Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calculation functions A vulnerability was identified where the operating system can pass in U32MAX as the size for SQ/RQ/SRQ operations. This can lead to integer overflow and truncation of the SQ/RQ/SRQ...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: sfc: add missing xdp queue reinitialization After rx/tx ring buffer size is changed, kernel panic occurs when it acts XDPTX or XDPREDIRECT. When tx/rx ring buffer size is changedethtool -G, sfc driver reallocates and...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed a heap-based buffer overflow in the queuerun function, through two sender options: -R and -S. This could lead to privilege escalation from the exim user to the root user...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - bus: mhi: core: Fixed an invalid error that was returned in mhiqueue. - mhiqueue returns an error when the doorbell is not accessible in the current state. This can occur when the device is in a non-M0 state, such as M3, and...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep blkintegrityunregister can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Fixed a memory leak in blkmqinitallocatedqueue. There is a memory leak caused by modprobe nullblk.ko. Unreferenced object 0xffff8881acb1f000 size 1024: - Command: “modprobe”, PID: 836, Jiffies: 4294971190 Age: 27.068...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: The ctx variable was initialized to avoid a memory allocation error. It is possible that the ctx variable in nfqnlbuildpacketmessage could be used before it is properly initialized. It is only initializ...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed an issue where incomplete state saving occurred in rxerequester. If a send packet is dropped by the IP layer in rxerequester, the call to rxexmitpacket may fail with an error code of -EAGAIN. To recover from this...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Fixed error handling when the firmware fails and the RQ is destroyed. When the RQ is destroyed, if the firmware command fails—which is the last resource to be destroyed—some SW resources are already cleaned,...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fixed a accounting bug when using peek in hfscenqueue. When enqueuing the first packet to an HFSC class, hfscenqueue calls the peek operation of the child qdisc before incrementing sch-q.qlen and sch-qstats.backlog. If t...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch-q.qlen check before qdisctreereducebacklog After making all -qlennotify callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fqcodeldequeue and codelqdiscdequeue...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fixed a race condition between unprepare and queuebuf. A client driver may use mhiunpreparefromtransfer to quiesce incoming data during the client driver’s tear-down process. The client driver might also be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with the pwq-stats increment KCSAN has discovered a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-race i...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the use-after-free of rsvqp on HIP08. Currently, rsvqp is freed before the ibunregisterdevice function is called on HIP08. During this time interval, users can still deregister MR, and rsvqp will be used in this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishme...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Free the page array when watchqueue is dismantled Commit 7ea1a0124b6d "watchqueue: Free the alloc bitmap when the watchqueue is torn down" took care of the bitmap, but not the page array. BUG: memory leak unreferenced...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: xen/netback: Avoid entering xenvifrxnextskb with an empty rx queue. xenvifrxnextskb expects the rx queue not to be empty. However, if the loop in xenvifrxaction performs multiple iterations, the availability of another skb in the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queuedspinlockslowpath after we increment qnodesp-count and before node-lock is initialized, another CPU might see stale lock values in gettailqnode. If the...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A use-after-free issue was discovered in the driver/firewire component, specifically in the outbound PhyPacketCallback function within the Linux kernel. In this flaw, a local attacker with special privileges could cause a use-after-free error when queueevent fails...