Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

A flaw was discovered in the networking subsystem of the Linux kernel, particularly in the handling of the RPL protocol. This issue arises due to the improper handling of user-provided data, which can lead to an assertion failure. This could allow an unauthenticated remote attacker to create a...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function does not properly deactivate filters in the case of a perfect hash; moreover, it deactivates the underlying structure during...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw was discovered in the Linux Kernel’s RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback function uses listentry on the head of a list, resulting in a type confusion. A local user can trigger this with the rdsmessageput function. This type confusion causes the struct...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability, classified as problematic, has been identified in the Linux kernel. This issue affects the function nilfsattachlogwriter in the file fs/nilfs2/segment.c of the BPF component. The manipulation leading to this issue results in a memory leak. The attack can be initiated remotely. It...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel before version 6.0.11. Missing offset validation in the drivers/net/wireless/microchip/wilc1000/hif.c file, within the WILC1000 wireless driver, can lead to an out-of-bounds read when parsing a Robust Security Network RSN information element from a Netli...

Astra Linux - уязвимость в linux-5.10, linux

A use-after-free flaw was discovered in the Linux kernel before version 5.19.2. This issue occurs in the cmdhdlfilter function in the drivers/staging/rtl8712/rtl8712cmd.c file, allowing an attacker to launch a local denial-of-service attack and gain elevated privileges...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Driver Core: Fixed a potential nullptrderef issue in deviceadd. I encountered the following nullptrderef issue during the fault injection test: Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000058 CPU: 2 PID:...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fixed a use-after-free case in tcpmregistersourcecaps. There might be a potential use-after-free case in tcpmregistersourcecaps. This could occur when: - New say, invalid source caps are advertised. - Existing...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: s390: Fixed a double-free of GS and RI CBs upon a fork failure. The pointers for guarded storage and runtime instrumentation control blocks are stored in the threadstruct of the associated task. These pointers are initially...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq – added a check for the return value of cpufreqcpuget. cpufreqcpuget may return NULL. To avoid NULL-reference checks, it should return 0 in case of an error. This issue was identified by the Linux...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add a spinlock around changing the CTS state The uarthandlectschange function in serialcore expects the caller to hold port-lock. For example, I observed the following kernel log entry when the Bluetooth driver...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mac802154: fixed the issue where key resources were released in mac802154llseckeydel. The mac802154llseckeydel function can free resources associated with a key directly, without following the RCU rules for waiting before the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There was a reported crash when experimenting with the lvm2 test suite. The issue was caused by incorrect pairing of the postsuspend and resume methods; there were two consecutive...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fixed bioput for error cases As of commit 066ff571011d “block: turning biokmalloc into a simple kmalloc wrapper”, a memory block allocated by biokmalloc must be freed using biouninit and kfree. This process i...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the drivers/md/dm-ioctl.c file of the Linux kernel, up to version 6.7.1, copyparams may attempt to allocate more than INTMAX bytes, resulting in a crash due to the absence of the paramkernel-datasize check. This issue is related to ctlioctl...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference bug. The issue arises when this function is called from ntfsloadattrlist. The value of “size” is calculated as le32tocpuattr-res.datasize. On 64-bit systems, this does not cause an overflow, but...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Another memory leak has been fixed in the error handling paths. The memory allocated by vmbusallocring at the beginning of the probe function is never freed during the error handling process. Add the necessary...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A use-after-free vulnerability in the Linux kernel’s ipv4:igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited, causing a timer to be mistakenly registered on a RCU read-locked object that is then freed by another thread. We recommend upgrading ...