Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: sctp: Set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart called by sctpinetlisten, it should set skstate back to CLOSED if sctpautobind fails for any reason. Otherwise, the next time sctpinetliste...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recvcb and release The issue occurs between the system call to close the socket and the hcirxwork function. In this process, the former releases the socket, while the latter accesses it without proper...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: The refcount leak caused by setting the SOBINDTODEVICE socket option has been fixed. When an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit...

Astra Linux - уязвимость в linux-5.10

The network backend may cause Linux netfront to use freed SKBs. While adding logic to support XDP eXpress Data Path, a code label was moved in a way that allows SKBs to retain references pointers for further processing, so that they can still be freed...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Avoid leaving a dangling sk pointer in rfcommsockalloc btsockalloc attaches the allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave a dangling pointer i...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: Do not leave a dangling sk pointer in ieee802154create sockinitdata attaches the allocated sk object to the provided sock object. If ieee802154create fails later, the allocated sk object is freed, but the danglin...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fixed Use-after-Free, failed to increment the ref count of a skb while it was in use. This patch addresses a Use-after-Free issue identified by the syzbot. The problem arises when a skb is taken from the per-session s...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netrom: Decreases the sock refcount when the sock timer expires. The commit 63346650c1a9 “netrom: switch to the sock timer API” switched to using the sock timer API. It replaces modtimer with skresettimer, and deltimer with...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remapping EPERM in case of connection failure in xstcpsetupsocket. When using a BPF program on kernelconnect, the call may return -EPERM. This causes xstcpsetupsocket to loop indefinitely, filling up the syslog and...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, a leak in the skbtstamptx function was fixed. Commit 50749f2dd685 “tcp/udp: Fixed memory leaks in sk and zerocopy skbs during TX timestamping” added a call to skborphanfragsrx to fix leaks related to zerocop...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fixed a memory leak in mt7615mcuwtblstaadd. In mt7615mcuwtblstaadd, an skb object named sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: Wait until all skuserdata readers complete their operations before releasing the sock. There is a race condition in vxlan where, when deleting a vxlan device during packet reception, there is a possibility that the so...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: added vlangetprotocolanddepth helper. Previously, skbmaypull was used instead of skbheaderpointer in vlangetprotocol and related functions. Few calls relied on skb-head being populated with the MAC header. syzbot detected on...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fixed race conditions in scosockconnect The scosockconnect function checks skstate and sktype without holding the socket lock. Two concurrent connect system calls on the same socket can both pass the check and ent...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing the handling of server-side TLS alerts Scott Mayhew discovered a security exploit in NFS over TLS, specifically in the tlsalertrecv function. This issue arose due to the assumption that the msg iterator could read...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. These conditio...

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TLS: Fix for race conditions between async notify and socket close The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler calls complete. Any code after that point...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a double-free on the socket destructor function When an MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to ‘inetopt’ for the new socket has the same value as the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc were left uninitialized. This caused problems as callers had to explicitly set t...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed repeated calls to sockput when msg has moredata. In the tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent. If msg has moredata, sockput will be...