Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: blk-iolatency: Fixed imbalances in the number of in-flight IO operations and issues with hanging during offline conditions. iolatency needs to track the number of in-flight IO operations per cgroup. Since this tracking can be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: bpfskstorage: Fixed invalid wait context lockdep report "The ./testprogs -t testlocalstorage" command reported a splat error: 27.137569 ============================= 27.138122 BUG: Invalid wait context 27.138650...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fixed the issue where a NULL check was used instead of an ISERR check in the mlx4encreaterxring function. After calling pagepoolcreate, the NULL check was replaced with an ISERR check because this function returns erro...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting different oops alike: 62.624003 BUG: kernel NULL pointer dereference, address:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Binder: Fix for UAF of ref-proc caused by race condition A transaction of type BINDERTYPEWEAKHANDLE may fail to increment the reference to a node. In this case, the target proc normally releases the failed reference upon closing ...

Astra Linux - уязвимость в linux

An integer overflow or wrap-around vulnerability in the iouring module of the Linux kernel allows a local attacker to cause memory corruption and escalate privileges to root. This issue affects Linux Kernel versions prior to 5.4.189, as well as version 5.4.24 and later versions...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the handling of the SMB2TREECONNECT and SMB2QUERYINFO commands. The issue arises from the lack of proper validation of a pointer before accessing it. An...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: The reloc control parameter is not set if the transaction commit fails in preparetorelocate. In btrfsrelocateblockgroup, the rc parameter is allocated. Then, btrfsrelocateblockgroup calls relocateblockgroup, which calls...

Astra Linux - уязвимость в linux-6.1

In drivers/accel/habanalabs/common/habanalabsioctl.c of the Linux kernel, from version 6.6.5 onwards, an information leak to user space is possible because info-pad0 is not initialized...

Astra Linux - уязвимость в linux-5.10, linux

The nfqnlmangle function in net/netfilter/nfnetlinkqueue.c in the Linux kernel, as of version 5.18.14, allows remote attackers to cause a denial of service panic. This occurs because, in the case of an nfqueue verdict with a one-byte nftapayload attribute, an skbpull operation may encounter a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Netwerk: Ethernet: mtkethsoc: A possible NULL pointer dereferencing has been fixed in the mtkhwlrogetfdirall function. The rulelocs variable is allocated in the ethtoolgetrxnfc function, and its size is determined by rulecnt from...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Sync-IRQ works before the buffer is destroyed If something was written to the buffer just before its destruction, it may be possible—although not in a real system—to destroy the ringbuffer before the IRQ-related...

Astra Linux - уязвимость в linux-5.10

A out-of-bounds memory write flaw was discovered in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm: Fixed a potential null-ptr-deref due to drmmmodeconfiginit. drmmmodeconfiginit will call drmmodecreatestandardproperties, and it does not check the return value. When drmmodecreatestandardproperties fails due to allocatio...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check for struct nfctarget arrays While running with CONFIGFORTIFYSOURCE=y, syzkaller reported the following issue: memcpy: A field-spanning write was detected size 129 of the single field “target-sensfres” at...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in the Linux kernel’s SGI GRU driver. This flaw arises from the way the grufileunlockedioctl function is called by the user, resulting in a failure in the grucheckchipletassignment function. This flaw allows a local user to cause a system crash or potentially...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: asixmdioread: Fix for uninit-value in asixmdioread. asixreadcmd may read less than sizeofsmsr bytes, and in this case, smsr will be uninitialized. Failure logs: BUG: KMSAN: uninit-value in asixcheckhostenable...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: Removed the erroneous “put” operation in the error path. The drmgemshmemmmap function does not handle this reference properly, resulting in the GEM object being freed prematurely, leading to a “use-after-free...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: vhost-vdpa: fixed the use of memory after it is freed in vhostvdpaprobe. The putdevice function calls vhostvdpareleasedev, which in turn calls idasimpleremove and frees the variable “v”. Therefore, this call to idasimpleremove...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: uacce: fixed the isolate/sysfs check condition. uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will now create sysfs...