Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/gic-v3: Do not enable IRQs when handling spurious interrupts. The following error occurred while running our 4.19 kernel with the pseudo-NMI patches backported to it: 14.816231 ------------ Cut here ------------...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, it is now allowed only for the init netns to set the default tcpcongestioncontrol to a restricted algorithm. The tcpsetdefaultcongestioncontrol function is netns-safe because it writes to...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a potential NULL dereference in nfsgetclient. None of the callers is expected to receive a NULL return value from nfsgetclient. Therefore, this code will result in an Oops error. It’s better to return an error pointer....

Astra Linux - уязвимость в gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

Astra Linux - уязвимость в ceph

A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ima: fixed a reference leak in asymmetricverify Do not leak a reference to the key if its algorithm is unknown...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to pagepoolgetstats Calling pagepoolgetstats in the mvneta driver without proper checks leads to kernel crashes. The page pool is only available if the bm is not used. The page pool is also not allocated wh...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: The stale u-oobskb was cleared. syzkaller started reporting a deadlock of unixgclock after the commit. 4090fa373f0e “afunix: Replace the garbage collection algorithm.”, but it simply exposes a bug that has existed since t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtionet: Do not send RSS commands if the feature is not available on the device. There is a bug when setting RSS options in virtionet that can cause the entire machine to become unstable, leading to an infinite loop in the...

Astra Linux - уязвимость в sqlite

The osunix.c file in SQLite before version 3.13.0 improperly implements the temporary directory search algorithm. This may allow local users to obtain sensitive information, cause a denial of service application crash, or have unspecified other impacts by leveraging the current working directory...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

A null pointer dereference flaw was discovered in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configurations, which could allow a local user to crash the system or escalate their...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis. Each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However,...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the fragment counting for XDP multi-buffer scenarios in legacy RQ. XDP multi-buffer programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ntfs: -dcompare must not block. … So don’t use getname there. Switch it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash can almost certainly handle smaller allocations, but let the ntfs team deal with that—keep the allocation siz...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: Fixed undersized liclogroundoff values. If the superblock does not list a log stripe unit, we set the incore log roundoff value to 512. This causes corrupted logs and unmountable file systems in generic/617 on a disk with...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed SError causing kernel panic upon closing. The occurrence of SError causing kernel panic was rare during testing. The root cause was entering suspend mode due to an timeout of the autosuspend delay...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Fixed a crash that occurs when switching to switchdev mode. When switching to switchdev mode if the device does not support IPsec, we attempt to clean up the IPsec resources anyway, which causes the crash. This issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fixed a soft lockup in mptcprecvmsg. syzbot reported a soft lockup in mptcprecvmsg. When receiving data with the MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to alwa...

Astra Linux - уязвимость в nodejs

The generateKeys API function returned by crypto.createDiffieHellman only generates missing or outdated keys. In other words, it only generates a private key if none has been set yet. However, this function is also needed to compute the corresponding public key after calling setPrivateKey...