Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel. A deadlock occurs when multiple session setup requests are sent simultaneously, which may lead to a denial of service...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fscrypt: The keyring must be destroyed after calling securitysbdelete. The function fscryptDestroykeyring must be called after all potentially-encrypted inodes have been evicted; otherwise, it cannot safely destroy the keyring...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed error handling in kfdprocessdeviceinitvm It is necessary to only destroy the ibmem and let the process cleanup worker free the outstanding BOs. Reset the pointer in the pdd-qpd structure to avoid NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – fixed a potential array out-of-bounds access issue. The parameter IWLSECWEPKEYOFFSET will be used as needed during verification, along with determining the keylen value in the iwlmvmseckeyadd function...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: coretemp Simplified platform device handling Coretemp’s platform driver is unconventional. All the actual processing is performed globally by the initcall and CPU hotplug notifiers. The “driver” essentially just wraps t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime The function sndsocremovepcmruntime might be called with rtd == NULL, which will lead to a null pointer derefrence. This issue was reproduced when topology loading was...

Astra Linux – Vulnerability in edk2

EDK2 is vulnerable to a vulnerability in the Tcg2MeasurePeImage function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

Astra Linux – Vulnerability in edk2

A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently cause damage to the system’s performance...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fixed a possible memory leak when the module exits. After committing 1fa5ae857bb1 “driver core: removed the struct device’s busid string array”, the name of the device is allocated dynamically. This allocation needs...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sit: Do not call ipip6devfree from sitinitnet. ipip6devfree is a member function of dev-privdestructor; it has already been called by registernetdevice in case of errors. An alternative approach would be to make ipip6devfree...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY. When CONFIGDEBUGBUGVERBOSE=n, we fail to add the necessary padding bytes to the bugtable entries. As a result, the last entry in a bug table will be ignored, potentially leadin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bonding: An oops occurred during the rmmod operation. The command “rmmod bonding” causes an oops every time it is executed, starting from the commit with the code change “cc317ea3d927” „bonding: remove the redundant NULL check in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Fixed a race condition between iouringcmdcompleteintask and ublkCancelCmd. The ublkCancelCmd function calls iouringcmdDone to complete the uring command. However, we might have scheduled task operations via...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: A memory leak was fixed in ubifssysfsinit. When using insmod ubifs.ko, a kmemleak was reported as follows: Unreferenced object: 0xffff88817fb1a780 size 8 Source: comm "insmod", pid 25265, jiffies 4295239702 age 100.130s He...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been discovered in the Linux kernel and is classified as problematic. This vulnerability affects the function kcmtxwork in the file net/kcm/kcmsock.c of the kcm component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issu...

Astra Linux – Vulnerability in ffmpeg, ffmpeg5

FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...

Astra Linux – Vulnerability found in Python 3.11, Python 2.7, Python 3.7, and Pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The binding mark of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 library. The cifs.ko module can send session setup requests using a reused connection. If a reuse...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Replace the unnecessary WARNON call in staticcallmodulenotify. staticcallmodulenotify triggers a WARNON when memory allocation fails in staticcalladdmodule. This approach isn’t really justified, because the failure ca...