Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: tcp/dccp: Do not use timerpending in reqskqueueunlink. Martin KaFai Lau reported a use-after-free in reqsktimerhandler. We are encountering a use-after-free related to a bpf program attached to tracetcpretransmitsynack. The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Slip: Make slhcremember more robust against malicious packets. syzbot found that slhcremember lacked checks against malicious packets 1. slhcremember only checks that the packet’s size is at least 20 bytes, which is...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: For TCP sockets with the TCPSYNRECV status, the function shutdownSENDSHUTDOWN is delayed. The TCPSYNRECV state is actually special; it is only used by cross-syn connections, and is mostly exploited by attackers. In the following...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fixed a potential NULL dereference during nested migration. It turns out that due to feedback from reviews and/or changes in relocation locations, I accidentally moved the call to nestedsvmloadcr3 too early, befor...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netmem: prevents the transmission of unreadable SKBs Serial Control Blocks Currently, in stable versions of the kernel, we have support for netmem/devmem RX, but not TX. It is not safe to forward/redirect an unreadable netmem...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: USB: Fixed an error in the warning message for incorrect direction handling in plusb.c. The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was incorrectly processed as a read...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - Misc: ocxl: fixed a possible refcount leak in afuioctl. - eventfdctxput needs to be called to update the refcount obtained through eventfdctxfdget when ocxlirqsethandler fails...

Astra Linux – Vulnerability in libde265

There is an incorrect access control vulnerability in libde265 v1.0.8 due to a SEGV in slice.cc...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm thin: Fixed a use-after-free crash in dmsmregisterthresholdcallback. Reports of faults injecting into the pool metadata device: - BUG: KASAN: Use-after-free in dmpoolregistermetadatathreshold+0x40/0x80. - Reading of size 8 ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/Kconfig: make CFIAUTODEFAULT dependent on !RUST or Rust = 1.88 Calling core::fmt::write from Rust code while FineIBT is enabled results in a kernel panic: 4614.199779 Kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed an issue with partial SETREGSET for the NTARMTAGGEDADDRCTRL register. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel. In the function printerioctl, there is an attempt to access a printerdev instance that has been deallocated. However, a use-after-free issue arises because the memory was previously freed by the gprinterfree function...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tomoyo: Fixed the UAF write bug in tomoyowritecontrol. Since tomoyowritecontrol updates head-writebuf when the write function is called for long lines, we need to retrieve head-writebuf after holding head-iosem. Otherwise,...

Astra Linux – Vulnerability in OpenSSH

In OpenSSH versions prior to 10.1, control characters in user names that originated from certain potentially untrusted sources could lead to code execution when ProxyCommand was used. The potentially untrusted sources include the command line and the %-sequence expansion from a configuration file...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: blk-iolatency: Fixed imbalances in the number of in-flight IO operations and issues with hanging during offline conditions. iolatency needs to track the number of in-flight IO operations per cgroup. Since this tracking can be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: added accessors to read/set tp-sndcwnd. Over the years, we’ve had various bugs in the code that broke the assumption that tp-sndcwnd is greater than zero. Recently, syzbot reported that the condition WARNONONCE!tp-priorcwnd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added freetransport operations in ksmbd connections. The freetransport function for TCP connections can be called from smdbdirect. This could lead to a kernel error. This patch adds freetransport operations in ksmbd...

Astra Linux – Vulnerability in Keepalived

In Keepalived versions up to 2.2.4, the D-Bus mechanism does not sufficiently restrict the destination of messages, allowing any user to inspect and manipulate any property. This leads to bypasses of access controls in some situations, where a unrelated D-Bus system service has a settable writabl...

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...