5181 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel before version 6.3.3. There is an out-of-bounds read in the crc16 function in lib/crc16.c when called from fs/ext4/super.c, because ext4groupdesccsum does not properly check an offset. NOTE: This issue is disputed by third parties, as the kernel is not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed the issue of possible double unlocking when moving a directory...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an uninitialized value in ‘ext4evict inode’. Syzbot identified the following issue: ===================================================== BUG: KMSAN: Uninitialized value in ext4evict inode+0xdd/0x26b0,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: jbd2: Check ‘jh-btransaction’ before removing it from the checkpoint. The following process will corrupt the ext4 image: Step 1: jbd2journalcommittransaction jbd2journalinsertcheckpointjh, committransaction // Place jh into...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Allow ext4getgroupinfo to fail. Previously, ext4getgroupinfo would treat an invalid group number as a BUG, since this should theoretically never happen. However, if a malicious attacker modifies the superblock via the block...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for leaking uninitialized memory in the fast-commit journal When space at the end of the fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to the disk...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Initializing quotas for ‘old.inode’ in ‘ext4rename’. Syzbot identified the following issues: - ext4parseparam: swantextraisize=128 - ext4inodeinfoinit: swantextraisize=32 - ext4rename: old.inode=ffff88823869a2c8;...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for null-ptr-deref in ext4writeinfo I identified a bug involving null-ptr-deref as follows: ========================================== KASAN: null-ptr-deref in range 0x0000000000000068-0x000000000000006f CPU: 1 PID: 158...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a potential out-of-bound read issue in ext4fcreplayscan. For the scan loop, it is necessary to ensure that at least EXT4FCTAGBASELEN space is available. If the remaining space is less than EXT4FCTAGBASELEN, it may lea...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrMoveToBlock In ext4xattrMoveToBlock, the value of the extended attribute that we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a use-after-free in ext4orphancleanup. I identified the issue as follows: BUG: KASAN: Use-after-free in listaddvalid+0x28/0x1a0. Read of size 8 at address ffff88814b13f378 by task mount/710. CPU: 1 PID: 710 Comm:...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a bug in ext4escacheextent when ext4splitextentat failed. We encountered the issue when running fsstress with an IO fault: 130747.323114 Kernel BUG at fs/ext4/extentsstatus.c:762! 130747.323117 Internal error: Oops...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: A bug related to delayed allocation was fixed in ext4clumapped for bigalloc and inline scenarios. When converting files with inline data to extents, delayed allocations made on a file system created with both bigalloc and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a warning in ext4iomapbegin due to a race between bmap and write The issue occurs as follows: ------------ cut here ------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4iomapbegin+0x182/0x5d0 RIP:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: a potential memory leak has been fixed in ext4fcrecordmodified inode. Since krealloc may return NULL, in this case, state-fcmodifiedinodes may not be freed by krealloc. However, state-fcmodifiedinodes is already set to NULL...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a use-after-free issue in ext4findextent when using bigalloc with inline data. Syzbot identified the following issue: - loop0: A change in capacity was detected, from 0 to 2048. - EXT4-fs loop0: The filesystem...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a race condition between ext4write and ext4convertinlinedata Hulk Robot reported a BUG: ================================================================== EXT4-fs error device loop3: ext4mbgeneratebuddy:805: group 0,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Add a check for reserved GDT blocks We have identified a NULL pointer issue when resizing a corrupted ext4 image that has recently had the resize inode feature disabled without running e2fsck. This issue can be reproduced b...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid dividing by 0 in mbupdateavgfragmentsize when the block bitmap is corrupted. The issue arises when the block bitmap is corrupted, and dividing by 0 may occur during this function. To mitigate this risk, it is necessar...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: – In ext4, there’s a issue where the timer used after free is corrupted upon a failed mount. Syzbot has identified an ODEBUG bug in the ext4fillsuper function. The deltimersync function cancels the serrreport timer, which...