Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed scheduling issues during atomic decompression operations 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: An error occurred in usbsubmiturb, causing the URB to be unanchored before it is processed by gsusbreceivebulkcallback, thereby preventing a memory leak during cleanup. In commit 7352e1d5932a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: Update the channel list in the notifier instead of using the reg worker Currently, when ath11k receives a new channel list, it processes it according to the following steps: 1. Update the new channel list and queue ...

Astra Linux – Vulnerability in giflib

Before February 16, 2019, a malformed GIF file would trigger a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c, especially when the height field of the ImageSize data structure was equal to zero...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed a use-after-free in pcibusreleasedomainnr. The commit c14f7ccc9f5d “PCI: Assign PCI domain IDs using idaalloc” introduced a use-after-free bug during the bus removal process. This issue was found with kfence:...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The return value of tcpbpfsendmsg was corrected. When we use the cork mechanism in psock-cork, the last message triggers flushing, resulting in sending a skmsg that is larger than the current message size. In this case, i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: Fixed the issue with VMBUGONPAGEPagePoisonedpage when unpoisoning memory. When I performed memory failure tests, the following panic occurred: Page dumped because: VMBUGONPAGEPagePoisonedpage. Kernel BUG at...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bounds: Use the correct number of bits for power-of-two CONFIGNRCPUS The function bitsper rounds up to the next power of two when a power-of-two value is passed to it. This can cause crashes on some machines and configurations...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 As quoted: “When using the ‘stress-ng’ swap...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imondisconnect Syzbot reports a KASAN issue as follows: BUG: KASAN: use-after-free in createpipe include/linux/usb.h:1945 inline BUG: KASAN: use-after-free in sendpacket+0xa2d/0xbc0...

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an assertion failure that occurred when splitting an ordered extent after a transaction abort. If a direct IO write transaction abort occurs, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Do not decrement the preempt count of the idle task when the CPU is offline. With PREEMPTCOUNT=y, when a CPU is offline and then brought back online, we encounter the following issue: BUG: Scheduling while atomic:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: uio: uiodmemgenirq: Fixed an issue where the unlock operation was missed in irq configuration. The commit b74351287d4b “uio: fixed a bug in uiodmemgenirqirqcontrol”. corrected the code so that disableirq was called without...

Astra Linux – Vulnerability in Qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache once for each folio. If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths that are smaller than the page size. When we loop through the folios in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed a null pointer panic in the tracepoint of replaceatomicwriteblock. A kernel panic occurs when oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: Null pointer dereferencing in the kernel; address:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When the simplewritetobuffer function succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses ‘count’ as the index...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘ipmi: fix msg stack when IPMI is disconnected’” This fix reverts to the previous behavior with the commit number c608966f3f9c2dca596967501d00753282b395fc. This patch contains a minor bug that can cause the IPMI driver to...