Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes a memory leak in iucvsockdestruct. Passing the MSGPEEK flag to skbrecvdatagram increments the skb refcount skb-users, while iucvsockrecvmsg does not decrement the skb refcount at exit. This results in a...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing client-side handling of TLS alerts A security exploit was discovered in NFS over TLS in tlsalertrecv. This issue stemmed from an assumption that there was valid data within the msghdr structure’s iterator’s kvec...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In net: The variable sk-skfamily was read once in the function skmcloop. - syzbot is frequently using IPV6ADDRFORM; it managed to trigger the WARNONONCE1 function in skmcloop. We have many more similar issues that need to be...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: The stale u-oobskb was cleared. syzkaller started reporting a deadlock of unixgclock after the commit. 4090fa373f0e “afunix: Replace the garbage collection algorithm.”, but it simply exposes a bug that has existed since t...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtrtxresume Syzbot reported a bug as following: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0 net/qrtr/afqrtr.c:230...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: TCP/UDP: Fixed memory leaks related to sk and zerocopy SKBS with TX timestamps. syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY SKBS. We can reproduce the problem with the following sequence: sk = socketAFINET,...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk from being released while still in use The functions iplocalout and others can pass skb-sk as a function argument. If the skb is a fragment and reassembly occurs before such a function call returns, t...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tls: fixed the missing memory barrier in tlsinit In tlsinit, a write memory barrier is missing, and the store-store reordering may cause NULL dereferencing in tlssetsockopt,getsockopt. CPU0 CPU1 ----- ----- // In tlsinit // In...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: stream: purge skerrorqueue in skstreamkillqueues Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1 SOFTIMESTAMPINGTXACK is enabled on the socket. Each ACK...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: dev: canrestart: fix use after free bug After calling netifrxniskb, dereferencing skb is unsafe. Especially, the canframe cf which aliases skb memory is accessed after the netifrxni in: stats-rxbytes += cf-len; Reordering th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: fixed a refcount bug in skpsockget2. Syzkaller reported the refcount bug as follows: ------------ cut here ------------ refcountt: saturated; memory was leaking. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: udp: Fixed multiple wraparounds of sk-skrmemalloc. udpenqueuescheduleskb has the following condition: if atomicread&sk-skrmemalloc sk-skrcvbuf goto drop; sk-skrcvbuf is initialized by net.core.rmemdefault and can later be...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed the LGR and link use-after-free issue. We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. The reasons for this fix are also described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”. In ath9khtcrxmsg, it ...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo-bcmprocread after removeprocentry. syzbot reported a warning in bcmrelease. 0 The blamed change fixed another warning that is triggered when connect is issued again for a socket whose connected device has been...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actct: fix skb leak and crash on ooo frags actct adds skb-users before defragmentation. If frags arrive in order, the reference of the last frag is reset in inetfragreasmprepare, skbmorph. This is not straightforwar...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fixed a possible memory leak in the mt7915mcuaddsta routine. The allocated skb was freed in the mt7915mcuaddsta routine in case of failures...