Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, there was a race in the serial channel IRP thread tracking that allowed for a heap use-after-free condition, where one thread removed an entry from serial-IrpThreads while another read it. This vulnerability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out-of-bounds read of the serial number. On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across different devices. It always remains the same:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for ‘phys’ handle. When passing ‘phys’ in the device tree to describe the USB PHY handle which is the recommended approach according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: spi: Fix for null dereference during suspension There exists a race condition where a synchronous noqueue transfer can remain active during system suspension. This can lead to a null pointer dereference exception when the system...

Astra Linux – Vulnerability in Chromium

The use of after-free in the Serial mechanism in Google Chrome before version 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: 8250omap: Implementation of Errata i2310 According to Errata i23100, an erroneous timeout can be triggered if this erroneous interrupt is not cleared. This could lead to a surge in interrupts. Therefore, the Errata i2310...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: fixed the potential NULL pointer dereferencing on udev-serial. The driver assumed that es58xdev-udev-serial could never be NULL. While this is true for commercially available devices, an attacker could spoof the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: serial: jsm: fixed a NPE during jsmuartportinit No device was set that could cause serialbasectrladd to crash. BUG: Kernel NULL pointer dereferencing, address: 0000000000000050 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 16 UID: 0 PID...

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: zr364xx: fixed a memory leak in zr364xxstartreadpipe syzbot reported a memory leak in the zr364xx driver. The issue occurred when non-free urb occurred in case of a failure in usbsubmiturb. Backtrace: kmalloc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fixed a NULL pointer dereferencing in -remove. The drvdata parameter must be set in probe; otherwise, platformgetdrvdata causes a NULL pointer dereferencing bug in remove...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek – properly checking the endpoint type Syzbot reported a warning in usbsubmiturb, which is caused by an incorrect endpoint type. There was a check for the number of endpoints, but not for the type of endpoints. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work when closing a MIDI substream When closing a USB MIDI output substream, there may still be pending work. This work would eventually access the rawmidi runtime object that is being released. To...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fixed PM usagecount for console handover When the console is enabled, univ8250consolesetup calls serial8250consolesetup before .dev is set to uartport. As a result, pmruntimegetsync will not be called. Later, when t...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel version up to 6.1.9, there is a use-after-free issue in the bigbenremove function within the drivers/hid/hid-bigbenff.c file, caused by a crafted USB device. This issue arises because the LED controllers remain registered for an excessively long period of time...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: USB: Fixed an error in the warning message for incorrect direction handling in plusb.c. The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was incorrectly treated as a read...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc2: Fixed a device leak in hwenable upon suspend/resume. Every time the platform enters low power mode, the PM suspend/resume routines call dwc2lowlevelhwenable - devmaddactionorreset. This adds a new device entry each...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue of delayed ACKs was fixed, so that the reference serial number is no longer set. The construction of delayed ACKs was corrected to ensure that the reference serial number is not set, as it cannot be used as a...