Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename … if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber i...

Astra Linux – Vulnerability in Paramiko

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

Astra Linux – Vulnerability in binutils

There is a flaw in the bfdpefscanstartaddress function of bfd/pef.c in binutils, which could allow an attacker who can submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RISCV: Use READONCENOCHECK in the imprecise unwinding stack mode. When CONFIGFRAMEPOINTER is not set, the stack unwinding function walkstackframe randomly reads from the stack. When KASAN is enabled, this can lead to the followin...

Astra Linux – Vulnerability in libx11, libxpm

A vulnerability was discovered in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the ice module, the issue of using an untrusted value of pktlen in the icevcfdirparseRaw function has been fixed. This issue was addressed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: added a missing cputonode call to kvzallocnode in mlx5eopenxdpredirectsq The kvzallocnode function does not perform a runtime check on the node argument allocpagesnodenoprof does have a VMBUGON, but it becomes useless ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ionic: Fix kernel panic in XDPTX action In the XDPTX path, the ionic driver sends a packet to the TX path along with the rx page and the corresponding DMA address. After the TX operation is completed, the ionictxclean function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Zoned: Do not flag “ZEROOUT” on non-dirty extent buffers. Btrfs clears the content of an extent buffer marked as EXTENTBUFFERZONEDZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: vhost-vdpa: fixed the use of memory after it is freed in vhostvdpaprobe. The putdevice function calls vhostvdpareleasedev, which in turn calls idasimpleremove and frees the variable “v”. Therefore, this call to idasimpleremove...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: The refcount leak in buildfiqaffinity has been fixed. The offindnodebyphandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Ad...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free issue in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an out-of-bounds dynptr write in bpfcryptocrypt. Stanislav reported that in bpfcryptocrypt, the size of the destination dynptr is not validated to be at least as large as the size of the source dynptr before calling th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: Do not allow id-mapping changes without OPENTREECLONE. As described in commit 7a54947e727b Merge patch series “fs: allow changing idmappings”, opentreeattr2 was necessary to allow for a detached mount to be created...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fixed a potential NULL pointer dereference in the icebridgesetlink function. The icebridgesetlink function may encounter a NULL pointer dereference if nlmsgfindattr returns NULL, and brspec is dereferenced subsequently ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Blocking calls to interrupt handlers without triggering them The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL, and it may become NULL if the user sets the trigger parameter of eventfd to -1...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. Syzkaller reported an overflow during the write operation in arpreqget. 0 When the ioctlSIOCGARP function is called, arpreqget retrieves a neighbor entry and copies neigh-ha to struct...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since calling WARNONCE does not...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: This issue prevents Oops exceptions in fscacheputcache. This function dereferences the “cache” object, and then checks whether it is ISERRORNULL. It checks first, and then derefserences the object...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: The ability to repeatedly call sysmembarrier has been reduced. On some systems, sysmembarrier can be very expensive, causing overall slowdown in everything that uses it. Therefore, a lock should be placed on the...