Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure Otherwise, the notifier remains registered, and a subsequent attempt to enable eswitch may trigger warnings of the following type: 682.589148 ------------ Cut here -----------...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fixed the potential deadlock issue. When some client process A calls pdraddlookup to add a lookup for the service and performs scheduling-related tasks, another process B receives a new server packet indicating th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed an out-of-bounds read in orangefsdebugwrite. I received a report from syzbot regarding an out-of-bounds read in orangefsdebugwrite… Several people suggested solutions. I tested Al Viro’s suggestion and created thi...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: RFCOMM: Avoid leaving a dangling sk pointer in rfcommsockalloc. The btsockalloc function attaches the allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: The BR/EDR JUSTWORKS method has been aligned with LE. This alignment ensures that user confirmation is always requested since version 92516cd97fd4 „Bluetooth: Always request for user confirmation for Just...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fixed AUX buffer serialization. Ole reported that the event-mmapmutex is strictly insufficient to serialize the AUX buffer. To serialize it properly, a per-RB mutex should be added...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd syzbot reported the following general protection fault 1: General protection fault, likely for non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: nfc: fixed races in nfcllcpsockget and nfcllcpsockgetsn Sili Luo reported a race condition in nfcllcpsockget, which could lead to UAF Use-after-Allocation. The process of acquiring a reference to the socket found during a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nouveau: fixed a race condition related to ptr storage operations. When running many VK CTS tests in parallel against nouveau, every few hours, you might encounter a crash like this. BUG: Kernel NULL pointer dereferencing, addres...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: processoridle: A memory leak was fixed in acpiprocessorpowerexit. After the CPU idle device was unregistered, the memory associated with it wasn’t freed, resulting in a memory leak: unreferenced object 0xffff896282f6c000 si...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed a use-after-free in unixstreamreadactor. The syzbot reported the following crash 1. After releasing the unix socket lock, the u-oobskb can be changed by another thread. We must temporarily increase the skb refcou...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in dm1105remove in drivers/media/pci/dm1105/dm1105.c...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: UBSAN: Array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: A change in capacity was detected, from 0 to 32768 UBSAN: Array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 Index -2 is out of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipmi: Fixed use-after-free and list corruption on sender errors According to the analysis by Breno: When the SMI sender returns an error, smiwork delivers an error response but then jumps back to restart without properly cleaning...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruption. Wait for all dependencies of a task to complete before terminating it, to prevent data corruption...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: pinctrl: Single issue: fixed the potential NULL dereference in pcsgetfunction. The pinmuxgenericgetfunction function may return NULL, and the pointer “function” was dereferenced without checking against NULL. Added checking of th...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents. When merging very long extents, we try to assign as much length as possible to the first extent. However, this is unnecessarily complicated and not really worth the effort. Moreover,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: FDDI – Fixed a UAF Use-after-Free issue in fzaprobe. “FP” is netdev private data, and it cannot be used after the freenetdev call. Using “FP” after freenetdev can cause a UAF bug. This issue was fixed by moving the freenetde...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Fixed memory leaks. Fixed memory leaks related to the memory segments of the operational reply queue, which were not being freed during the unloading of the driver...