Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: fixed a potential crash when handling gsoskb. SFQ assumes that at least one packet can always be queued. However, after the problematic commit, sch-q.len can be inflated by packets in sch-gsoskb. An enqueue...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

CVE-2023-53559

CVE-2023-53559 affects the Linux kernel ip_vti path when an ip_vti device is using the sfb qdisc. The cb field of the skb may be modified during enqueuing, causing slab-use-after-free on IPv6 packet transmission. The root cause is that IP6CB(skb)->nhoff is not set during transmit, as described...

CVE-2023-53500 xfrm: fix slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decodesession6 When the xfrm device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when the xfrm device sen...

CVE-2022-50356 net: sched: sfb: fix null pointer access issue when sfb_init() fails

In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources. In this case, the q-qdisc is...

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002350 fixes several issues. The following security issues were fixed: CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793. CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776. CVE-2025-21702:...

SUSE-SU-2025:02673-1 Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002333 fixes several issues. The following security issues were fixed: - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close bsc1235250. - CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793. -...

SUSE CVE-2025-38115

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash on gsoskb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch-q.len can be inflated by packets in sch-gsoskb, and an...

UBUNTU-CVE-2025-38115

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash on gsoskb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch-q.len can be inflated by packets in sch-gsoskb, and an...

SUSE CVE-2025-38083

In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...

Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005583 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-49855: nbd: fix race between timeout and normal completion bsc1232900. CVE-2024-58013:...

SUSE CVE-2024-57996

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following...