Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the bpf and arm64 architectures, there is a vulnerability where forcing an 8-byte alignment for the JIT buffer can prevent atomic tearing. The struct bpfplt structure contains a u64 target field. Currently, the BPF JIT allocat...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tpm: Do not start the chip while it is suspended. Checking TPMCHIPFLAGSUSPENSED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so it isn’t under RCU. Using skdstgetsk-dev could trigger a Use-After-Forgiving UAF error. Let’s use skdstget and dstdevrcu...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Driver Core: Fixed a potential deadlock in driverattach. In the driverattach function, there is also an AA deadlock issue, similar to the commit b232b02bf3c2 "Driver Core: Fix Deadlock in deviceattach". The stack trace is as...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for starting a call race against the destruction of the call occurred. The rxrpccall structure contains a timer used to handle various timed events related to calls. This timer can be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the net: phy section, phydev-devlink should be cleared when the device link is deleted. There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fixed the allocation of the cleanest CLOSID on platforms without monitors. Commit: 6eac36bb9eb0 “x86/resctrl: Allocate the cleanest CLOSID by searching for the CLOSID with the fewest dirty cache lines” Added logic th...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fixed a possible memory leak in tifm7xx1switchmedia If the deviceregister function returns an error in tifm7xx1switchmedia, the name of the kobject allocated by devsetname called during deviceadd may be leaked. Do not...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fixed an issue where accessing an array was done outside the bounds of the enum value. Accessing enums using integers resulted in accessing an array outside its bounds on platforms like aarch64, where...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: There is an issue with the correct reference to the devm device for the hidinput inputdevice name. The reference should be made to the HID device, not the input device, when allocating the inputdev name. Referring t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the gpio module, for cdev devices, it is necessary to ensure that the cdev file descriptor remains active before emitting events. When the fput function is finally called on a file descriptor, the release action may be delayed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfs: Check for deleted cursors when revalidating two btrees. The free space and inode btree repair functions will rebuild both btrees at the same time. After that, it is necessary to evaluate both btrees to confirm that the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Most: usb: hdmprobe: Fixed the call to putdevice before device initialization. The early error path in hdmprobe can lead to a call to errfreemdev before &mdev-dev has been initialized using deviceinitialize. Calling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed an out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlle...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: clk-imx8mn: fixed a memory leak in imx8mnclocksprobe. Use devmofiomap instead of ofiomap to automatically handle the unused ioremap regions. If any errors occur, the memory allocated by kzalloc may leak; however, usi...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a memory leak in rdsrecvmsg. Syzbot reported a memory leak in rds. The problem occurred when the reference count was not decremented in case of an error. The function rdsrecvmsgstruct socket sock, struct msghdr ms...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Makes rmwlock a rawspinlock. The following bug was triggered: ============================= Bug: Invalid wait context 6.12.0-rc2-XXX 406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock:...