Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Buffers are returned if streaming fails to start due to a uvcpmget error. This bug may be responsible for the warning that I encountered during testing. The issue...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a underflow issue in parseserverinterfaces. In this loop, we iterate through the buffer, and after each item, we check whether the sizeleft is greater than the minimum size required. However, the problem is that...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers reported memory safety bugs in Firefox 88 and Firefox ESR 78.11. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Thunderbird...

Astra Linux - уязвимость в containerd

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was discovered in Moby Docker Engine prior to version 20.10.14, where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The WARNON message in tracingbuffersmmapclose has been fixed. When a process forks, the child process copies the parent’s virtual memory addresses, but the reference count of usermapped is not incremented. As a result,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, with pipe 80001e80, does not match bRequestType 0. WARNING:...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Proper initialization of the struct pn533outarg structure. The struct pn533outarg, which serves as a temporary context for outurb, is not initialized properly. Its uninitialized ‘phy’ field can be dereferenced in erro...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixed a use-after-free of nilfsroot during the dirtying of inodes via iput. During the unmount process of nilfs2, nothing holds the nilfsroot structure after nilfsdetachlogwriter detaches its writer. Previously, nilfsevic...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 102. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefo...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: avoided use-after-free in ip6fragment The committed code claimed that rcureadlock was held by the callers of ip6fragment. However, this may not always be true, at least for the UDP stack. syzbot reported: BUG: KASAN:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – resolves a race condition during AER recovery During the error recovery process of the PCI AER system, the kernel driver may encounter a race condition related to the freeing of the resetdata structure’s memory. If...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a failure to detect corruption of DAT files in BTree and direct mappings. The patch series is titled “nilfs2: Fix kernel bug at submitbhwbc”. This resolves a kernel bug reported by syzbot. Since there are two...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an invalid free of JFSIPipimap-iimap in diUnmount syzbot detected an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110 mm/slub.c:36...

Astra Linux - уязвимость в golang-1.15

In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a bug in ext4escacheextent when ext4splitextentat failed. We encountered the issue when running fsstress with an IO fault: 130747.323114 Kernel BUG at fs/ext4/extentsstatus.c:762! 130747.323117 Internal error: Oops –...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fixed an out-of-bounds memory access issue. In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb was larger than the size of...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: A refcount bug was fixed in qrtrrecvmsg. Syzbot reported the following bug: refcountt: An addition operation resulted in 0; a use-after-free occurred. … RIP: 0010:refcountwarnsaturate+0x17c/0x1f0, lib/refcount.c:25. …...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Initialize the restricted pool listhead when SWIOTLBDYNAMIC=y. Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash during boot-time...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: Check the packet for fixup for true limits. If a device sends a packet that lies between 0 and sizeofu64, the value passed to skbtrim as the packet length will wrap around, resulting in a very large value. The driver...