Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: Fix for soft lockup in rtw89entityrecalcmgntroles. During rtw89entityrecalcmgntroles, there is a normalization process that will reorder the list if an entry with the target pattern is found. Once such an entry is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvmet: Fixed a crash that occurs when a namespace is disabled. The percpu counter in the namespace is responsible for handling pending I/O operations. We can safely disable the namespace only after the counter drops to zero...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/zswap: fixed an inconsistency when zswapstorepage fails. The commit b7c0ccdfbafd “mm: zswap: support large folios in zswapstore” skips charging any zswap entries when it fails to zswap the entire folio. However, when some...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: The ctx variable was initialized to avoid a memory allocation error. It is possible that the ctx variable in nfqnlbuildpacketmessage could be used before it is properly initialized. It is only initializ...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel, specifically in the nfconntrackirc module. In this case, the message handling mechanism can become confusing, and messages may be matched incorrectly. It is possible for a firewall to be bypassed when users use unencrypted IRC with the nfconntrackirc...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the IPv6 Handler component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer The driver’s probe allocates memory for the RX FIFO port-rxfifo based on the default RX FIFO depth, such as 16. Later, during serial initialization,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9211 – Use the irq handler when ready. If the system does not start from a reset state such as when it is in kexec mode, the regulator might have an IRQ waiting for processing. If we enable the IRQ handler before its...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: Fix for perfpendingtask UaF According to syzbot, it is possible for perfpendingtask to continue running after the event has been freed. There are two related but distinct cases: - The taskwork was already queued before the...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for the second channel in sndsocputvolswsx The bounds checks in sndsocputvolswsx are only applied to the first channel. This means that it is possible to write out-of-bounds values to the second channel in...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: afunix: The userns value is obtained from inskb in unixdiaggetexact. Wei Chen reported a NULL derefrence in skuserns 01. Paolo identified the root cause: in unixdiaggetexact, the newly allocated skb does not have the sk structure...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: Removed the erroneous “put” operation in the error path. The drmgemshmemmmap function does not handle this reference properly, resulting in the GEM object being freed prematurely, leading to a “use-after-free...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: The issue of reference count leak for PCI devices in hasexternalpci has been fixed. foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fixed a null-ptr-deref issue when the probe function failed. I received a report of a null-ptr-deref issue during the fault injection test. Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000058 Oops:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libbpf: Handling of size overflow for ringbuf mmap The maximum size of a ringbuf on an x86-64 host is 2GB. Therefore, 2 maxentries will cause an overflow of type u32 when mapping producer pages and data pages. Simply casting...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: Fixed the issue where bootmem memory was freed again after allocation. Since the commit ebff7d8f270d “mem hotunplug: fixed the issue of bootmem memory being freed after allocation”, we could encounter a situation...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed handlecache and multiuser In multiuser mode, each individual user has its own tcon structure for the shared resource, and thus they have their own handle for the cached directory. When unmounting such a shared...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys – cancels delayed work only in case of GPIO. The gpiokeys module can accept gpios or interrupts. The module initializes delayed work only in case of gpios and is only used if the debounce timer is not used...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In usbnet, there is a flaw where unregisternetdev is called before unbind. The commit with the commit ID 2c9d6c2b871d “usbnet: run unbind before unregisternetdev” was intended to fix a use-after-free issue when disconnecting USB...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: This issue is fixed if the listversions function races with the module loading process. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill that...