6174 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers both sdio and spi, which can lead to kernel panic. For example, this issue occurs when using SPI:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in the uartttyportshutdown function, under the spin lock. However, the PM or other timer-based callbacks may still trigger after thi...
Astra Linux – Vulnerability in Linux 6.1
A issue was discovered in the Linux kernel through version 6.0.9. In the file drivers/char/xillybus/xillyusb.c, there is a race condition and a use-after-free during the physical removal of a USB device...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since the commit c49cfa917025 “USB: serial: use generic method if no alternative is provided in the USB serial layer”, the USB serial core calls the generic resume implementation when the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fixed a flaw in existing endpoint checks Syzbot once again identified a flaw in USB endpoint checking. See 1. This time, the issue stems from a commit authored by me 2eabb655a968 “usb: atm: cxacru: fix endpoint...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There might be pending USR interrupts before requesting the IRQ. However, the uartaddoneport function has not been executed, which could lead to a kernel panic. 0.79566...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fixed a memory leak in s3c24xxSerialGetClk, when iterating clk. When searching for the best clk, we iterate over all possible values of clk. If we find a better match, the previously found value if any...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fixed a memory leak in uss720probe. uss720probe forgets to decrease the refcount of usbdev in uss720probe. This issue is fixed by decreasing the refcount of usbdev using usbputdev. BUG: Memory leak Unreferenced objec...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free of the addlock mutex Commit 6098475d4cb4 “spi: Fixed a deadlock when adding SPI controllers on SPI buses” introduced a per-controller mutex. However, the mutexunlock call for that lock occurs after the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding a lock. This allows the IRQ handler to check whether a transfer is in progress. When clearing the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fixed a memory leak in s3c24xxSerialGetClk in case of an error. If clkgetrate fails, the clock that has just been allocated needs to be freed...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Fixed a race condition by not overwriting udev-descriptor in hubportinit. Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: Out-of-bounds reading in readdescriptors+0x263/0x280,...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: serial: core: Fixed the issue where the transmit-buffer was not freed after closing the serial port. The commit 761ed4a94582 “tty: serialcore: changed uartclose to use ttyportclose” converted the serial core to use ttyportclos...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: wilc1000: Prevent use-after-free in wilcnetdevcleanup when cleaning up all interfaces. wilcnetdevcleanup currently triggers a KASAN warning. This can be observed during the interface registration process, or by simply...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Do not skip resource freeing if pmruntimeresumeandget fails. Returning an error code from .remove causes the driver core to emit a rather useless error message: remove callback returned a non-zero value. This...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250port: Check IRQ data before use If the leaf driver wishes to use IRQ polling irq = 0, and the IIR register indicates that an interrupt occurred in the 8250 hardware, the IRQ data can be NULL. In such cases, we need to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: serial: max310x: Fixed a NULL pointer dereferencing issue during I2C instantiation. When attempting to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice we encounter the followi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
KGDB and KDB allow read and write access to kernel memory, and therefore should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger, so it is important that the debugger respects the lockdown mode when/if it is triggered. CVSS 3.1 Base Score: 6.7...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: Converted the raw to noinc versions of regmap functions for FIFO operations. The SC16IS7XX IC supports a burst mode for accessing FIFOs, where the initial register address is sent first $00$, followed by all th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: serial: liteuart: fix minor-number leak on probe errors Be sure to release the allocated minor number before returning on probe errors...