Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: pn533: Wait for outurb’s completion in pn533usbsendframe A use-after-free issue occurred in hcd when the inurb sent from pn533usbsendframe was completed earlier than outurb. The callback in pn533sendComplete frees the skb...

Astra Linux – Vulnerability in Node.js

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability arises from the fact that the fetch function in Node.js always decodes Brotli, making ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: padata: The handling of refcnts in padatafreeshell has been fixed. In a high-load Arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename … if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber i...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RISCV: Use READONCENOCHECK in the imprecise unwinding stack mode. When CONFIGFRAMEPOINTER is not set, the stack unwinding function walkstackframe randomly reads from the stack. When KASAN is enabled, this can lead to the followin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the ice module, the issue of using an untrusted value of pktlen in the icevcfdirparseRaw function has been fixed. This issue was addressed by checking that the value of pktlen does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: added a missing cputonode call to kvzallocnode in mlx5eopenxdpredirectsq The kvzallocnode function does not perform a runtime check on the node argument allocpagesnodenoprof does have a VMBUGON, but it becomes useless ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ionic: Fix kernel panic in XDPTX action In the XDPTX path, the ionic driver sends a packet to the TX path along with the rx page and the corresponding DMA address. After the TX operation is completed, the ionictxclean function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Zoned: Do not flag “ZEROOUT” on non-dirty extent buffers. Btrfs clears the content of an extent buffer marked as EXTENTBUFFERZONEDZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: The refcount leak in buildfiqaffinity has been fixed. The offindnodebyphandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Ad...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free issue in tipcnamedreinit. syzbot identified the following issue: BUG: KASAN: Use-after-free in tipcnamedreinit+0x94f/0x9b0 net/tipc/namedistr.c:413 A 8-byte read at address ffff88805299a000 was...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: Do not allow id-mapping changes without OPENTREECLONE. As described in commit 7a54947e727b Merge patch series “fs: allow changing idmappings”, opentreeattr2 was necessary to allow for a detached mount to be created...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Blocking calls to interrupt handlers without triggering them The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL, and it may become NULL if the user sets the trigger parameter of eventfd to -1...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. Syzkaller reported an overflow during the write operation in arpreqget. 0 When the ioctlSIOCGARP function is called, arpreqget retrieves a neighbor entry and copies neigh-ha to struct...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: This issue prevents Oops exceptions in fscacheputcache. This function dereferences the “cache” object, and then checks whether it is ISERRORNULL. It checks first, and then derefserences the object...

Astra Linux – Vulnerability in libuv1

libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. A bug related to incorrect checking of function return values makes Squid vulnerable to Denial of Service attacks targeting its helper process management. This bug has been fixed in Squid version 6.5. Users...

Astra Linux – Vulnerability in c-ares

Buffer overflow vulnerability in c-ares before 1161 through 1170, due to the aresparsesoareply function in aresparsesoareply.c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fixed the TOCTOU race condition in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. This chec...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: The block operation involving GFPNOIO around the sysfs-store function. The sysfs-store function is called with the queue frozen. Meanwhile, there are several -store callbacks such as updatenrrequests, wbt, scheduler that use...