Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for null pointer dereference in bondipsecoffloadok We must check whether there is an active slave before dereferencing the pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fixed a use-after-free issue when deleting GRE network devices. The driver only offloads neighbors that are created on top of network devices registered by it or their superiors which are all Ethernet...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: removes the intermediate secpath entry in packet offload mode. Packets handled by hardware add “secpath” as a way to inform the XFRM core code that this path has already been handled. This “secpath” is not needed at all aft...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Clean up the hook list when the offload flag check fails Resuspend the hook list so that nftchainreleasehook has a chance to release the hooks. BUG: Memory leak Unreferenced object 0xffff88810180b100 size...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: wed: Use the proper wed reference in mt76 wed driver calls. The MT7996 driver can use both wed and wedhif2 devices to offload traffic from/to the wireless NIC. In the current codebase, we assume to always use the...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a mix of command BD ring messages and port registers: enetcportrd, enetcportwr. Port...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: deal with large GSO size After the blamed commit below, the TCP sockets and the MPTCP subflows can build egress packets larger than 64K. That exceeds the maximum DSS data size, the length being misrepresent on the wire and...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “fou”: removed the warning in guegroreceive for unsupported protocols. Remove the WARNONONCE flag in guegroreceive if the encapsulated type is unknown or does not have a GRO handler. Such packets can be easily constructed. The...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: Fixed issues where stuck flows occurred during cleanup due to pending work. To clear the flow table when it becomes free, the following sequence typically occurs: 1 The gcstep operation is stopped to disable...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fixed the null-ptr-deref in addruleerrflow. In the error flow of mlx5tcctentryaddrule, if ctruleadd callback returns an error, zonerule-attr is used without initialization. This issue was fixed by using attr, which...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid issuing a WARNON when configuring MQPRIO with HTB offload enabled. When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns -EINVAL and triggers a WARNON, resulting i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed a race condition during IPSec ESN update. In IPSec full offload mode, the device reports an ESN Extended Sequence Number wrap event to the driver. The driver validates this event by querying the IPSec ASO and...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be transmitted on a certain platform that the DMA AXI address width is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fixed the offload support for the NETDEVUNREGISTER event. The current macsec netdev notify handler handles the NETDEVUNREGISTER event by releasing only the relevant software resources. This can lead to resource leaks...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: gso: IPv6 TSO with extensions is prohibited on devices that only have IPV6CSUM. When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: net: Avoid potential underflow in qdiscpktleninit with UFO After committing 7c6d2ecbda83 “net: Be more gentle about silly GSO requests coming from user”, the virtionethdrtoskb function included sanity checks to detect maliciou...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed an issue where TSO DMA API usage caused errors. Commit 66600fac7a98 “net: stmmac: TSO: Fixed unbalanced DMA map/unmap for non-paged SKB data” corrected the assignment of members of txskbuffdma to a later...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...