870 matches found
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the hsofreenetdevice function in drivers/net/usb/hso.c calls unregisternetdev from version 5.13.4 onwards, without checking the NETREGREGISTERED status. This leads to a use-after-free and a double-free...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fixed the RTNL deadlock issue Currently, the hibmcge netdev acquires the RTNL lock in pcierrorhandlers.resetprepare and releases it in pcierrorhandlers.resetdone. However, in the PCI framework: pciresetbus –...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5uplinknetdevget gets the uplink netdevice pointer from mdev-mlx5eres.uplinknetdev. However, the netdevice can be removed and its pointer cleared when...
Astra Linux - уязвимость в wpa
A issue was discovered in Ubuntu wpasupplicant, resulting in the loading of arbitrary shared objects. This allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of wpasupplica...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: In usbnet, there is a flaw where unregisternetdev is called before unbind. The commit with the commit ID 2c9d6c2b871d “usbnet: run unbind before unregisternetdev” was intended to fix a use-after-free issue when disconnecting USB...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the crash that occurred during profile change rollback failure. The mlx5enetdevchangeprofile function may fail to attach a new profile and may also fail to roll back to the old profile. In such cases, we might...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tls: The functions skdstget and dstdevrcu should be used in getnetdevforsock. getnetdevforsock is called during setsockopt, so it’s not under RCU control. Using skdstgetsk-dev could lead to a Use-After-Free UAF error. Instead,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000: added the missing unregisternetdev function in wilcnetdevifcinit. The fault injection test reports this issue as follows: Kernel BUG at net/core/dev.c:10731! Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI Call Trace...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhimbimdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhinetdellink MHI driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patch calls...
Astra Linux - уязвимость в linux-5.15, linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such...
Astra Linux - уязвимость в linux, linux-5.10
net/netfilter/nfdupnetdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nftablesoffload...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939netdevstart: fixed a UAF Use-After-Free condition related to rxkref of j1939priv. This issue could lead to a UAF condition involving rxkref of j1939priv as follows: cpu0 cpu1 j1939skBindsocket0, ndev0, …...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit ret = brcmfprototxqueuedatadrvr, ifp-ifidx, skb; may be schedule, and then complete before the line ndev-stats.txbytes += skb-len; 46.912801...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipcwwandellink IOSM driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patc...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fixed the offload support for the NETDEVUNREGISTER event. The current macsec netdev notify handler handles the NETDEVUNREGISTER event by releasing only the relevant software resources. This can lead to resource leaks...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: iavf: Use internal state to free traffic IRQs If the system attempts to close the netdev while iavfresettask is running, the LINKSTATESTART field will be cleared, and netifrunning will return false in iavfreinitinterruptscheme. A...