Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fixed a memory double-free issue when handling zero-length packets. Line 829: If request-complete, then: 830 – Unlock the lock of privdev. 831 – Called usbgadgetgivebackrequest&privep-endpoint, request. 833 – Lock the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the can:usb:etases58x module, the task of anchoring the urb data during the read bulk callback has been corrected. When submitting an urb using the anchoring mechanism, it must be anchored before submission. Otherwise, it coul...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use the new usbcontrolmsg routines. Automatic kernel fuzzing led to a WARN message regarding an invalid pipe direction in the mceusb driver: ------------ Cut here ------------ usb 6-1: BOGUS control dir, pipe...

Astra Linux – Vulnerability in Linux 5.10, Linux

The file drivers/usb/gadget/legacy/inode.c in the Linux kernel, up to version 5.16.8, improperly handles the release of dev-buf...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fixed a NULL pointer dereferencing in ucsiconnectorchange. When ucsiinit fails, ucsi-connector is NULL. However, in the case of ucsiacpi, we may still receive events that cause the ucsacpi code to call...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor the bind path to use free After a bind/unbind cycle, the acm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor the bind path to use free After a bind/unbind cycle, the ecm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor the bind path to use free After a bind/unbind cycle, the ncm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Refactor the bind path to use free After a bind/unbind cycle, the rndis-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This lead...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: A bug that causes a division-by-zero error in the isd200atacommand function has been fixed. The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch, and at the same time, ffsepfilerelease is called from the user space. ffsepfilerelea...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: hifusb: Clean up skbs if ath9khifusbrxstream fails Syzkaller detected a memory leak of skbs in ath9khifusbrxstream. While processing skbs in ath9khifusbrxstream, the already allocated skbs in skbpool are not freed if...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fixed a reference count leak in stubprobe The usbgetdev function is called in stubdevicealloc. When stubprobe fails, usbputdev must be called to release the reference. This issue was fixed by moving usbputdev into the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: usb-storage: alauda: Fixed the uninit-value issue in alaudacheckmedia. Syzbot reported that KMSAN complained about accessing an uninitialized value within the alauda subdriver of usb-storage. Bug: KMSAN: uninit-value in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Removed useless locks from usbtvvideofree. The lock-related code in usbtvvideofree is now unnecessary and may cause a deadlock, as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: Initialize the MAC header offset in qmimuxrxfixup Raw IP packets do not have a MAC header, resulting in skb-macheader being uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: do not allow userspace to block driver unbind In the unbind callback for fuac1 and fuac2, a call to sndcardfree via gaudiocleanup will disconnect the card and then wait for all resources to be released, which...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: cxusb: No longer judges rbuf when the write fails syzbot reported a uninit-value in cxusbi2cxfer. Only when the write operation of usbbulkmsg in dvbusbgenericrw succeeds and rlen is greater than 0, the read operation of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Ignoring non-compliant devices with too many configurations or interfaces Robert Morris created a test program that can cause usbhubtostructhub to dereference a NULL or inappropriate pointer. Oops: General Protection...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the hsofreenetdevice function in drivers/net/usb/hso.c calls unregisternetdev from version 5.13.4 onwards, without checking the NETREGREGISTERED status. This leads to a use-after-free and a double-free...