Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fixed parameter validation for packet data Since commit 9c328f54741b “net: nfc: nci: Added parameter validation for packet data”, communication with nci/nfc chips no longer works. The mentioned commit attempted to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed task leakage in pm8001sendabortall In pm8001sendabortall, ensure that the allocated SAS task is freed if pm8001tagalloc or pm8001mpibuildcmd fails...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipvs: Fixed the NULL dereference in the error path of ipvsaddservice. When ipvsbindscheduler successfully calls ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the cleanup code...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocketrecvio.credits.available is problematic. The logic for managing recv credits by counting posted recvio and granted credits is flawed. This is because the peer might have already consumed a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fixed a double-free in the remove callback. The driver uses devmspiregistercontroller for registration, which automatically unregisters the controller through devm cleanup when the device is removed. The manual...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm-integrity: A memory leak was fixed when rechecking the data. The memory allocated for the “checksums” pointer will be leaked if the data is rechecked after a checksum failure because the associated kfree operation will not occ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, it may result ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid accessing uninitialized data in f2fssanitychecknodefooter. syzbot reported the following bug: BUG: KMSAN: Access to uninitialized data in f2fssanitychecknodefooter+0x374/0xa20; file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: krb5enc – Fix for async decryption skipping hash verification The krb5encdispatchdecrypt function sets req-base.complete as the skcipher callback. This means that when the skcipher completes asynchronously, it signals...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed a dangling pointer in mgmtaddadvpatternsmonitorcomplete. This fix addresses the issue where, when status != -ECANCELED, mgmtpendingvalid was executed; otherwise, mgmtpendingfreecmd would free the memory, bu...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/error value; ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: uether: Fixed a NULL pointer dereference in ethgetdrvinfo. The commit ec35c1969650 “usb: gadget: fncm: Fixed the netdevice lifecycle with devicemove” re-parents the gadget device to /sys/devices/virtual during...

Astra Linux - уязвимость в linux-5.10

A race condition was detected in the Linux kernel’s RxRPC network protocol, during the processing of RxRPC bundles. This issue arises due to the lack of proper locking when performing operations on an object. This could allow an attacker to escalate privileges and execute arbitrary code within th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, the handshakereqdestroytest1 test started failing: The expected value of handshakereqdestroytest should be req, but the actual value is 0000000000000000. The correct value...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in fs/ext4/namei.c:dxinsertblock, within the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with user privileges to cause a denial of service...

Astra Linux - уязвимость в linux

A out-of-bounds memory write flaw was discovered in the Linux kernel’s joystick devices subsystem in versions prior to 5.9-rc1. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. The greatest threat posed by this vulnerability is related to...

Astra Linux - уязвимость в linux, linux-5.10

A flaw in the Linux kernel is found in the nfcmrvlnciunregisterdev function in the drivers/nfc/nfcmrvl/main.c file. This flaw can cause both read and write operations to be performed after the device has been freed, without synchronization between the cleanup routine and the firmware download...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: scsidebug: Fixed the type of mint to avoid stack out-of-bounds situations. Changed mint to use the type “u32” instead of “int” to prevent stack out-of-bounds conditions. When mint uses the “int” type, values are...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed an warning in ext4updateinlinedata. Syzbot identified the following issue: EXT4-fs loop0: Mounted a filesystem with PID 5071 at file mm/pagealloc.c:5525 allocpages+0x30a/0x560. Quota mode: None. fscrypt:...