Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s KVM when attempting to set the SynIC IRQ. This issue allows a malfunctioning VMM to write to the SYNIC/STIMER MSRs, leading to a NULL pointer derefrence error. This flaw enables an unprivileged local attacker on the host to issue specific ioctl calls,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: Fix for crashes when suspending if remote wake-up is enabled Crashes occurred on the i.mx8qm platform when suspending if remote wake-up was enabled. Internal error: Synchronous external abort: 96000210 1 PREEMPT S...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check that the endpoint is valid before dereferencing it When the host controller is not responding, all URBs User-Randomized Block Structures queued for all endpoints need to be terminated. This can cause a kernel pan...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing the OPCINBSETCONTROLLERCONFIG command. The tags allocated for the OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fixed a race condition in the DMA ring dequeue process The HCI DMA dequeue path hcidmadequeuexfer may be invoked for multiple transfers that time out at approximately the same time. However, this function is no...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Remove the “MHI autoqueue” feature for IPCR DL channels. The MHI stack provides the “autoqueue” feature, which allows the MHI stack to automatically queue buffers for the RX path DL channels. Although this feature...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Preventing interrupt storms due to Host Controller Errors HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage during device plug/unplug scenarios on Android devices. HCE is checked in the xhciirq...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: – Parsing the DT Device Tree for flashes along with the rest of the DT parsing. The recent refactoring of the code responsible for enabling runtime PM was implemented in the commit f1eb4e792bb1 „spi:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300: Fixed a use-after-free issue upon disconnection. The vub300 driver maintains an explicit reference count for the controller and its driver data. In theory, this reference count can be dropped after the driver is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on startstreaming failure Buffers are returned if streaming fails to start due to a uvcpmget error. This bug may be responsible for the warning that I encountered during testing. The issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: GPIO: sysfs: fix the issue where removing a chip with GPIOs exported through sysfs occurs. Currently, if we export a GPIO through sysfs and unbind the parent GPIO controller, the exported attribute will remain under...

Astra Linux - уязвимость в qemu

A “off-by-one” read/write issue was identified in the SDHCI device of QEMU. This issue occurs when reading/writing the Buffer Data Port Register using the sdhcireaddataport and sdhciwritedataport functions, specifically when datacount == blocksize. A malicious guest could exploit this flaw to cra...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the isotprcv function, there is a potential issue where race conditions may occur during CAN frame reception. When receiving a CAN frame, the current code logic does not consider processes that are not actually running in...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from the bandwidth list when freeing the device. Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If the xHCI host is dying or being...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns an error, the destroy callback will not be called. Fixed the issue of leaking references/memory in cases where this error occurs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the “intct...

Astra Linux - уязвимость в linux

A flaw was discovered in the CAN BCM networking protocol within the Linux kernel. A local attacker can exploit this flaw in the CAN subsystem to corrupt memory, cause the system to crash, or escalate privileges. This race condition in the net/can/bcm.c file of the Linux kernel allows for local...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fixed a possible use-after-free condition during controller reset during loading. Unlike .queuerq, in .submitasyncevent, drivers may not check the state of ctrl before submitting an AER. This can lead to a use-after-free...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in ncirequest in net/nfc/nci/core.c within the NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race issue while the device is being removed, leading to a privilege escalation...