Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fixed an oops in port-pm when calling uartchangepm Unloading a hardware-specific 8250 driver may cause an error “Unable to handle kernel paging request at virtual address” about ten seconds after unloading the drive...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: serial: 8250bcm7271: The leak in brcmuartprobe has been fixed. Smatch report: drivers/tty/serial/8250/8250bcm7271.c: Line 1120 of brcmuartprobe, warning: “‘baudmuxclk’ from clkprepareenable was not released”. The issue was fixed ...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fixed the direction of 0-length ioctl control messages The syzbot fuzzer identified a issue with the usbtmc driver: When a user sends an ioctl with a 0-length control transfer, the driver does not check whether the...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fixed a potential out-of-bound memory access issue. If xdbcbulkwrite fails, the values in ‘buf’ can be anything. Therefore, the string is not guaranteed to be NULL-terminated when xdbcTrace is called. Reserv...

Astra Linux - уязвимость в linux-5.10, linux

An incorrect read request flaw was detected in the Infrared Transceiver USB driver within the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could exploit this flaw to deplete system resources, resulting in a denial of service or potentially causing the...

Astra Linux – Vulnerability in grub2

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader improperly handles string conversions when reading information from a USB device, allowing an attacker to exploit inconsistencies in the length values. A local attacker can...

Astra Linux - уязвимость в chromium

Integer overflow in the USB component of Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300 – Fixed the return value check in mmcaddhost. If we ignore the return value of mmcaddhost, the memory allocated in mmcallochost may be leaked, leading to a kernel crash due to the removal of devices that were not...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uSerial: Added a null pointer check in gserialresume. Consider a scenario where gserialdisconnect has already cleared gser-ioport. If a wakeup interrupt is triggered later, gserialresume will be called, which will...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP that are affected may attempt integer additions on too narrow types, resulting in the allocation of a buffer that is too small to hold the written data. A malicious server can trick a FreeRDP-based client into readi...

Astra Linux - уязвимость в chromium

In Google Chrome versions prior to 88.0.4324.96, uninitialized usage in USB devices allowed a local attacker to potentially perform out-of-bound memory access through a USB device...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: The issue of a reference leak during lpspipreparexferhardware has been fixed. pmruntimegetsync will increment the pm usage counter even if the operation fails. Forgetting to replace this operation with...

Astra Linux - уязвимость в openssl1.0

The OpenSSL public API function X509issuerandserialhash attempts to generate a unique hash value based on the issuer and serial number data contained within an X509 certificate. However, it fails to properly handle any errors that may occur during the parsing of the issuer field—errors that could...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path In the probe function, if the serialconfig function fails, resources are being leaked. Add a resource handling mechanism to free up this memory...

Astra Linux - уязвимость в chromium

In the Blink Serial API in Google Chrome, a memory access out of bounds was allowed before version 97.0.4692.71. This allowed a remote attacker to perform a memory read through a crafted HTML page and a virtual serial port driver...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: Fixed the issue of NULL pointer dereferencing during the charger process. When the system is powered on using an OTG cable, the IDDIG interrupt occurs before the charger is registered. This can lead to...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbopen/close: fixed a memory leak. The gsusb driver appears to have a problem common to many USB CAN adapter drivers. It performs usballoccoherent to allocate a number of USB Request Blocks URBs for reception, and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer The driver’s probe allocates memory for the RX FIFO port-rxfifo based on the default RX FIFO depth, such as 16. Later, during serial initialization,...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.380810...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net:mctp: Fixed the device reference leak that occurred during probe failures. The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to ho...