Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed an unreferenced object issue reported by kmemleak in ubiresizevolume. There is also a memory leak issue reported by kmemleak: An unreferenced object with a size of 128 bytes is causing a memory leak: 0xffff888102007a00...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: dd: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must have the dput function called upon it. Otherwise, a memory leak will occur over time. To simplify things,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PM: EM: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove,...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Properly handle cases where an enclosure contains only one primary component. This fix reverts to commit 3fe97ff3d949 “scsi: ses: Do not attach if the enclosure has no components”. It also introduces proper handling fo...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fixed an infinite loop that occurred when wear-leveling failed. The following process can trigger an infinite loop in ubiwlputpeb: c ubifsbgt ubibgt ubifslebunmap ubilebunmap ubiebaunmapleb...

Astra Linux - уязвимость в linux-5.15

A vulnerability has been identified in the ksmbd component of the Linux kernel the kernel SMB/CIFS server. A security measure designed to prevent dictionary attacks—which introduces a 5-second delay during session setup—can be bypassed through the use of asynchronous requests. This bypass defeats...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a memory leak caused by failed fentry attachment. If fentry fails to attach, the allocated BPF trampoline image will remain in the system. This can be verified by checking /proc/kallsyms. This memory leak can be detect...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: az6007: Fixed nullptrderef in az6007i2cxfer In az6007i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf would still be performed. Malicious data could...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Removed the unused nvmelswaitq wait queue. System crash occurs when qla2x00startspsp returns the error code EGAIN, and wakeup is called for an uninitialized waitqueue sp-nvmelswaitq. qla2xxx0000:37:00.1-2121:5:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: The kfreescalethread threads is stopped after unloading the rcuscale module. Running the ‘kfreercutest’ test case results in a fatal error. The root cause is that the kfreescalethread threads continues to run after...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: dropping short frames Technically, some control frames, such as ACK frames, are shorter and end after “Address 1”. Such frames should not be forwarded through wmediumd or similar user-space mechanisms...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the null-ptr-deref issue in mreplace in raid10syncrequest. There are two checks for ‘mreplace’ in raid10syncrequest. In the first check, ‘needreplace’ will be set, and ‘mreplace’ will be used if there is no fault...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mm: kmem: fixed a NULL pointer dereference in objstockflushrequired KCSAN identified an issue in objstockFlushRequired: stock-cachedobjcg can be reset between the check and dereference...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iouring: Now waits for request completions upon exit. When the ring exits, cleanup is performed, and the final cancelations and waits for completions are handled by ioringexitwork. This function is invoked by kworker, which does...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: calls oprelease, even when opfunc returns an error. For operations with “trivial” replies, nfsd4encodeoperation will shortcut most of the encoding process and simply perform marshaling of the status. One of the things it...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: fixed the issue where the reference count of nfsd4sscumountitem was leaked. The reference count of nfsd4sscumountitem is not decremented under error conditions. This prevents the laundromat from unmounting the vfsmount of t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destruction of the default endpoint The rpmsgdevremove function in rpmsgcore is the place where this default endpoint is released. Therefore, it is necessary to avoid destroying the default endpoint in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work The commit 0d4e8ed139d8 “net/mlx5: Lag, avoid lockdep warnings” accidentally removed a call to cancel delayed bond work. This may cause queued delays to expire and affect wor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In the function htabmaplookupanddeletebatch, if htablockbucket returns -EBUSY, the operation proceeds to the next bucket. Moving to the next bucket may not only silently skip...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed a null pointer dereference in blkmqclearrqmapping. Our syzkaller report identified a null pointer dereference. The root cause is as follows: - blkmqallocmapandrqs: set-tagshctxidx = blkmqallocmapandrqs. -...