Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed a NULL pointer dereference in sndusbmixercontrolsbadd In sndusbcreatestreams, for UAC version 3 devices, the Interface Association Descriptor IAD is retrieved via usbifnumtoif. If this call fails, a fallbac...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: Check actuallength before accessing the header. The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostfram...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed an out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlle...

Astra Linux – Vulnerability in Qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asixreadphyaddr. A malicious or faulty device may return an invalid address = PHYMAXADDR, which causes a warning in...

Astra Linux – Vulnerability in Linux, Linux 5.10

The function usb8devstartxmit in the file drivers/net/can/usb/usb8dev.c within the Linux kernel, up to version 5.17.1, contains a double-free...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “phy: qcom-qmp-combo: fix NULL-deref on runtime resume” The commit with ID fc64623637da “phy: qcom-qmp-combo,usb: add support for separate PCSUSB region” began treating the PCSUSB registers as potentially separate from the PCS...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platformgetresource This vulnerability could lead to a null-ptr-deref error if platformgetresource returns NULL. Therefore, we need to check the return value of this function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don’t skip on “Stopped – Length Invalid” events. Until the commit d56b0b2ab142 “usb: xhci: ensure skipped isochronous TDs are returned when the isochronous ring is stopped” in v6.11, the driver did not skip missed...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: MIPS: Cavium-Octeon: The issue of missing nodeput in octeon2usbclocksstart has been fixed. We should call nodeput for the reference uctlnode returned by ofgetparent, as this will increase the refcount. Otherwise, there will be a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Added locks for usbdriverclaiminterface The documentation for usbdriverclaiminterface states that “the device lock” is required when this function is called from locations other than probe. This seems ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtlsetuprealtek If a USB dongle is inserted whose chip is not maintained in the icidtable, it will lead to a NULL access. Adding a NULL check can prevent Kernel Oops...

Astra Linux – Vulnerability in Linux 5.15, Linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Verify that the expected usbendpoints are present. This bug occurs when a USB device claims to be an ATH9K device, but it does not have the expected endpoints. In this case, there was an interrupt endpoint, and the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the requirement that devices managed by PME polling must be in the RPMACTIVE state. The fix notes that devices managed by runtime PM need to be in the RPMACTIVE state for PME polling. In fact, only devices in low-power...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: UVC: Prevent buffer overflow in setup handler The uvcfunctionsetup function allows control transfers with a payload of up to 64 bytes UVCMAXREQUESTSIZE. The data stage handler for OUT transfers uses memcpy to copy th...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the drivers/usb/gadget/composite.c file within the Linux kernel before version 5.16.10. The USB Gadget subsystem lacks certain validations for interface OS descriptor requests those with a large array index and those associated with NULL function pointer retrieval. Memor...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential memory leaks at the error handling path for UMP operations. The allocation and initialization errors in allocmidiurbs, which occur when the function is called during MIDI 2.0/UMP device operations...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, the phy device will be assigned to the usb-phy device, and the port device driver will be used as the dev driver for usb-phy. When we attempt to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget In the cdnspgadgetinit and cdnspgadgetexit functions, the gadget structure pdev-gadget was freed before its endpoints. The endpoints are...