Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify that the target vCPU is online in kvmgetvcpu It is necessary to explicitly verify that the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is “bad”, the nospec clamping...

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0alpha0 to 10.0.1, and 11.0.0alpha0 to 11.0.1, CPU usage can reach 100% when receiving a large invalid TLS frame...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a system hang caused by CPU-clock usage. CPU-clock usage by the async-profiler tool can trigger a system hang. This issue was fixed starting with the following commit by Octavia Togami: 18dbcbfabfff “perf: Fixed...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fixed the latency and residency issues during CPU/L2 idle states. The entry/exit latency and minimum residency in the idle states of the MSM8998 device were incorrect. Firstly, the timings were set for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: um: initcputasks earlier. This issue is currently addressed in umlfinishsetup. However, for example, when KCOV is enabled, this could still cause crashes, as some initialization code might call functions like memparse, which have...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fixed a memory leak in the error path. If, for some reason, the speedbin length is incorrect, then there is a memory leak in the error path, as we never free the speedbin buffer. This commit fixes the error path so...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: archtopology: The incorrect error check in topologyparsecpucapacity was fixed. The incorrect use of PTRERRORZERO in topologyparsecpucapacity was also corrected. This caused the code to proceed with NULL clock pointers. The curren...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a memory leak in the LRU and LRUPERCPU hash maps The LRU and LRUPERCPU maps allocate a new element during updates, before locking the target hash table bucket. Immediately afterwards, the maps attempt to lock the bucke...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fixed the CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver took too long. The driver’s immediate resubmission of interrupts...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, and Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ACPI: PAD: fixed a crash in exitroundrobin The kernel occasionally crashes in cpumaskclearcpu, which is called within exitroundrobin. This occurs when executing clearbitnr, addr with nr set to 0xffffffff. In such cases, the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Do not migrate perf to the CPU that is going to be torn down. The driver needs to migrate the perf context if the currently used CPU is going to be torn down. By the time the cpuhp::teardown callback is called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: converting workqueues to unbound mode When a workqueue is created with WQUNBOUND, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration i.e.,...

Astra Linux – Vulnerability in Qemu

An infinite loop flaw was discovered in the e1000 NIC emulator of QEMU. This issue occurs when processing transmit tx descriptors in processtxdesc, especially if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in...

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Starting from version 1.24 and before 2.6.0, the number of links in the decompression chain was unbounded, allowing a malicious server to insert virtually an unlimited number of compression steps. This led to high CPU usage and massive...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ARM: 9381/1: kasan: cleared stale stack poison We have identified the following OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: processoridle: A memory leak was fixed in acpiprocessorpowerexit. After the CPU idle device was unregistered, the memory associated with it wasn’t freed, resulting in a memory leak: unreferenced object 0xffff896282f6c000 si...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: A race condition between handleposixcputimers and posixcputimerdel has been fixed. If a task that exits without autoreaping has already called exitnotify and calls handleposixcputimers from the IRQ, it can be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: Fixed a race condition related to port output. Assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows. 2. Two network namespaces: “server” and “client”. 3...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: The issue related to the selection of wakecpu in kickpool has been fixed. With cpupossiblemask=0-63 and cpuonlinemask=0-7, the following kernel error was observed: smp: Bringing up secondary CPUs… smp: Brought up 1 nod...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: rc: gpio-ir-recv: added/removed functions If runtime PM is enabled, perform runtime PM cleanup to remove the cpu latency QoS request. Otherwise, driver removal may result in the following kernel dump: 19.463299 Unable t...