Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k: Fixed the registration of a 6Ghz-only physical interface without the full channel range. Due to what appears to be a typographical error, the 6Ghz-only physical interface for which the BDF does not allow the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw88: Fixed an alignment fault in rtwcoreenablebeacon. The rtwcoreenablebeacon function reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems. Instead, only 1 byte of data is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations. The internal registration helper function dpllxarefdpll,pinadd has been modified to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multipl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: fixed a data race with the pwq-stats increment KCSAN has identified a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-ra...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: A missing clkdisableunprepare call was added to intelethpciremove. The commit 09f012e64e4b “stmmac: intel: Fix clock handling on error and remove paths” removed this clkdisableunprepare call. This issue was partial...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed the handling of large file sizes in NFSv3 SETATTR/CREATE procedures. iattr::iasize is a lofft type; therefore, these NFSv3 procedures must be careful to handle incoming client size values that are larger than s64ma...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: “sh: push-switch: Reorder cleanup operations to avoid use-after-free bug” The original code placed “flushwork” before “timershutdownsync” in “switchdrvremove”. Although we use “flushwork” to stop the worker, it could be reschedul...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fixed a memory leak in limaheapalloc. When limavmmapbo fails, the resources need to be deallocated; otherwise, there will be memory leaks...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: irtoy: fix a memleak in irtoytx. When irtoycommand fails, the buffer should be freed, as it is allocated by irtoytx; otherwise, there may be a memleak...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: The read pointer is updated only after the buffer has been written. Within mhiepringaddelement, the read pointer rdoffset is updated before the buffer is written. This may lead to race conditions, where the host see...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Fixed out-of-bounds memory read access in KUnit tests wmfw info KASAN reported an out-of-bounds access – csdspmockwmfwaddinfo, because the length of the source string was rounded up to the allocation size...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed an oops in write-retry due to accidentally resetting the subreq iterator. Fixed the resetting of the subrequest iterator in netfsretrywritestream, by using the iterator-reset function, as the iterator might have...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Fixed the issue of dereferencing an uninitialized error pointer. Fixed the warnings related to smatch. drivers/crypto/ccp/sev-dev.c:1312 sevplatforminitlocked Error: We previously assumed that ‘error’ could be null...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fixed a deadlock in drmschedentitykilljobscb The Mesa issue mentioned above identified a possible deadlock scenario: 1231.611031 Possible interrupt-unsafe locking scenario: 1231.611033 CPU0 CPU1 1231.611034 ---- ----...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: A potential memory leak was fixed by cleaning the opsfilter variable in damonDestroyScheme. Currently, damonDestroyScheme only cleans up the filter list but leaves opsfilter untouched. This could lead to memory lea...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: skb: Fixed the cross-cache free of KFENCE-alocated skb heads. The value of SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g., 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validating UAC3 power domain descriptors as well. The UAC3 power domain descriptors also need to be verified using their variable bLength, in order to avoid unexpected OOB access attempts by malicious firmware...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/userevents: Ensure that the write index cannot be negative. The write index indicates which event the data corresponds to and accesses a per-file array. This index is passed by user processes during write calls as the fir...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Update lastgc only when garbage collection GC has been performed. Currently, lastgc is updated every time a new connection is tracked. This means it is updated even if no garbage collection was performed...