Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI – Add a check to handle incorrect queue size. qsize represents the size of the shared queue between the driver and the firmware. The firmware can modify this value to an invalid, large value. In such situations,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: It is enforced that teql can only be used as a root qdisc. The design intent of teql is that it is only supposed to be used as a root qdisc. We need to ensure that this constraint is respected. Although it’s not very...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: fmidi: fmidicomplete to call queuework When using USB MIDI, a lock attempt is made twice through a reentrant call to fmiditransmit, resulting in a deadlock. This issue can be fixed by using queuework to schedule the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: mana: The use-after-free issue in manahwcdestroychannel has been fixed by reordering the teardown process. There is a potential race condition in manahwcdestroychannel. In this situation, hwc-callerctx is freed before the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/efa: Fixed the issue of using the completion context after it was freed. Regarding the handling of admin queue completion, if the admin command completes with an error, we print data from the completion context. The issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8712: fixed a potential memory leak in r871xudrvinit. In r871xudrvinit, if r8712initdrvsw fails, the memory allocated by r8712allocioqueue in r8712usbdvobjinit is not properly released, as no action is performed by...

Astra Linux - уязвимость в zeromq3

A flaw was discovered in the ZeroMQ server in versions prior to 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The greatest threat posed by this vulnerability is to confidentiality,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed error handling after opening. Closing a queue does not guarantee that all associated page pools are terminated immediately; let the refcounting handle this process instead of releasing the zcrx ctx directly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix for crashes that occur when the regular task queue is reactivated. When the regular task queue is reactivated after the XSK socket is closed, it may read stale cancellation requests cqe, which can eventually...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: A boundary check was added before installing cq callbacks. A boundary check has been added inside manaibinstallcqcb to prevent index overflow...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Add a check for a null pointer when cleaning up the lpfcvport structure. If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resulting cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fixed incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Deferred sub-object cleanup in export put callbacks The svcexportput function calls pathput and authdomainput immediately when the last reference is dropped, before the RCU grace period. RCU readers in eshow and cshow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: writeback: Fixed the use of “free” after processing in inodeswitchwbsworkfn. The function inodeswitchwbsworkfn has a loop like this: c wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break;...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: io-wq: Check for wq exit after adding a new worker taskwork. We check the IOWQBITEXIT flag before attempting to create a new worker. The wq exit cancels any pending tasks if there are any. However, it’s possible for a race...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: tls: handling of backlogging of crypto requests Since we are setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fixed a crash that occurred due to out-of-bounds writing. The driver utilizes the “tag” values from various arrays provided by libata. Since the mentioned patch increased the value of ATATAGINTERNAL to 32, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge – fixed the issue of division by zero. When the network port is down, the queue is released, and ring-len becomes 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This pat...