Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in the port.c file: the disablestore function may return NULL if the hub to which the port belongs is removed concurrently...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: The issue occurs in the error path of the xfrmpolicycheck function. When the fetching process of the object pols1 fails, the function simply returns 0, without decrementing the reference count of pols0. This happens either...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a missing pointer check in the hdacomponentmanagerinit function. The componentmatchadd function may assign the ‘matchptr’ pointer the value ERRPTR-ENOMEM, which will subsequently be dereferenced. The call stack...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was discovered in the Big Requests extension. The length of the request is multiplied by 4 before checking against the maximum allowed size, which may lead to an integer overflow and bypassing the size check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places where qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam Each of these functions converts nlattr to a specifi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Enhanced the attribute size check This combines the overflow and boundary check so that all attribute sizes will be properly examined during enumeration. 169.181521 BUG: KASAN: Out-of-bounds access in...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: A consistency check is performed on the mailbox/SMT channel. Upon receiving a completion interrupt, the shared memory area is accessed to retrieve the message header first. If the message sequence number...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed kernel address leakage in atomic fetch The change in commit 37086bfdc737 “bpf: Propagates stack bounds to registers in atomic operations with BPFFETCH” regarding the handling of checkmemaccess is flawed. This flaw allo...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimized the process of clearing pending PMI values and removed the WARNON for the PMI check in powerpmudisable. The commit 2c9ac51b850d “powerpc/perf: Fix PMU callbacks to clear pending PMI values before resetting...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: Set nocfi on swsusparchresume A DABT was reported1 on an Android-based system when resuming from hibernation. This occurs because swsusparchsuspendexit is marked with SYMCODE, and it does not have a CFI hash. However,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Invalid parameter check in dpusetupdspppcc The function performs a check on the “ctx” input parameter, however, it is used before the check. The “base” variable is initialized after the sanity check to avoid a possib...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the cleanup flow for mlx5eprivinit. When mlx5eprivinit fails, the cleanup flow calls mlx5eselqcleanup, which in turn calls mlx5eselqapply. This ensures that priv-statelock is held using lockdepisheld. The statelo...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: panasonic-laptop: Fixed out-of-bounds accesses to the SINF array. The panasonic laptop code in various places uses the SINF array with index values ranging from 0 to SINFCURBRIGHT0x0d, without checking whether the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: pstore/platform: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid dereferencing a NULL pointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed a possible crash in bnxthwrmsetcoal During the error recovery sequence, the rtnllock is not held for the entire duration, and some data structures may be freed during this process. Instead of checking netifrunning,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Check whether the target buffer list is still of the legacy type during recycling. There is a gap between the time the buffer is acquired and the time it potentially gets recycled. If the bufferlist is empty, someon...

Astra Linux – Vulnerability in Chromium

In Google Chrome’s spell check feature, before version 91.0.4472.101, an attacker who convinced a user to install a malicious extension could potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not ...

Astra Linux – Vulnerability in Shadow

Shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...