Astra Linux - уязвимость в linux, linux-5.10

A non-privileged write-to-file handler flaw exists in the Linux kernel’s control groups and namespaces subsystem. This flaw allows users to gain access to certain less-privileged processes that are controlled by cgroups, even when those processes have higher-privileged parent processes. This issu...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of ipmisi.ko and ipmimsghandler.ko, the system crashed. The log message is as follows: 141.087026...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platformgetresource This vulnerability could lead to a nullptrderef error if platformgetresource returns NULL. Therefore, we need to check the return value of this function...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/error value; ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path In the probe function, if the serialconfig function fails, resources are being leaked. Add a resource handling mechanism to free up this memory...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed GPF in diFree Avoid passing an inode with JFSSBIinode-isb-ipimap == NULL to diFree1. GFP will be returned: struct inode ipimap = JFSSBIip-isb-ipimap; struct inomap imap = JFSIPipimap-iimap; JFSIP will return an...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Make sure that fd closes completely. During the processing of BCFREEBUFFER, the BINDERTYPEFDA object cleanup may close one or more fds. The close operations are completed using the task work mechanism—which means that the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mlxsw: Thermal: Fix for out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: bash cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fixed data corruption after conversion from inline format. The commit 6dbf7bb55598 “fs: Do not invalidate page buffers in blockwritefullpage” uncovered a latent bug in the conversion from inline inode format to a normal...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed negative period/buffer sizes The calculation of the period size in the OSS layer may generate a negative value as an error. However, the code there assumes only positive values and handles them using sizet. ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx4en: Fixed a use-after-free bug in mlx4entryallocresources In mlx4entryallocresources, mlx4encopypriv is called, and tmp-txcq will be freed during the error path of mlx4encopypriv. After that, mlx4enallocresources is calle...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: Verify that the extended element ID is present. Before attempting to parse an extended element, ensure that the extended element ID is present...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the Linux kernel. A null pointer dereference in the bondipsecaddsa function may lead to a local denial of service...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the way the “flags” member of the new pipe buffer structure lacked proper initialization in the copypagetoiterpipe and pushpipe functions of the Linux kernel. As a result, these members could contain stale values. An unprivileged local user could exploit this flaw to writ...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s net/netfilter/nftablescore.c file, specifically in nftdochain. This flaw may lead to a “use-after-free” condition. This issue requires proper preconditions when handling the ‘return’ statement, as it can cause a kernel information leak issue, which coul...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in the Linux kernel’s sound subsystem. This flaw occurs when a user triggers concurrent calls to the PCM hwparams function. The hwfree ioctls or similar race conditions occur within ALSA PCM for other ioctls. This flaw allows a local user to crash the system o...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in the Linux kernel’s Amateur Radio AX.25 protocol functionality, regarding the way users connect with the protocol. This flaw allows a local user to crash the system...

Astra Linux - уязвимость в linux-5.10

A NULL pointer dereference flaw was discovered in the Linux kernel’s X.25 set of standardized network protocol functions. This flaw allows a local user to crash the system by terminating their session using a simulated Ethernet card while continuing to use that connection...

Astra Linux - уязвимость в linux, linux-5.10

A race condition was identified in the Linux kernel’s perfeventopen function, which can be exploited by an unprivileged user to gain root privileges. This bug allows for the exploitation of several exploits, such as kernel address information leakage, arbitrary execution, etc...