12230 matches found
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Avoid data corruption on cq descriptor numbers. Since commit 30f241fcf52a “xsk: Fix immature cq descriptor production”, the descriptor number is stored in the skb control block. The xskcqsubmitaddrlocked function relies on...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf, cpumap: Handle skb as well when cleaning up ptrring. The following warning was reported when running xdpredirectcpu with both skbmode and stressmode enabled: ------------ Cut here ------------ Incorrect XDP memory type...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fixed a circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune, where sknetrefcntupgrade is called while holding the socket lock:...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: The use-after-free issue in l2capsockcleanuplisten has been fixed. Syzbot reported the issue without providing a reproducible example. In the affected code, a single thread called btacceptdequeue freed the socket sk...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerabilities have been resolved: kcm: An annotate data-race around kcm-rxpsock has been fixed. kcm-rxpsock can now be read without a lock in kcmrfree. The reading and writing operations have been adjusted accordingly. The same approach is used for kcm-rxwait ...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfreeskb...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's skwq in skstreamwaitmemory Fixes the below NULL pointer dereference: ... 14.471200 Call Trace: 14.471562 14.471882 lockacquire+0x245/0x2e0 14.472416 ? removewaitqueue+0x12/0x50 14.473014 ?...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is created. Even when srcnet is removed, the device stays alive on...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fixed the acceptqueue memory leak. Since the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the...
Astra Linux - уязвимость в qemu
A flaw was discovered in the QEMU NBD Server. This vulnerability allows for a Denial-of-Service DoS attack through improper synchronization during socket closure, where a client keeps a socket open while the server is offline...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix potential memory leak on unlikely error case If skblinearize is needed and fails we could leak a msg on the error handling. To fix ensure we kfree the msg block before returning error. Found during code review...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jumps to the outfail label and returns without calling mcanreceiveskb. This means that the skb...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: TCP: Handling the mixed splice/sendmsgMSGZEROCOPY case syzbot found that mixing calls to sendpage and sendmsgMSGZEROCOPY using the same TCP socket would trigger the infamous warning in inetsockdestruct. c WARNONskforwardallocgets...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Staging: gdm724x: fixed the use of a variable after it is freed in gdmlterx. The netifrxni function frees the skb, so we cannot dereference it to save the skb-len...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net/sun382586: fix potential memory leak in sun382586sendpacket The sun382586sendpacket returns NETDEVTXOK without freeing skb in case of skb-len being too long, add devkfreeskb to fix it...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close and udpabort Kaustubh reported and diagnosed a panic in udpliblookup. The root cause is udpabort racing with close. Both racing functions acquire the socket lock, but udpv6destroysock release it before...