Astra Linux - уязвимость в linux

A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

A flaw was discovered in the handling of SMB2READ commands within the kernel’s ksmbd module. The issue arises from failing to release memory after its effective lifespan has ended. An attacker can exploit this flaw to create a denial-of-service condition on affected Linux installations...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free in smb2queryinfocompound The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options “multichannel, maxChannels=2,...

Astra Linux - уязвимость в linux

A flaw was discovered in the Nosy driver within the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, resulting in a “use-after-free” condition when one of these devices is removed. The most significant threat posed by this vulnerability relates to...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added NULL pointer dereferencing checking at the end of attrallocateframe. It is preferable to exit through the out: label because internal debugging functions are located there...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability, classified as critical, has been discovered in the Linux kernel. The issue affects the tsttimer function in the drivers/atm/idt77252.c file of the IPsec component. This vulnerability allows for manipulation leading to memory corruption after the function is freed. It is recommend...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tunnels: Fixed an issue where a splat fault occurred when generating IPv4 PMTU errors. If we attempt to emit an ICMP error in response to a non-linear SKB, we encounter the following issue: Bug: KASAN: Out-of-bounds access in...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: Core: Prevent panic during UVC unconfiguration Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget’s configuration. The panic involves a somewhat complex...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iouring: Now waits for request completions upon exit. When the ring exits, cleanup is performed, and the final cancelations and waits for completions are handled by ioringexitwork. This function is invoked by kworker, which does...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed a memory leak in the mes self test. The fences associated with the mes queue must be freed during amdgpuringfini...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: The kfreescalethread threads is stopped after unloading the rcuscale module. Running the ‘kfreercutest’ test case results in a fatal error. The root cause is that the kfreescalethread threads continues to run after...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: blk-iocost: Use spinlockirqsave in adjustinuseandcalccost. The adjustinuseandcalccost function uses spinlockirq, and IRQ will be enabled when unlocking. A DEADLOCK may occur if other locks are held and IRQs are disabled before...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for the NOTREADY flag state after locking Currently, the check for the NOTREADY flag is performed before obtaining the necessary lock. This creates a possibility for race conditions when the flow is concurrently...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Reject authentication/association requests to APs using our own address. If the AP uses our own address as its MLD Media Access Layer address or BSSID Basic Service Set Identifier, then something is clearly wrong...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid. The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: Controller connect complete localhost kernel: BUG: Using smpprocessorid in preemptible...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Removed the unused nvmelswaitq wait queue. System crash occurs when qla2x00startspsp returns the error code EGAIN, and wakeup is called for an uninitialized waitqueue sp-nvmelswaitq. qla2xxx0000:37:00.1-2121:5:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: az6007: Fixed nullptrderef in az6007i2cxfer In az6007i2cxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf would still be performed. Malicious data could...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ntfs: Fixed a panic caused by a slab-out-of-bounds condition in ntfslistxattr Here is a bug report from syzbot: BUG: KASAN: Slab-out-of-bounds in ntfslistea fs/ntfs3/xattr.c:191 inline BUG: KASAN: Slab-out-of-bounds in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Fixed the memory leak caused by slicing operations. The temporary buffer that stores slicing configuration data from the user is only freed in case of an error. This constitutes a memory leak. The buffer should be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Unnecessary ofnodeput function removed from felixParseportsnode. The unnecessary ofnodeput function was removed from the continue path to prevent a child node from being released twice, which could lead to resource leak...