Astra Linux – Vulnerability in Mariadb 10.3

A issue in the Createtmptable::finalize component of MariaDB Server v10.7 and below was discovered. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm: Fix NULL pointer dereference in dmsuspend There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereference. This issue occurs when the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Do not allow SETID to refer to another table. When performing lookups for sets within the same batch using their IDs, a set from a different table can be used. However, when the table is removed, a reference ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed a double-free operation in the delayedfree function. The double-free could occur at the following paths: c exfatcreateupcasetable exfatcreateupcasetable : Return error exfatfreeupcasetable : Free -volutbl...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/debugvmpgtable: Clear page table entries at destroyargs The mm/debugvmpagetable test manually allocates page table entries for the tests it runs, using the mmstruct that it has manually allocated. This is fine on its own, but...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Errors are now handled in mlx5chainscreatetable. In mlx5chainscreatetable, the return values of mlx5getfdbsubns and mlx5getflownamespace must be checked to prevent NULL pointer dereferences. If either function fails, th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue related to “slab-use-after-free” in ksmbdsmb2sessioncreate. There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch adds the necessary sessionstablelock during the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVMs. When PAE paging is used, the bits 4:0 of the CR3 register are ignored, and thus VMRUN does not enforce a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the net structure via current is not recommended for various reasons: - Inconsistency: obtaining information from the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: selinux: Fixed a NULL pointer dereferencing issue when hashtab allocation fails. When the allocation of the hash table slot array fails in hashtabinit, h-size is initialized with a non-zero value, but the h-htable pointer remains...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: Do not repeatedly call pteoffsetmaplock until success. DAMON’s virtual address space operation implementation vaddr calls pteoffsetmaplock within the page table walk callback function. This is necessary for readin...

Astra Linux – Vulnerability in Linux

In the IPv4 implementation in the Linux kernel before 5.12.4, the net/ipv4/route.c file has an information leak because the hash table is very small...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: wangxun – fixed a kernel panic caused by a null pointer. When the device uses a custom subsystem vendor ID, the function wxswinit returns before the memory of ‘wx-mactable’ is allocated. A null pointer will cause the kernel...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag Otherwise, after the GTT context is released, the GTT and gart space are freed. However, amdgputtmbackendunbind does not clear the gart page table entry; instead, it leaves a valid...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: sparx5 – Fixed the issue where the entry was still used after being freed within sparx5delmactEntry. Based on the static analysis of the code, it appears that when an entry from the MAC table was removed, the entry was still...

Astra Linux – Vulnerability in SQLite3

In SQLite version 3.31.1, the ALTER TABLE implementation contains a use-after-free issue, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fixed the issue of freeing the HMB descriptor table. The HMB descriptor table is sized based on the maximum number of descriptors that can be used for a given device. However, nvmeallochostmem might break out of the loo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ata: patamacio: Fix DMA table overflow Kolbjorn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 “ata: patamacio: Fix DMA table overflow when PAGESIZE == 64K”. For example: -...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: Handle RST lookup errors correctly BUG When running btrfs/060 with the forced RST feature, the following ASSERT inside scrubreadendio would crash: ASSERTsectornr nrsectors; Previously, we would get a tree dump from...