Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: mctp: Do not access ifaindex when it is missing In mctpdumpaddrinfo, ifaindex can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise, it will compare to uninitialized memory—a problem...

Linux Distros Unpatched Vulnerability : CVE-2023-52483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups...

Linux Distros Unpatched Vulnerability : CVE-2022-48782

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning:...

CVE-2022-49854

CVE-2022-49854 concerns the Linux kernel: a resource leak in the mctp_init() error path when mctp_neigh_init() returns an error. The issue is resolved by ensuring route resources are released in the error handling path, preventing leaks. Affected component: mctp subsystem in the kernel; impact is...

CVE-2022-3977

A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on...

PT-2022-7342 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.18 through 6.0 Description: A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket...