Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: bfq: fixed a use-after-free in bfqdispatchrequest KASAN reported a use-after-free when performing normal scsi-mq tests 69832.239032 ================================================================== 69832.241810 BUG: KASAN:...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: MOST: Fix for double-free operations during late probe failures. The MOST subsystem includes a non-standard registration function that releases the interface when registration failures occur or when deregistration is required. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: A refcount leak was fixed in the cleanupdev function. The usbgetdev function is called in xillyusbprobe. Therefore, it is better to call usbputdev before releasing the xdev object...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: mdio: fixed an undefined behavior in bit shifting for mdiobusregister. Shifting a signed 32-bit value by 31 bits is undefined; therefore, the significant bit was changed to unsigned. The UBSAN warning appears as follows:...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux

The Cross-Privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recently introduced FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

Astra Linux - уязвимость в linux, linux-5.10

iouring UAF, Unix SCM garbage collection...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check the inode size of inline inodes. Check whether the inode size of inline inodes is within the allowed range when reading inodes from the disk gfs2dinodein. This prevents on-disk corruption. The two checks in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: xen/events: The close evtchn operation is performed after mapping cleanup is completed. The shutdownpirq and startuppirq functions do not take the irqmappingupdatelock, because they cannot do so due to lock inversion. Both...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Protection against access to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields within udev-bos without checking whether they have been allocated and...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: - net: 3com: 3c59x – fixed a possible null dereference in vortexprobe1 - pdev can be null, and freering can be called in 1297 with a null pdev...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: wifi: iwlwifi: fixed a memory corruption iwlfwinitriggertlv::data is a pointer to a le32; this means that if we copy data to iwlfwinitriggertlv::data + offset where offset is in bytes, we will write beyond the buffer...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A problem with out-of-bound reading was detected in brcmfmac/cfg80211.c within the drivers/net/wireless/broadcom/brcm80211 directory of the Linux kernel. This issue can occur when the associnfo-reqlen data is larger than the size of the buffer, which is defined as WLEXTRABUFMAX, resulting in a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside of state checks. If the state is not idle, resolvepreparesrc should immediately fail, and no changes to the global state should occur. However, it srcaddr by attempting to create...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw was discovered in the Linux kernel. A use-after-free may occur when plugging/dismounting a malicious USB device that claims to be an Asus device. Similar to the previously known CVE-2023-25012, but in Asus devices, the workstruct structure may be modified by the LED controller during the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fixed a crash occurring in stdevrelease after an unexpected hot removal. A hot removal of a PCI device can occur while stdev-cdev is still held open. The call to stdevrelease happens during close or exit, well aft...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Fixed a DMA memory leak in the configuration page. A fix was also provided for: DMA-API: For the PCI device with address 0000:83:00.0, the device driver had pending DMA allocations even after it was released from...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A denial-of-service vulnerability due to a deadlock was discovered in sctpautoasconfinit in net/sctp/socket.c within the SCTP subsystem of the Linux kernel. This flaw allows users with local user privileges to trigger a deadlock and potentially cause the system to crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Zeroed unused hash fields When a GSO tunnel is negotiated, the virtionethdrtnlfromskb function attempts to initialize the tunnel metadata. However, it forgets to zero the unused rxhash fields. This could lead to...