Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use listfirstornullrcu instead of rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty -...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iouring/eventfd: Ensure that ioeventfdsignal delays another RCU period. The function ioeventfddosignal is invoked from an RCU callback. However, when the reference to ioevfd is dropped, it directly calls ioeventfdfree if the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Staging: media: max96712: Fixed a kernel oop when removing the module. The following kernel oop occurred when attempting to remove the max96712 module: Unable to handle the kernel paging request at the virtual address...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pps: Fixed a use-after-free On a board running with ntpd and gpsd, I’m encountering a consistent use-after-free in sysexit from gpsd during reboots: pps pps1: Removed ----------- - Cut here----------- kobject: "null"...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mac802154: A check for local interfaces should be performed before deleting the sdata list. Syzkaller reported a corrupted list in ieee802154ifremove. 1 A IEEE 802.15.4 network interface must be removed after unregistering a IEEE...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmarraycursorend: Fix to prevent releasing a faulty array block twice when using dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: calling inputfreedevice on the allocated iiodev The current implementation of at91tsregister calls inputfreedevice on st-tsinput. However, the err label can be reached before the allocated iiodev is stored to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition between element replacement and close. The element replacement with a socket that is different from the one stored may race with the close operation, where the link of the socket is popped...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed an issue where corrupted data was written to the “bad” history list, which could potentially corrupt trigger events. The following commands cause a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reference skb after sending it to VIOS. Previously, after successfully flushing the xmit buffer to VIOS, the txbytes stat was incremented by the length of the skb. It is invalid to access the skb memory after...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure that info-enable callback is always set. The ioctl and sysfs handlers call the -enable callback unconditionally. Not all drivers implement this callback, resulting in NULL dereferencing. Examples of affected drivers:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: ti: am65-cpsw: Fix for freeing the IRQ in am65cpswnussremove Txchns. When obtaining the IRQ, we use k3udmagluetxgetirq, which returns a negative error value if there is an error. Therefore, checking if the IRQ is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: Clearing aclaccess/acldefault after releasing them If the attempt to get acldefault fails, aclaccess and acldefault will be released simultaneously. However, aclaccess will still retain a pointer pointing to the released...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The neighnotify function can be called without RTNL or RCU protection. Use RCU protection to avoid potential Universal Atomic Faults UAF...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fixed a Use-after-Free error in dm9000drvremove. dm is private data for netdev, and it cannot be used after the freenetdev call. Using dm after freenetdev can cause a Use-after-Free bug. This issue was fixed by movi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure that the job pointer is set to NULL after the job completes. After a job is completed, the corresponding pointer in the device must be set to NULL. Failure to do this will trigger a warning when unloading the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ceph: Stopping functions that attempt paths longer than PATHMAX If the full path to be built by cephmdscbuildpath is longer than PATHMAX, this function will enter an endless loop, effectively blocking the entire task. Most of the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the receive ring space parameters when XDP is active. The MTU setting at the time a XDP multi-buffer is attached determines whether the aggregation ring will be used and the rxskbfunc handler. This is done in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: fixed an integer overflow in BLKSECDISCARD I independently rediscovered this issue. The related commits are: commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fixed the overflow in blkioctldiscard However, the same...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: uvc: Fixed a dereference of ERRPTR in uvcv4l2.c. Fixed the potential dereference of ERRPTR in findformatbypix and uvcv4l2enumformat. Also, fixed the following matching errors:...