Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fixed the issue with zerovruntime tracking. John reported that stress-ng-yield could cause his machine to behave abnormally. He managed to bisect the process to commit the change identified as b3d99f43c72b „sched/fair...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fixed atomic context locking issue The ncmsetalt function was holding a mutex to prevent race conditions with configfs. This function invokes the mightsleep function within an atomic context. The struct pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed stale direct dispatch state in ddspdsqid @p-scx.ddspdsqid can be left set non-SCXDSQINVALID, causing a spurious warning in markdirectdispatch when the next wakeup’s ops.selectcpu calls scxbpfdsqinsert. For example...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Added missing error checking for clock acquisition. The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when invalid...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed key parsing memory leak. In rxrpcpreparsexdryfsrxgk, the memory associated with token-rxgk can be leaked in several error paths after it is allocated. This issue was addressed by freeing this memory in the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: arch/arm64: Fixed the topology initialization for core scheduling Arm64 systems rely on storecputopology to call updatesiblingsmasks, in order to transfer the topology information to the various CPU masks. This needs to be don...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: The txtstamps field is set when creating new Tx rings using ethtool. When the user changes the number of queues via ethtool, the driver allocates new Tx rings. This allocation does not initialize the txtstamps field. As a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thereby receivi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg – fixed a memory leak in the error handling path. In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb allocated by alloccanerrs...

Astra Linux - уязвимость в linux-5.10, linux

An incorrect read request flaw was detected in the Infrared Transceiver USB driver within the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could exploit this flaw to deplete system resources, resulting in a denial of service or potentially causing the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fix for kernel crashes when 1588 messages are received on HIP08 devices. HIP08 devices do not register ptp devices. As a result, hdev-ptp is NULL. However, the hardware can receive 1588 messages and set the HNS3RXDTSVL...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by dosubmiturb. One of the KASan reports is shown below: 36.403605 BUG: KASAN: use-after-free in workerthread+0x4a2/0x890 36.406105 Read o...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed a runtime suspension deadlock that occurred when there was a pending job. The runtime suspension callback drains the running job’s workqueue before suspending the device. If a job is still executing and calls...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to “Unset the parent pointer for all rate objects”. However, it only calls the driver-specific rateleafparentset or...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed an infinite loop caused by resetting nextsmb2rcvhdroff during error paths. The issue occurs when a signed request fails the smb2 signature verification check. In processrequest, if checksignreq returns an error,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fixed a use-after-free issue when updating multicast route statistics. The cited commit added a dedicated mutex instead of RTNL to protect the multicast route list. This prevents changes to the list while the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Clean up only the newly added IRQ mapping when requestirq fails. The mlx5irqalloc function may inadvertently free the entire rmap, leading to a crash when other threads attempt to access it. This issue occurs when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fixed the premature call to devlinkfree in the ixgberemove function. Since devlinkfree is part of devlink, calling it prematurely in the ixgberemove function can lead to a Use-After-Free exception. This function has been...