Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table. The NULL array terminator at the end of erratum1386microcode was removed during the switch from x86cpudesc to x86cpuid. This causes readers to run off the end of the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there’s a use-after-free in hciremoveadvmonitor. By examining the disassembly, it can be seen that the issue arises from the access in...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A flaw was discovered in the IPv4 Resource Reservation Protocol RSVP classifier within the Linux kernel. The xprt pointer may extend beyond the linear portion of the skb structure, resulting in an out-of-bounds read in the rsvpclassify function. This issue could potentially cause a local user to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: md/raid10: Prevent soft lockup during flush writes. Currently, there is no limit for plugged bio in raid1/raid10. During flush writes, raid1 uses condresched, while raid10 does not. Too many writes can cause a soft lockup. A...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Driver core: The variable struct acpipldinfo pld should be freed before returning from a function that causes allocation failure. To prevent a memory leak, use the ACPIFREE function to free the memory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Watchdog: sp5100tco – Fixed a memory leak related to the EFCH MMIO resource. Unlike releasememregion, a call to releaseresource does not free the resource automatically; therefore, it must be freed explicitly to avoid a memory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 0...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handling of NETDEVUNREGISTER for inet/ingress basechain Remove netdevice from the inet/ingress basechain in case NETDEVUNREGISTER event is reported; otherwise, a stale reference to netdevice remains in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The oem i2c adapter is removed after the operation is completed. This fix addresses a bug where unbinding the GPU would leave the oem i2c adapter registered, resulting in a null pointer dereference when...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: Fixed an out-of-bounds shift in dbDiscardAG. When searching for the next smaller log2 block, BLKSTOL2 returned 0, causing the shift exponent -1 to become negative. This patch fixes the issue by exiting the loop directly when...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A use-after-free vulnerability in the Linux kernel’s afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function attempts to add data to the last skb in the peer’s recv queue without locking the queue. This creates a race condition where...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed a warning in mbfindextent Syzbot identified the following issues: EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioreadnolock, ODIRECT, and fastcommit support! EXT4-fs loop0: orphan...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ip6gre: made ip6greheader more robust. Over the years, syzbot has identified many ways in which the kernel can crash due to issues related to ip6greheader. This involves the ability of team or bonding drivers to dynamically chang...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: octeontx2-vf: Added a missing “free” field for “allocpercpu”. Added the “freepercpu” field for the allocated “vf-hw.lmtinfo” in order to avoid memory leaks, similar to the “pf-hw.lmtinfo” in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mmc: davincimmc: Prevents the transmitted data size from exceeding the length of sgm. No check is performed on the size of the data to be transmitted. This can lead to a kernel panic when the transmitted data size exceeds the...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability classified as problematic has been discovered in the Linux kernel. The affected function is j1939sessiondestroy in the file net/can/j1939/transport.c. This manipulation leads to a memory leak. It is recommended that a patch be applied to fix this issue. The identifier of this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a potential array overflow in bpftrampolinegetprogs. The cnt value in the cnt = BPFMAXTRAMPPROGS check does not include BPFTRAMPMODIFYRETURN bpf programs. As a result, the number of BPFTRAMPMODIFYRETURN bpf programs...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Fixed a potential stack-out-of-bounds write in ath9kwmirspcallback. This write occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes to wmi-cmdrspbuf, a...

Astra Linux - уязвимость в linux, linux-5.10

A memory leak issue was discovered in the TCP source port generation algorithm in the net/ipv4/tcp.c file, due to the small table perturb size. This flaw may allow an attacker to leak information and may cause a denial of service problem...

Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fixed a memory leak in initcreditreturn. When dmaalloccoherent fails to allocate dd-crbasei.va, initcreditreturn should deallocate dd-crbase and dd-crbasei that were allocated earlier. Otherwise, those resources will nev...