Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Do not issue a warning if iocg was already offline. In iocgpaydebt, a warning is triggered if ‘activelist’ is empty. This is intended to confirm that iocg is active when it has debts. However, a warning can still be...

CVE-2023-54271

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

UBUNTU-CVE-2023-54271

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

EUVD-2024-36259

Malicious code in bioql PyPI...

The vulnerability of the iocg_pay_debt() function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system. This vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iocgpaydebt function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system, is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity...

The vulnerability of the iocg_kick_delay() function in the block/blk-iocost.c module of the blk-iocost component of the Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iocgkickdelay function in the block/blk-iocost.c module of the blk-iocost component of the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of...

CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...

DEBIAN-CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...

UBUNTU-CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...

CVE-2024-36908 blk-iocost: do not WARN if iocg was already offlined

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocgpaydebt, warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk...