Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed IPsec cleanup over MPV devices When we call mlx5edetachnetdev, we ultimately disable the blocking event notifier. Among these events are IPsec MPV events from the IB to the core. Therefore, before disabling tho...

Astra Linux – Vulnerability in Python 2.7, Pypy

In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fixed incorrect page reference counting. The kTLS transaction handling code uses a combination of getpage and pagerefinc APIs to increment page references. However, in the release path...

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “smb: client: fix TCP timers deadlock after rmmod” This fix reverts to the previous state with commit e9f2517a3e18a54a3943c098d2226b245d488801. The commit e9f2517a3e18 “smb: client: fix TCP timers deadlock after rmmod” is intende...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Handling too low values of dwNtbOutMaxSize. Currently, in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated “minimum” value but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This value i...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed an oopsable condition in nfspageioaddrequest. Ensured that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also changed the test in...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – Use a timestamp to check for timeout conditions related to set elements. A timestamp field was added at the beginning of the transaction; it is stored in the nftablespernetns area. The .insert, .deactivat...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nbd: Fixed an issue where the process got hung during disconnection of a device. In our tests, “qemu-nbd” triggered a hung process: INFO: Task “qemu-nbd”: 11445 is blocked for more than 368 seconds. Not tainted...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed an uninitialized value in caifseqpktsendmsg. When nrsegs equals zero in iovecfromuser, the object msg-msgiter.iov contains uninitialized stack memory, which is used in caifseqpktsendmsg. This behavior is defined in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFS: A race condition during the update of an existing write request has been fixed. After the nfslockandjoinrequests function checks whether the request is still attached to the mapping, nothing prevents a call to nfs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: conntrack: Hash resizes and cleanup operations need to be executed serially. Syzbot was able to trigger the following warning 1. No reprocessing occurred by Syzbot yet, but I was able to trigger a similar issue by...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iscsistart: A UBSAN out-of-bounds warning has been fixed in ibftattrshownic. When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed issues related to data races around sk-skforwardalloc. Syzkaller reported this warning: ------------------ WARNING: CPU: 0 PID: 16 at net/ipv4/afinet.c:156 inetsockdestruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: devioctl: Must take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING:...

Astra Linux – Vulnerability in edk2

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...