Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Ensure that the kthread is running before the map update returns. The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ---------- Cut here ------------ WARNING: CPU...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for free space inode on a write error While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. Assertion failed: blockstart !=...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Fix for double-free in dbitmap A process may fail to allocate a new bitmap when attempting to expand its proc-dmap. In such cases, dbitmapgrow fails and frees the old bitmap via dbitmapfree. However, the driver calls...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/packet: fixed a slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket uses PACKETCOPYTHRESH and mmap operations, tpacketrcv queues skbs with garbage in skb-cb, causing an excessive copy 1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channel bits when all channels are found. If a USB audio device sets more bits than the number of channels it supports, it may write data outside of the map array...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fixed a use-after-free race condition for maps It is possible that before fastrpcfreemap is called, another thread may call fastrpcmaplookup and obtain a reference to a map that is about to be deleted. The function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Fixed a potential memory leak in an unlikely error case. If the skblinearize function is needed and fails, we might leak a message during error handling. To fix this issue, we must free the message buffer before...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for the event log to avoid corruption. The TPM event log table is a Linux-specific construct. The data produced by the GetEventLog boot service is cached in memory and then passed to the OS...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, similar to the memory leak issue reported by syzbo...

Astra Linux – Vulnerability in Qemu

QEMU 5.0.0 has a use-after-free issue in the hw/usb/hcd-xhci.c file, as the return value of usbpacketmap is not checked...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sksocket after free when sending messages. The sk-sksocket is not locked or referenced in the backlog thread. During the call to skbsendsock, there is a race condition involving the release of sksocket...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the xskmapdeleteelem function, an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsigned value for map-maxEntries can bypass the intended bounds...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fixed a out-of-bounds access in dbDiscardAG. This fix should apply to most URSAN bugs that were detected recently by syzbot, by addressing the issue related to dbMount. Since syzbot is allegedly feeding invalid data into...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: Do not repeatedly call pteoffsetmaplock until success. DAMON’s virtual address space operation implementation vaddr calls pteoffsetmaplock within the page table walk callback function. This is necessary for readin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: soundwire: Reverted “soundwire: qcom: Add setchannelmap API support”. This reversion corresponds to commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch caused issues with Dragonboard 845c sdm845. The following errors...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the issue where mr-map was freed twice. The function rxemrcleanup, which attempts to free mr-map again, will be called when rxemrinituser fails. CPU: 0, PID: 4917, Comm: rdmaFlushserv, Kdump: loaded, Not tainted,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the size of the bloom filter map values This patch adds a missing check to the bloom filter creation process, preventing the rejection of values that exceed KMALLOCMAXSIZE. This brings the bloom map in line with many...

Astra Linux – Vulnerability in Linux 5.10

A race condition was detected in the Linux kernel’s ebpf verifier between bpfmapupdateelem and bpfmapfreeze, due to a missing lock in the kernel/bpf/syscall.c file. In this flaw, a local user with special privileges capsysadmin or capbpf can modify the frozen mapped address space. This flaw affec...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue lies in ofparsephandlewithargsmap. In this function, the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired during the previous iteration of the inner loop. This assumes...