Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: Support for ETHPTR8022 has been removed. syzbot reported a bug related to uninit-values. 0 llc supports ETHP8022 0x0004 and previously also supported ETHPTR8022 0x0011. syzbot exploited ETHPTR8022 to trigger the bug. The...

CVE-2022-49862

CVE-2022-49862 concerns the Linux kernel TIPC subsystem. The issue arises in tipc_nl_compat_name_table_dump_header where the msg->req TLV length is not properly validated, following a prior change intended to fix uninit-value behavior when TLV_GET_DATA_LEN() can be negative. This can lead to i...

CVE-2024-50035

CVE-2024-50035 affects the Linux kernel PPP path, specifically a fault in ppp_async_encode() that can be triggered by a zero-size pppoe_sendmsg() followed by an empty skb, leading to a possible uninitialized access (KMSAN) in drivers/net/ppp/ppp_async.c. The issue was fixed in upstream Linux comm...

CVE-2024-42272

In the Linux kernel, the following vulnerability has been resolved: sched: actct: take care of padding in struct zoneshtkey Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zoneshtkey got a struct net pointer. Make sure rhashtablelookup is not using the padding bytes whic...

CVE-2024-26882

In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: make sure to pull inner header in iptunnelrcv Apply the same fix than ones found in : 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" 1ca1ba465e55 "geneve: make sure to pull inner header in...