Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family. While creating a new netfilter table, the lack of a safeguard against invalid nftables family pf values within the nftablesnewtable function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability, classified as critical, was discovered in the Linux kernel. The affected function is l2capconndel in the file net/bluetooth/l2capcore.c of the Bluetooth component. This vulnerability allows for exploitation after the memory allocation has been freed. It is recommended that patche...

Astra Linux – Vulnerability in binutils

A vulnerability, classified as problematic, was discovered in GNU Binutils up to version 2.43. This vulnerability affects the disassemblebytes function in the file binutils/objdump.c. Manipulation of the buf argument leads to a stack-based buffer overflow. The attack can be initiated remotely. Th...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use the WQMEMRECLAIM flag for the workqueue. When both the ice and irdma drivers are loaded, a warning is triggered in the checkFlushDependency function. This occurs because the ice driver’s workqueue is allocated wit...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the renesasusb3remove function in drivers/usb/gadget/udc/renesasusb3.c...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the rkvdecremove function in drivers/staging/media/rkvdec/rkvdec.c...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.2.9. A use-after-free was found in the bq24190remove function in the file drivers/power/supply/bq24190charger.c. This could allow a local attacker to cause the system to crash due to a race condition...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the file drivers/media/dvb-core/dvbfrontend.c within the Linux kernel version 6.2. There is a blocking operation that occurs when a task is in the !TASKRUNNING state. In the function dvbfrontendgetevent, the function waiteventinterruptible is called; the condition used i...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the issue with the ib block iterator counter overflow. When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry into smaller, aligned D...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel version up to 6.1.9, there is a use-after-free issue in the bigbenremove function within the drivers/hid/hid-bigbenff.c file, caused by a crafted USB device. This issue arises because the LED controllers remain registered for an excessively long period of time...

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, resulting in an out-of-bounds read in the ntfssetea function in fs/ntfs3/xattr.c...

Astra Linux – Vulnerability in elfutils

In elfutils 0.183, an infinite loop was discovered in the function handlesymtab in readelf.c. This allows attackers to cause a denial of service infinite loop through a crafted file...

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed the out-of-bounds error in the netns ops registration error path. If the netassigngeneric function fails, the current error path in opsinit attempts to clear the gen pointer slot. However, during this error path, the g...

Astra Linux – Vulnerability in binutils

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bonding: Restore the IFFSLAVE flag of the bond if a non-Ethernet device is used as a slave during a bonding process fails. A warning was reported by syzbot1. In this case, the bonding device itself is a slave, and we attempt to u...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fixed a potential use-after-free issue in the work function. When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer called...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fixed some memory leaks in lbsallocatecmdbuffer. In the lbsallocatecmdbuffer function, if the allocation of cmdarrayi.cmdbuf fails, both cmdarray and cmdarrayi.cmdbuf need to be freed. Otherwise, memory leaks will...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: A bug that causes a division-by-zero error in the isd200atacommand function has been fixed. The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fixed a null pointer crash in mtkdrmcrtcfinishpageflip. It is possible that mtkcrtc-event is NULL in mtkdrmcrtcfinishpageflip. The pendingneedsvblank value is set by mtkcrtc-event, but in mtkdrmcrtcatomicFlush, it...