Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fixed integer overflow on 32-bit systems The issue arises from the multiplication in tps6594rtcsetoffset. c tmp = offset TICKSPERHOUR; The tmp variable is of type s64, but offset is of type long and lies in the rang...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv – Properly handles the EBUSY error. Since seqiv only handles the special return value of EINPROGERSS, it means that in all other cases, it will free the data related to the request. However, since the caller of seqi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevents perpetual tunnel growth. Similar to the ipv4tunnel case, the ipv6 version also updates dev-neededheadroom. While the growth of tunnel headroom adjustment in commit 5ae1e9922bbd “net: iptunnel: prevent...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in vDPA with the VDUSE backend. Currently, there are no checks in the VDUSE kernel driver to ensure that the size of the device configuration space is consistent with the features advertised by the VDUSE user-space application. In the event of a mismatch, the Virtio driver...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fixed the null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP, and it will be forwarded to an external IP in t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fixed the polling for GICRCTLR.RWP. It turns out that our polling of RWP is completely incorrect when checking it in the redistributors. We were testing the distributor bit index, but it’s actually a different bit...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: fixed a possible null-pointer dereference in auditfilterrules. A possible null-pointer dereference was addressed in auditfilterrules. Error in auditfilterrules: we previously assumed that ‘ctx’ could be null...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: socfpga: Fixed a memory leak in socfpgagateinit The objects @socfpgaclk and @ops were freed on the error path to avoid the memory leak issue...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: iommu/arm-smmu-v3: Fixed the soft lockup triggered by armsmmumminvalidaterange. When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - Misc: ocxl: fixed a possible refcount leak in afuioctl. - eventfdctxput needs to be called to update the refcount obtained through eventfdctxfdget when ocxlirqsethandler fails...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driverdata Currently, if the .probe element is present in the phydriver structure and there is no .driverdata, a NULL pointer dereferencing occurs. By inserting NULL checks for priv-type, ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed the vport QoS cleanup mechanism in case of errors. When enabling vport QoS fails, the scheduling node never gets freed, resulting in a leak. The missing operations were added, and the vport scheduling node...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the bug in estreesearch caused by a faulty quota inode We have encountered the following issues: ========================================= Kernel bug in fs/ext4/extentsstatus.c:202! Invalid opcode: 0000 1 PREEMPT S...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a deadlock that was triggered by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: possible circular locking dependency detected...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fixed a null pointer dereference in btintelreadversion. If hcicmdsyncComplete is triggered and skb is NULL, then hdev-reqskb will also be NULL, which will cause this issue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: irtoy: free before error exiting The leak in the error handling path has been fixed...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fixed a credential leak in nfs4discovertrunking...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu – added a bounds check in the putuser loop for DSP events. In the DSP event handling code, the putuser loop copies event data. When the user buffer size is not aligned to 4 bytes, it may overwrite data beyond...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the AMD nested virtualization SVM feature of the KVM. A malicious L1 guest could intentionally fail to intercept the shutdown of a cooperative nested guest L2, potentially causing a page fault and kernel panic in the host L0...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel versions 5.8 through 5.19.x, prior to 5.19.16, local attackers who were able to inject WLAN frames into the mac80211 stack could carry out a NULL pointer dereferencing denial-of-service attack against the beacon protection of P2P devices...