Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Handling of errors when calling otx2mboxgetrsp in otx2dcbnl.c has been improved. A check for the error pointer was added after calling otx2mboxgetrsp...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: gpio: aggregator: Protect driver attr handlers against module unload Both newdevicestore and deletedevicestore access module global resources e.g., gpioaggregatorlock. To prevent race conditions during module unloading, a...

Astra Linux – Vulnerability in pam-pkcs11

PAM-PKCS11 is a Linux-PAM login module that enables user login using X.509 certificates. Prior to version 0.6.13, if certpolicy was set to none the default value, then pampkcs11 would only check whether the user was capable of logging into the token. An attacker could create a new token using the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISCV: Module: Fixed out-of-bounds relocation access The current code allows relj to access an element beyond the end of the relocation section. This issue has been simplified by using numrelocations, which is equivalent to the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: SOF: Intel: hda: Fixed UAF when reloading the module The function hdagenericmachineselect appends "-idisp" to the tplg filename by allocating a new string using devmkasprintf, and then storing that string back into the...

Astra Linux – Vulnerability in libxmp

Libxmp through version 4.6.2 has a stack-based buffer overflow in the depackpha function in the loaders/prowizard/pha.c file, due to a malformed Pha format tracker module in a .mod file...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the Ansible Engine when using the moduleargs feature. Tasks executed with the --check-mode option do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The greatest threat posed by this vulnerability is...

Astra Linux – Vulnerability in Samba

The Samba vfsfruit module utilizes extended file attributes EA, xattr to enhance compatibility with Apple SMB clients and interoperability with Netatalk 3 AFP file servers. Samba versions prior to 4.13.17, 4.14.12, and 4.15.5, when vfsfruit was configured, allowed out-of-bounds heap read and writ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: macb: fixed the use of “free” after calling “rmmod”. “platdev-dev-platformdata” is released by calling “platformdeviceunregister”. The use of “pclk” and “hclk” constitutes a use-after-free. Since “deviceunregister” does n...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken every time it was used, but it was only released once, when the final reference to the tty struct was removed. This issue was fixed by taking t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net:sfc: Fixed the issue where non-freezed interrupts were still available in legacy IRQ mode. The SFC driver can be configured using modparam to work with MSI-X, MSI, or legacy IRQ interrupts. In the latter case, the interrupt...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix tcpinittransfer so that icskcainitialized is not reset. This commit addresses a bug discovered by syzkaller. This bug could lead to spurious double-initizations for congestion control modules. This could result in memory...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF Use-After-Free issue caused by a race between btftrygetmodule and loadmodule. While working on code to populate the BTF IDs for modules during their initialization, I noticed that by the time the initialization...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fixed the warning when removing the module When removing the module, the following warning will appear: 14.746697 removeprocentry: Removing the non-empty directory ‘irq/21’; data is being leaked at least from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Ice: The code for copying the last block was omitted in icegetmoduleeeprom. icegetmoduleeeprom is broken since the commit e9c9692c8a81 “Ice: Reimplement module reads used by ethtool”. In this refactoring, icegetmoduleeeprom reads...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: pmdomain: arm: Fixed NULL dereference upon removal of scmiperfdomain When the scmiperfdomain module was unloaded, a segmentation fault occurred. In the test system provided to the system under test, the power-domain-cells...

Astra Linux – Vulnerability in libdata-validate-ip-perl

The Data::Validate::IP module in Perl version 0.29 does not properly handle extra zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls that are based on IP addresses...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: tty: fixed a possible nullptrdefer issue in spkttyiorelease. Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add a missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed using ssamrequestsyncfree. Currently, the request is instead leaked. F...