Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Media: dvb-frontends: dib3000mb: The issue of an uninitialized value was fixed in dib3000writereg. Syzbot reports that there is an issue with uninitialized values discovered by KMSAN in dib3000readreg. The local variable rb2 is...

Astra Linux – Vulnerability in Jose

Latchset JOSE with version 11 allows attackers to cause a denial of service CPU consumption by using a large p2c value also known as PBES2 Count...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: perf: Check the return value of findfirstbit We must check the return value of findfirstbit before using its value as an index array, as it may cause the array to overflow, leading to a panic: 107.318430 Kernel BUG 1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer that is not initialized yet. If the KVP or VSS daemon starts before the VMBus channel’s ringbuffer is fully initialized, we can encounter a panic as follows: hvutils: Registering th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: udf: The use of uninit-value in udfgetfileshortad has been fixed. A check for overflow was added when calculating alen in udfcurrentaext, to mitigate potential issues with uninit-value usage in udfgetfileshortad. This is related ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: fixed a UAF Use-After-Value issue in xattr repair. The xchksetupxattrbuf function can allocate a new value buffer; therefore, any reference to ab-value before the call could become a dangling pointer. This issue was fixed...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed the uninit-value access to imap allocated in the diMount function. The syzbot reports that hexdumptobuffer uses uninit-value: ===================================================== BUG: KMSAN: uninit-value in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/sti: Avoid potential dereferencing of error pointers. The return value of drmatomicgetcrtcstate needs to be checked. This is done to prevent the use of the error pointer ‘crtcstate’ in case of a failure...

Astra Linux – Vulnerability in poppler, poppler-22

A floating-point exception in the PSStack::roll function of Poppler before version 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm: Fixed a potential null-ptr-deref due to drmmmodeconfiginit. drmmmodeconfiginit will call drmmodecreatestandardproperties, and does not check the return value. When drmmodecreatestandardproperties fails due to allocation...

Astra Linux – Vulnerability in Consul

The HashiCorp Consul and Consul Enterprise versions up to 1.9.4 had a key-value KV raw mode that was vulnerable to cross-site scripting attacks. This issue was fixed in versions 1.9.5, 1.8.10, and 1.7.14...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: Ensure that the ethheaderlen field is set to a valid value. The syzbot triggered an uninitvalue1 error in the bridgedevice’s xmit path by sending a short packet less than ETHHLEN bytes. To fix this issue, check...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ppp: Fixed illegal access in pppasyncencode. syzbot reported an issue with pppasyncencode. In this case, pppoesendmsg is called with a zero size. Then, pppasyncencode is called with an empty skb. BUGs: - KMSAN: Uninit-value in...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: Check that the inode number is not the invalid value of zero. Syskiller has identified an out-of-bounds access in the fillmetaindex function. This out-of-bounds access occurs because the inode has an inode number of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: dbg-tlv: Ensure NUL termination The iwlfwiunidebuginfotlv is used as a string; therefore, we must ensure that the string is terminated correctly before using it...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...

Astra Linux – Vulnerability in Squid

Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. A bug related to incorrect checking of function return values makes Squid vulnerable to Denial of Service attacks targeting its helper process management. This bug has been fixed in Squid version 6.5. Users...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: hsr: Avoid potential out-of-bound access in fillframeinfo. syzbot can inject a packet with 14 bytes, pretending it is a VLAN packet. Since fillframeinfo already relies on skb-maclen, extend the check to cover this case....

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check the return value of platformgetresource. platformgetresource returns NULL in case of failure. Therefore, check its return value and propagate the error to prevent NULL pointer dereferencing...