kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Integrity: Fixed memory leakage in the keyring allocation error path. Keys are allocated in the integrityinitkeyring function. However, if the keyring allocation fails, the allocated keys are not freed, resulting in memory lea...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: The blkallocextminor function fixes the issue where the maximum minor value is blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both endpoints. Therefore, NREXTDEVT is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fixed a refcount leak in ariesaudioprobe. The ofparsephandle function returns a node pointer with the refcount incremented. We should use ofnodeput on it when necessary. If extconfindedevbynode fails, it does not...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: The comedi module contains a race condition between polling and detaching the device. The syzbot report indicates a use-after-free in comedi. This occurs because comedi happily removes the allocated async area, even though poll...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, leading to a NULL pointer dereferencing issue. Patch details:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fixed a use-after-free issue when volume creation failed. There is a use-after-free problem related to ‘ebatbl’ in the error handling code of ubicreatevolume. The relevant code is as follows:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fixed an issue where the function deviceadd was called multiple times. The function deviceadd should not be called multiple times, as stated in its documentation: “Do not call this routine or deviceregister...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come directly from reset, we might receive an IRQ before we are ready to handle it. 2.334737 Unable to handle kernel read from unreadable memory at...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free in pm8001queuecommand The commit e29c47fe8946 “scsi: pm8001: Simplified pm8001taskexec” includes refactoring efforts for pm8001queuecommand. However, this code introduces a potential cause of ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module loading, a kthread is created that targets the pvr2contextthreadfunc function. This function may call pvr2contextdestroy, thereby calling kfree on the contex...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF A hung task trace was observed during LOGO processing. 974.309060 0000:00:00.0: qedfehdevicereset:868: 1:0:2:0: LUN RESET issued… 974.309065 0000:00:00.0:...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: cfg80211: Values of NL80211ATTRTXQQUANTUM are restricted. syzbot can trigger soft lockups by setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq; it was fixed in the commit d9e15a273306 “pktsched: fq: ...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Check the A-MSDU format more carefully. If it seems that there is another subframe within the A-MSDU, but the header is not fully present, we may end up reading data outside its expected range, which would then ne...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: fixed a double-free issue during the unloading of the amdgpu module Flexible endpoints use DIGs from available inflexible endpoints; therefore, only the encoders of inflexible links need to be freed. Otherwise...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/csdspctl: Use privatefree for controlling cleanup. Use the privatefree callback to free the associated data structures. This ensures that the memory will not leak, regardless of how the control objects are destroyed. Th...

Astra Linux - уязвимость в linux-5.10, linux

A out-of-bounds read flaw was discovered in the Linux kernel’s TeleTYpe subsystem. The issue arises when a user triggers a race condition using ioctls TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, and TCXONC, accompanied by memory leakage in the flushtoldisc function. This flaw allows a local user to crash t...

Astra Linux - уязвимость в linux

A NULL pointer dereference flaw was discovered in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem, regarding the way the user terminates the LR-WPAN connection. This flaw allows a local user to crash the system. The greatest threat posed by this vulnerability is to system...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fixed a potential buffer overflow caused by snprintf. snprintf returns the potentially filled size when the string exceeds the given buffer size. Therefore, using this value may lead to a buffer overflow althoug...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jbd2: removed the incorrect sb-ssequence check. The emptiness of the journal is determined not by sb-ssequence == 0, but rather by sb-sstart == 0 which is set a few lines above. Moreover, 0 is a valid transaction ID, so the check...