Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, do not attempt to use it; instead, return an error as if you should pass an error code. Coverity CID: 1503456...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed a possible NULL pointer dereferencing in mt7915macfillrxvector. Fixed a possible NULL pointer dereferencing in mt7915macfillrxvector if the chip does not support dbdc and the hardware reports bandidx set to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcprtodeltaus We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcprearmrto. Initially hittin...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83793 Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a temporary value that satisfies the following conditions: tmp & 0x08 && !tmp & 0x80 && tmp & 0x7 == tmp 4 & 0x7 from...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed NULL pointer dereferencing in VSI filter synchronization. The issue of NULL pointer dereferencing in sync VSI filters has been eliminated. A new I40EVSIRELEASING flag was added to indicate the deletion and release of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Fixed NULL pointer dereferencing caused by uninitialized group-iommufd. group-iommufd is not initialized for the iommufdctxput function. 20018.331541 BUG: NULL pointer dereferencing in the kernel, address: 00000000000000...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: dwhdmi: fixed connector access for scdc The commit 5d844091f237 “drm/scdc-helper: Pimp SCDC debugs” changed the scdc interface to retrieve an i2c adapter from a connector. However, in the case of dwhdmi, the wrong...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssgprueth: Fixed NULL pointer dereferencing in pruethprobe. In the pruethprobe function, if one of the calls to emacPhyConnect fails because of ofPhyConnect returning NULL, then the subsequent call to phyattachedinfo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libbpf: Null-pointer dereferencing is prevented when the program to be loaded does not have a BTF. In bpfobjecloadprog, there is no guarantee that obj-btf is not NULL when it is passed to btffd. This function does not perform any...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - aio: Fixed the dereferencing of a null pointer in aiocomplete’s wakeup routine. - listdelinitcareful must be the last access to the wait queue entry; this effectively unlocks access to the queue. Previously, finishwait would...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor the bind path to use free After a bind/unbind cycle, the acm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereferencing in steamrecv,sendreport It is possible for a malicious device to fail to submit a Feature Report. The HID Steam driver currently does not handle this situation and dereferences the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for ‘phys’ handle. When passing ‘phys’ in the device tree to describe the USB PHY handle which is the recommended approach according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the NULL pointer issue in bufferfuncs. If SDMA block is not enabled, bufferfuncs will not be initialized. Fixing this issue ensures that the NULL pointer issue is addressed when bufferfuncs is not initialized...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: A possible null-ptr-deref issue has been fixed in cadencenanddtprobe. This issue could lead to a null-ptr-deref when using ‘res’. If platformgetresource returns NULL, moving using ‘res’ after...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: Wait until all skuserdata readers are finished before releasing the sock. There is a race condition in vxlan where, when deleting a vxlan device during packet reception, there is a possibility that the sock is release...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: A crash occurred during the disabling of turbo mode. When the system is booted with the kernel command line arguments “nosmt” or “maxcpus” to limit the number of CPUs, disabling turbo mode by executing: echo...

Astra Linux – Vulnerability in Qemu

A NULL pointer dereference flaw was discovered in the am53c974 SCSI host bus adapter emulation in QEMU in versions prior to 6.0.0. This issue occurs when handling the “Information Transfer” command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: Fix for suspending with Xen PV The commit f1e525009493 “x86/boot: Skip realmode init code when running as Xen PV guest” missed one code path that accessed the realmodeheader. This led to a situation where a NULL pointer was...

Astra Linux – Vulnerability in Harfbuzz

HarfBuzz is a text shaping engine. Prior to version 12.3.0, there was a null pointer dereference vulnerability in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check whether hbmalloc returns NULL before using placement new to construct an...