Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5ibgethwstats when used for device Currently, when mlx5ibgethwstats is used for device portnum = 0, there is a special handling in order to use the correct counters, but, portnum is being passed down the stack...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: skbuff: In skbSegment, call zero-copy functions before using skbuff fragments. The commit bf5c25d60861 added the call to zero-copy functions in skbSegment. This change introduced a bug in skbSegment, as skborphanfrags may...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix for crashes that occur when the regular task queue is reactivated. When the regular task queue is reactivated after the XSK socket is closed, it may read stale cancellation requests cqe, which can eventually...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: All reserved memblocks on Node0 are set at initialization. After the commit 61167ad5fecdea "mm: pass nid to reservebootmemregion", a panic occurs if DEFERREDSTRUCTPAGEINIT is enabled: 0.000000 CPU 0 Unable to handle...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: exec: Force a single empty string when argv is empty Quoting 1 Ariadne Conill: “In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program. This prevents scenarios...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: An error will occur if pixclock equals zero. The user-space program can pass any values to the driver through the ioctl interface. If the driver does not check the value of pixclock, it may lead to a divide-by-zero...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Nullifies the cq-dbg pointer in mlx5debugcqRemove Before this patch, if mlx5CoreDestroyCq failed, the destruction operations continued. However, mlx5CoreDestroyCq could be called again by the user, causing additional...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handles datavault when the value is ZEROSIZEPTR. In some cases, GDDV returns a packet with a buffer of zero length. This causes kmemdup to return ZEROSIZEPTR 0x10. As a result, datavaultread encounters a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot reported a GPF in sgallocAppendTablefromPages. The problem lies in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated based on arguments passed from user-space. If the user creates an...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the BPF code, ensure that skb-len != 0 when redirecting a packet to a tunneling device. The syzkaller function managed to trigger another case where skb-len == 0 when entering devqueuexmit. WARNING: CPU: 0, PID: 2470; Location...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: scsidebug: Do not call kcalloc if size argument is zero. If the size argument to kcalloc is zero, it returns ZEROSIZEPTR. Therefore, for the subsequent NULL pointer check to work on the returned pointer, kcalloc must not...

Astra Linux – Vulnerability in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service attacks. When a target resolver sends a query, the attacker creates a malformed UDP packet with a length of 0 and sends it back to the target resolver. The target resolver misinterprets this 0-length field as an...

Astra Linux – Vulnerability in libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct field may be able to trigger a call to malloc0 for the variable gnulongname, resulting in an out-of-bounds read...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Storage: Fix memory leak in USB bulk transport A memory leak in the kernel was identified using the ‘ioctlsg01’ test from the Linux Test Project LTP. The following bytes were observed: 0x53425355. When USB storage devices...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fixed a use-after-free in pm8001queuecommand The commit e29c47fe8946 “scsi: pm8001: Simplified pm8001taskexec” includes refactoring efforts for pm8001queuecommand. However, this refactoring introduced a potential...

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. Tomcat did not restrict HTTP/0.9 requests to only the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...

Astra Linux – Vulnerability in speex

A vulnerability involving division by zero in the static int readsamples function of Speex v1.2 allows attackers to cause a Denial-of-Service attack through a specially crafted WAV file...

Astra Linux – Vulnerability in libtar

An attacker who submits a crafted tar file with a size of 0 in the header struct may be able to trigger a call to malloc0 for a variable named gnulonglink, resulting in an out-of-bounds read...