Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not of the correct length, it should be properly detected, and attempts to treat the data as valid should be avoided...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Use skbsetlength to reset urb before resubmitting it. Syzbot points out that skbtrim has a sanity check on the existing length of the skb; this length might not be initialized in some error-prone situations. The...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal The devicedel function can cause new work to be scheduled in the gadget-workqueue. This issue is observed, for example, with the dwc3 driver, as follows: c devicedel...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb: cdns3 – Fix for use-after-free at workaround 2 BUG: KFENCE – Use-after-free in read operation at listdelentryvalid+0x10/0xac The code snippet is as follows: c cdns3wa2removeoldrequest … kfreeprivreq-request.buf;...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio – wait until IRQ finishes. After usbepqueue, if waitforcompletioninterruptible is interrupted, we need to wait until IRQ is completed. Otherwise, complete from epiocomplete can corrupt the stack...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Prevent race during ffsep0queuewait When performing fast composition switching, there is a possibility that the process of ffsep0write/ffsep0read may enter a race condition due to ep0req being freed from the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage. ============================================ WARNING: Possible recursive locking detected 5.18.0 3 No...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fixed the refcount leak bug In usbhsrza1hardwareinit, the offindnodebyname function will return a node pointer with the refcount incremented. We should use ofnodeput when the node pointer is no longer needed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fixed buffer overflow in the USB transport layer. There is a buffer overflow vulnerability in the USB 9pfs transport layer. In this case, inconsistencies in size validation between packet header parsing and actual data...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: r8152: fix resume reset deadlock The rtl8152 function can trigger a device reset during a reset process, which potentially leads to a deadlock. DPM device timeout after 10 seconds; 15 seconds until panic Call trace:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices The getmeterlevelsfromurb function parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel, and masterlevel in the struct...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fixed an issue where an uninitialized value was present in idmouseopen. In idmousecreateimage, if any ftipcommand fails, it will proceed to the reset label. However, this results in the data in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed deadlock issue when using the NCM gadget The cdns3 driver suffers from the same deadlock issue as fixed in cdnsp with the commit 58f2fcb3a845 „usb: cdnsp: Fixed deadlock issue during use of the NCM gadget”. Unde...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: fncm: Fixed UAF Use-After-Free in the ncm object after re-binding after a USB EP transport error When the ncm function is working, the usb0 interface is stopped due to a link failure. In this case, the ethstop functi...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the “disable” sysfs attribute. The show and store callback routines for the “disable” sysfs attribute in port.c acquire the device lock for the port’s parent hub. This can cause problems if another...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed a memory double-free issue when handling zero-length packets. Line 829: If request-complete, then: 830 – Unlock the lock of privdev. 831 – Called usbgadgetgivebackrequest&privep-endpoint, request. 833 – Lock the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the can:usb:etases58x module, the task of anchoring the urb data during the read bulk callback has been corrected. When submitting an urb using the anchoring mechanism, it must be anchored before submission. Otherwise, it coul...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use the new usbcontrolmsg routines. Automatic kernel fuzzing led to a WARN message regarding an invalid pipe direction in the mceusb driver: ------------ Cut here ------------ usb 6-1: BOGUS control dir, pipe...