kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Important: Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update

An update for golang-github-openprinting-ipp-usb is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the call trace in setuptxdescriptors. After a PF reset and the use of ethtool -t, there was a call trace in dmesg. Sometimes this led to a panic. After some time, approximately 5 seconds, between a reset and a test...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check the folio pointer to ensure it is not NULL. It can become NULL if the bbmap function is called...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Fixed call trace warnings and hangs when removing the amdgpu device. On GPUs with RAS enabled, hangs are observed during the shutdown process when checking the call trace. In version 2, the “shutdown” flag was...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: A use-after-free bug has been fixed in open. If someone cancels the open RPC call, then we must not attempt to free either the open slot or the layoutget operation arguments, as they are likely still in use by the hun...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: liquidio: The handling of NULL pointers in liovfrepcopypacket was adjusted. In liovfrepcopypacket, pginfo-page is compared to a NULL value, but it is then unconditionally passed to skbaddrxfrag. This seems strange and could lead ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach Syzbot reported a use-after-free in tundetach. This causes a call trace like the following: ================================================================== BUG: KASAN: use-after-free i...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an oops due to the absence of the prealloc backlog struct. If an AFRXRPC service socket is opened and bound, but the calls are pre-allocated, then rxrpcallocincomingcall will cause an oops because the rxrpcbacklog...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: qcom: SCM – Cleaning up the global scm variable in case of probe failures. If the SCM driver fails the probe, it should not leave the scm variable assigned, because external users of this driver will assume that the pro...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbSegment, Call zero-copy functions before using skbuff fragments The commit bf5c25d60861 added the call to zero-copy functions in skbSegment. This change introduced a bug in skbSegment, as skborphanfrags may potentially...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue related to irqdisabled in localbhenable has been fixed. The rxrpcassessMTUsize function calls down into the IP layer to determine the MTU size for a route. When accepting an incoming call, this call is made throu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: A leak in mapuserpages was fixed. If getuserpagesfast allocates some pages, but not as many as we wanted, then the current code causes those pages to be leaked. Call putpage on the pages before returning...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for a call could start racing with the destruction of the call itself. The rxrpccall structure contains a timer used to handle various timed events related to a call. This timer can be...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Replace the unnecessary WARNON call in staticcallmodulenotify. staticcallmodulenotify triggers a WARNON when memory allocation fails in staticcalladdmodule. This behavior is not really justified, as the failure case...

Astra Linux - уязвимость в linux-5.10, linux

The SUNRPC subsystem in the Linux kernel, up to version 5.17.2, can call the xsxprtfree function before ensuring that the sockets are in the intended state...

Astra Linux - уязвимость в linux-5.10

A race condition was detected in the Linux kernel’s RxRPC network protocol, during the processing of RxRPC bundles. This issue arises due to the lack of proper locking when performing operations on an object. This could allow an attacker to escalate privileges and execute arbitrary code within th...

Astra Linux - уязвимость в ghostscript

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in the sampleddatasample function called from sampleddatacontinue and interp...

Astra Linux - уязвимость в nghttp2, jetty9, netty, tomcat9

The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...