Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoided format-overflow warnings With GCC and the W=1 option, there is a warning like this: fs/f2fs/compress.c: In the function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: Error: The ‘%u’ directive is writing 1 to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Sysv: Do not call sbbread with pointerlock held. syzbot reports sleep in atomic context in the SysV filesystem 1. For sbbread, the function is called with rwspinlock held. A bug involving a “deadlock due to...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Check for an error when searching for the parent of the backlight device. If the acpigetparent function called within acpivideodevregisterbacklight fails, for example, because acpiutacquiremutex fails inside...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabl...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: media: rkisp1: Fixed the race condition related to interrupt disable. In rkisp1ispstop and rkisp1csidisable, the driver masks the interrupts and then assumes that the interrupt handler will not be running. However, this is not...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ceph: fixed a deadlock or deadcode issue caused by misuse of dget. The lock order between denty and its parent is incorrect; we should always ensure that the parent gets the lock first. However, since this deadcode is never used,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling for TX CQE messages. For an unknown type of TX CQE error likely due to newer hardware, still free the SKB, update the queue tail, etc. Otherwise, the accounting data will be incorrect...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: smsc75xx: Fixed access to uninitvalue in smsc75xxreadreg syzbot reported the following issues with access to uninitvalue: ===================================================== BUG: KMSAN: uninitvalue in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcicodec: Fixed leaking content of localcodecs The following memory leak can be observed when the controller supports codecs that are stored in the localcodecs list, but the elements are never freed: Unreferenced...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: Serialize concurrent physetmodeext calls to shared registers The protocol converter configuration registers PCC8, PCCC, and PCCD implemented by the driver control protocol converters across multiple lanes each...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: nfc: fixed races in nfcllcpsockget and nfcllcpsockgetsn Sili Luo reported a race condition in nfcllcpsockget, which could lead to UAF Use-after-Allocation. The process of acquiring a reference to the socket found during a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fixed a NULL pointer issue in the channel unregistration function. The dmaasyncdevicechannelregister function may fail. In the event of a failure, chan-local is freed with freepercpu, and chan-local becomes null. When...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: HID: logitech-hidpp: Fixed a kernel crash when the USB connection is disconnected. The function hidppconnectevent experiences four times-of-check versus-time-of-use TOCTOU races when it races with itself. hidppconnectevent...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fixed a use-after-free in kvparsepowertable. When ps allocated by kzalloc equals NULL, kvparsepowertable frees adev-pm.dpm.ps that was allocated earlier. However, after the control flow proceeds through the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel before version 6.5.9, there is a NULL pointer dereferencing in the sendacknowledge function in net/nfc/nci/spi.c...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A race condition was detected in the QXL driver within the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle function. However, the handle is the only entity that holds a reference to qobj. This flaw allows an attacker to guess the val...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow. The buffer ‘afmtstatus’, which is sized 6, could overflow, as the index ‘afmtidx’ is checked after access...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fixed a use-after-free when attempting to register the uncore PMU. When we fail to register the uncore PMU, the PMU context may not be allocated. Handling this error will involve calling cpuhpstateremoveinstance, whic...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – A buffer overflow vulnerability may occur when reading coalesce info via debugfs. The hns3 driver defines an array of strings to store coalesce info. However, if the kernel introduces a new mode or state, a buffer...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...