Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/ucma: Protects the mc object during concurrent multicast operations. The commit mentioned in the “Fixes” section has been partially reverted to ensure that the allocation and erasure of multicast structures are locked...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: Fix for NULL pointer dereference issue. When updatemmucacherange is called by updatemmucache, the vmf parameter is NULL, which can lead to a NULL pointer dereference issue in adjustpte. It is not possible to handle...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ixgbe: Added locking to prevent panics when setting sriovnumvfs to zero. It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: Unable to handle kernel...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irqfindatorafter The irqfindatorafter function dereferences the interrupt descriptor returned by mtfind, without holding the sparseirqlock or RCU read lock. This means that the descriptor...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gmacrtcpageflip was holding the eventlock spinlock while calling crtcfuncs-modesetbase which takes wwmutex. The only reason to hold eventlock is to clear...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Consider the return from setmemoryrox when using bpfjitbinarylockro setmemoryrox may fail, leaving memory unprotected. Check the return value and bail out if bpfjitbinarylockro returns an error...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: Transfer phyconfiginband has the responsibility of acquiring &phylink Problem description =================== Lockdep reports a possible circular locking dependency AB/BA between &pl-statemutex and &phy-lock, as follows...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Added global locking for the descriptor lifecycle. The descriptor list is a shared resource across all transmit queues. The locking mechanism currently used only protects concurrency within a given transmit queue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: The release path was called before initializing the extent tree in btrfsreadlocked inode. In btrfsreadlocked inode, we call btrfsinitfileextenttree while holding a lock on a read-locked leaf of the subvolume tree...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In bindervmaclose of binder.c, there is a potential exploit after the free function call due to improper locking. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for this exploitation. Product: Android...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Sysv: Do not call sbbread with pointerlock held. syzbot reports sleep in atomic context in the SysV filesystem 1. For sbbread, the function is called with rwspinlock held. A bug involving a “deadlock due to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tptunnelregister When a file descriptor of the pppol2tp socket is passed as a file descriptor of the UDP socket, a recursive deadlock occurs in l2tptunnelregister. This situation can b...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevented corruption during the shrinking of truncate operations. I believe there are some issues introduced by commit 31651c607151 “hfsplus: avoided deadlock during file truncation”. HFS+ uses extent records, which alwa...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue arises from the lack of proper locking when performing operations on an object. An attacker can...

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fixed the lock ordering in btrfszoneactivate The btrfs CI reported a lockdep warning as follows when running generic/129. WARNING: A circular locking dependency was detected. 6.7.0-rc5+ 1 Not tainted...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage. ============================================ WARNING: Possible recursive locking detected 5.18.0 3 No...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: In the vfs module, a race condition occurred regarding the mFlags field. ksmbd maintains states such as “delete-on-close” and “pending-delete” in the mFlags field of the ksmbdinode structure. In the vfscache.c file, thi...