11 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Issue: ofoverlay: Early call to callchangesetinit When ofoverlayfdtapply fails, the changeset may be partially applied. It is still expected that the caller will call ofoverlayremove to clean up this partial state. However,...
SUSE CVE-2023-53856
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
CVE-2023-53856
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
DEBIAN-CVE-2023-53856
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
UBUNTU-CVE-2023-53856
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
CVE-2023-53856
The CVE-2023-53856 vulnerability in the Linux kernel is fixed by moving of_changeset_init() initialization from init_overlay_changeset() to of_overlay_fdt_apply(), so the changeset is properly initialized before potential cleanup when overlay application fails. The root cause was that of_resolve_...
CVE-2023-53856 of: overlay: Call of_changeset_init() early
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: The registration of structops that uses the module ptr was rejected, and the module btfid is missing. There is a UAF report in bpfstructops when CONFIGMODULES=n. Specifically, the report relates to tcpcongestionops, which ha...
CVE-2024-58060
CVE-2024-58060 affects the Linux kernel BPF struct_ops path. The issue occurs when a struct_ops contains a struct module *owner and CONFIG_MODULES=n, causing incorrect refcounting because the module btf_id is missing, leading to a potential use-after-free in tcp_congestion_ops. The patch disables...
PT-2025-49747
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s overlay functionality where a call to of changeset init occurs prematurely. Specifically, if of overlay fdt apply fails, a partial state may remain,...
Debian DLA-72-2 : rsyslog regression update
The Wheezy patch left an unresolved symbol in the imklog module of the Squeeze version. rsyslog worked fine except that messages from the kernel couldn't be submitted any longer. This update fixes this issue. NOTE: Tenable Network Security has extracted the preceding description block directly fr...