110 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: hfsplus: treating special inodes as regular files Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: macvlan: A grace period for resource control is observed in the error path of macvlancommonnewlink. Valis reported that a race condition still occurs after our previous patch. macvlancommonnewlink might have made the device...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid updating the compression context during writeback Bai, Shuangpeng reported a bug as follows: Oops: division error: 0000 1 SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 1 PREEMPTfull...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...
Advisory ROSA-SA-2026-3289
software: kernel-6.1 6.1.152 OS: ROSA-CHROME unaffected versions = kernel-6.1-6.1.1.152-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption and...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Flush the inode if the atomic file is aborted. We need to flush the inode that was aborted during the atomic operation, to avoid stale dirty inodes during eviction in this call stack: f2fsmarkinodedirtysync+0x22/0x40 f2f...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed data races related to user-unixinflight. user-unixinflight is updated under spinlockunixgclock, but toomanyunixfds reads it without locking. Let’s annotate the write/read accesses to user-unixinflight. BUG: KCSAN...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: memcgwriteeventcontrol: fixed a user-triggered oops. We do not guarantee that anything beyond the terminating NUL is mapped let alone initialized with anything sensible...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed potential data corruption issues. We must ensure that the subrequests are reattached to the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Added a NULL check for “date-evtskb”. Fixed a crash due to NULL pointers. 6104.969662 BUG: NULL pointer dereferencing in the kernel; address: 00000000000000c8 6104.969667 PF: Supervisor read access in kernel...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear the FFR context field in streaming SVE mode The FFR is a predicate register whose size can range from 16 to 256 bits, depending on the configured vector length. When saving the SVE state in streamin...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for null pointer dereference in bondipsecoffloadok We must check whether there is an active slave before dereferencing the pointer...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevented NULL dereference in ip6output According to syzbot, there is a possibility that ip6dstidev returns NULL in ip6output. Most parts of the IPv6 stack handle a NULL idev fine, but not this case. syzbot reported: Genera...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference issue, and this should fix it...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ndisc: Extended RCU protection has been added to ndiscsendskb. The ndiscsendskb function can be called without holding RTNL or RCU. The rcureadlock function must be acquired earlier, so that we can use devnetrcu, and potential...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Added “cancelworksync” before module remove. If we remove the module that will call mpc52xxspiremove, it will free ‘ms’ through spiunregistercontroller. Meanwhile, the work stored in ms-work will remain unused. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed the devpmqos memory leak Called devpmqoshidelatencytolerance in the error unwinding patch to avoid the kmemleak issue: blktests master kmemleak-clear; ./check nvme/044; blktests master kmemleak-scan ;...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu/mes: fixed the use-after-free issue. Deleted the fence fallback timer to fix the ramdom use-after-free issue. v2: moved to amdgpumes.c...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of unexpectedly changing the path in ksmbdvfskernpathlocked has been fixed. When ksmbdvfskernpathlocked encounters an error, and it isn’t the last entry, it will exit without restoring the changed path buffer...