Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a hang issue in usbkillurb by adding memory barriers. The syzbot fuzzer has identified a bug in which processes hang while waiting for usbkillurb to return. It turns out that the issue isn’t related to unmounting...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: fixed a memory leak in iiodeviceregistereventset When iiodeviceregistersysfsgroup returns an error, iiodeviceregistereventset must free the attrs array. Otherwise, kmemleak will detect and report a memory leak as follows:...

Astra Linux - уязвимость в linux, linux-5.10

There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fixed a possible use-after-free condition during controller reset during loading. Unlike .queuerq, in .submitasyncevent, drivers may not check the state of ctrl before submitting an AER. This can lead to a use-after-free...

Astra Linux - уязвимость в linux, linux-5.10

In ipcheckmcrcu of igmp.c, there is a potential use after free due to improper locking. This could lead to a local escalation of privileges when opening and closing inet sockets, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel before version 6.0.11. Missing offset validation in the drivers/net/wireless/microchip/wilc1000/hif.c file, within the WILC1000 wireless driver, can lead to an out-of-bounds read when parsing a Robust Security Network RSN information element from a Netli...

Astra Linux - уязвимость в linux-5.10, linux

A use-after-free flaw was discovered in the Linux kernel before version 5.19.2. This issue occurs in the cmdhdlfilter function in the drivers/staging/rtl8712/rtl8712cmd.c file, allowing an attacker to launch a local denial-of-service attack and gain elevated privileges...

Astra Linux - уязвимость в linux-5.10, linux

A use-after-free flaw was discovered in the Linux kernel’s Atheros wireless adapter driver, where a user can cause the ath9khtcwaitfortarget function to fail with certain input messages. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s implementation of Pressure Stall Information. Although this feature is disabled by default, it could allow an attacker to crash the system or cause other memory-corruption side effects...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the OverlayFS subsystem of the Linux kernel, regarding the way users mount the TmpFS filesystem using OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The atalkioctl function in net/appletalk/ddp.c has a use-after-free issue due to a race condition involving atalkrecvmsg...

Astra Linux - уязвимость в linux-5.10, linux, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype changes with mesh ID changes It is currently possible to change the mesh ID when the interface is not yet in mesh mode, while also changing it into mesh mode. This leads to an overwrite of data in the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq – added a check for the return value of cpufreqcpuget. cpufreqcpuget may return NULL. To avoid NULL-reference checks, it should return 0 in case of an error. This issue was identified by the Linux...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fixed NULL pointer dereferencing for SRP. If the external PHY working together with phy-omap-usb2 does not implement sendsrp, we may still attempt to call it. This can occur on an idle Ethernet device that...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove the WQMEMRECLAIM flag from the state workqueue. A recent change created a dedicated workqueue for the state-change work, with WQHIGHPRI and WQMEMRECLAIM flags. However, the state-change work...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevented RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the issue where the fence was put before waiting in amdgpuamdkfdsubmitib. The amdgpuamdkfdsubmitib function submits a GPU job and obtains a fence from amdgpuibschedule. This fence is used to wait for the job to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: A NULL pointer dereferencing issue was fixed in iceupdatevsitxringstats. It is possible to cause a NULL pointer dereferencing in routines that update Tx ring statistics. Currently, only statistics and bytes are updated when...