Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the delayed allocation of a cell’s anonymous key. The allocation of a cell’s anonymous key is performed in a background thread, along with other cell-related operations such as making DNS calls. In the reported bug, th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: mcp-2221 – prevented UAF in delayed work. If the device is plugged/unplugged without giving time for mcpinitwork to complete, we might trigger the devm free code path, resulting in an unavailable struct mcp2221 during delaye...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: added flushworkqueue to prevent UAF. Our detector identified a bug caused by concurrent use-after-free when detaching a NCI device. The main reason for this bug is the unexpected scheduling between the delayed mechanism...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: The double-free operation in dvbregisterdevice has been fixed. In the function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, the dvb-entity is allocated and initialized. If the initialization...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: fixed uninit-value in copyname Bug reported by syzbot BUG: KMSAN: uninit-value in sizedstrscpy+0xc4/0x160 sizedstrscpy+0xc4/0x160 copyname+0x2af/0x320 fs/hfsplus/xattr.c:411 hfspluslistxattr+0x11e9/0x1a50...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitize numphys Information is stored in mrsasport-phymask. Values that are larger than the size of this field should not be allowed...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

A flaw was discovered in the ATA over Ethernet AoE driver within the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt field of the struct netdevice structure. A use-after-free condition may occur due to concurrent operations between the update of the refcnt and accesses...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A vulnerability, classified as critical, has been discovered in the Linux kernel. The affected component is the deltimer function in the file drivers/isdn/mISDN/l1oipcore.c of the Bluetooth module. This vulnerability allows for manipulation leading to memory deallocation after it has been freed. ...

Astra Linux – Vulnerability in Linux 5.10

A vulnerability has been discovered in the Linux kernel. It has been rated as problematic. The affected component is the sessfreebuffer function in the fs/cifs/sess.c file of the CIFS Handler module. This vulnerability can lead to double-free operations. It is recommended that patches be applied ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free vulnerability exists in the Linux kernel’s net/sched: schqfq component, which can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers a use-after-free in qfqdequeue, due to the incorrect .pe...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: Battery: Fixed a possible crash that occurred when unregistering a battery hook. When a battery hook returns an error during the addition of a new battery, the battery hook is automatically unregistered. However, the batter...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent a jump to NULL for the addsidecar callback In the createsdwdailink function, it is checked that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: fixed a race condition between delayedwork and cephmoncstop The way delayed work is handled in cephmoncstop is prone to races with monfault, and possibly also finishhunting. Both of these can requeue the delayed work,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden the getcpuforacpiid function to prevent errors when a missing CPU entry is used. During a review discussion of the changes to support vCPU hotplug, it was noted that a check was added to ensure the GICC Global...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfc: nfcmrvl: Fixed a potential memory leak in nfcmrvli2cncisend The nfcmrvli2cncisend function will be called by nfcmrvlncisend. In nfcmrvli2cncisend, the skb object should be freed. However, nfcmrvlncisend will only free the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid potential panic during recovery. During recovery, if FAULTBLOCK is enabled, it is possible that f2fsreservenewblock will return -ENOSPC during recovery, which may trigger a panic. Additionally, if the faul...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Added a NULL check in aplncoprobe. A NULL check was added in aplncoprobe to handle the kernel’s NULL pointer dereferencing error...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel crashed during suspension if ath11k could not find the board file: 473.693286 PM: Suspending system s2idle 473.693291 printk: Suspendi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds The shift operation on the ‘exp’ and ‘shift’ variables exceeds the maximum number of shift values in the u32 range, resulting in a UBSAN shift-out-of-bounds error. … 6.120512 UBSAN:...