDP kernel socket in cleanupbearer. This issue occurred without any reprovisioning. When the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: “aoe”: The potential use-after-free problem has been fixed in multiple locations. Regarding the fix for CVE-2023-6270, f98364e92662 “aoe: The potential use-after-free problem has been fixed in aoecmdcfgpkts” involves replacing...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: Check that the inode number is not the invalid value of zero. Syskiller has identified an out-of-bounds access in the fillmetaindex function. This out-of-bounds access occurs because the inode has an inode number of...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: The dvbdev: device driver adopts a reference counter to avoid Use-After-Free UAF vulnerabilities. It is known that the dvbunregisterdevice function is prone to use-after-free issues. In other words, the cleanup performed by...

Astra Linux – Vulnerability in binutils

A out-of-bounds read flaw was discovered in the parsemodule function in bfd/vms-alpha.c in Binutils...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Packet: Annotate data-races around ignoreoutgoing The function ignoreoutgoing is executed without a read lock, from devqueuexmitnit and packetgetsockopt. Add appropriate READONCE/WRITEONCE annotations. Syzbot reported: BUG: KCSAN...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...

Astra Linux – Vulnerability in libxml2

A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...

Astra Linux – Vulnerability in binutils

The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...

Astra Linux – Vulnerability in sysstat

In sysstat version 12.2.0, there is a double-free in the checkfileactlst function within sacommon.c...

Astra Linux – Vulnerability in net-snmp

The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

Astra Linux - Vulnerability in Golang-1.19

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fixed the null check for powersupplygetbyname. In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: Do not bypass hidhwrawrequest The hidhwrawrequest function is actually useful for ensuring that the provided buffer and length are valid. Directly calling this function in the low-level transport driver bypassed those...

Astra Linux – Vulnerability in NTP

The praecisparse function in ntpd/refclockpalisade.c, within NTP 4.2.8p15, contains an out-of-bounds write vulnerability. Any attack method would be complex, for example, using a manipulated GPS receiver...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the mpls module, the function mplsrouteinputrcu uses rcudereferencertnl. As reported by syzbot 0, the mplsrouteinputrcu function can be called from mplsgetroute, which operates under RTNL. Additionally, the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: aacraid: Fixed a double-free on probe failure. The aacprobeone function calls hardware-specific initialization functions through the aacdriverident::init pointer. All of these functions ultimately call aacinitadapter. If...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: checks dot and dotdot of dxroot before making dir indexed Syzbot reports the following issue: ============================================ BUG: Unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fixed a reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routine has a clear reference leak in its error handling path. If the call to kernfsfindandget fails, kn will be NULL. As a result, th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fixed a null pointer crash in mtkdrmcrtcfinishpageflip. It is possible that mtkcrtc-event is NULL in mtkdrmcrtcfinishpageflip. The pendingneedsvblank value is set by mtkcrtc-event, but in mtkdrmcrtcatomicFlush, it...