Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbxmitcallback: fixed the handling of failed transmitted URBs. The driver lacks the necessary cleanup steps after failed transfers of URBs. This results in one fewer available URB per error. This leads to reduced...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace listforeachentrysafe if using giveback The listforeachentrysafe macro saves the current item n and the item after n+1, so that n can be safely removed without corrupting the list. However, when traversi...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fixed a null pointer dereference in the trace function. ucsiregisteraltmode checks if ISERR is true for the alt pointer and treats NULL as valid. When CONFIGTYPECDPALTMODE is not enabled, ucsiregisterdisplayport...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Releasing resources at card release The current 6fire code attempts to release resources immediately after calling usb6firechipabort. However, at this point, the card object might still be in use since we are calling...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: m920x: A potential memory leak has been fixed in m920xi2cxfer. The “read” function is freed when it is determined to be NULL, but this does not happen when a read error occurs. The logic has been revised to avoid ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: sl811 – A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must also call dput on it; otherwise, a memory leak will occur over time. To simplify things, simply call debugfslookupandremove,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xhci: Handling of TD clearing for multiple streams When multiple streams are in use, multiple TDs might be active during the termination of an endpoint. We need to issue a Set TR Dequeue Pointer for each TD to ensure everything i...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Affected versions of FreeRDP lack input validation in the urbdrc channel. A malicious server can trick a FreeRDP-based client into crashing due to a division by zero. This issue has been addressed in version 2.9.0. All users are advise...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a missing error check to scarlett2usbsetconfig. The scarlett2usbsetconfig function calls scarlett2usbget, but did not check the result. If this function fails, an error is returned instead of continuing wit...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP lack input length validation in the urbdrc channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been addressed in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: Fixed an issue where shared HCD resources were leaked when attempting to set the wake-up IRQ. The issue occurred because it was not possible to set @sharedhcd to NULL before reducing the usage count via usbputhcd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: An error occurred in usbsubmiturb, causing the URB to be unanchored before it is processed by gsusbreceivebulkcallback, thereby preventing a memory leak during cleanup. In commit 7352e1d5932a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “usb: typec: ucsi: add a common function ucsiunregisterconnectors”. The recent commit 87d0e2f41b8c “usb: typec: ucsi: add a common function ucsiunregisterconnectors” introduced a regression that caused NULL dereferencing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc3-am62: Fixed the behavior of module unloading and reloading. When runtime PM is enabled, the module can be suspended during runtime when the .remove method is called. Call pmruntimegetsync to ensure that the module is...

Astra Linux – Vulnerability in Linux 5.15, Linux

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndissetresponse If “BufOffset” is very large, the operation “BufOffset + 8” may lead to an integer overflow...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Proper initialization of the struct pn533outarg structure. The struct pn533outarg, which serves as a temporary context for outurb, is not initialized properly. Its uninitialized ‘phy’ field can be dereferenced in erro...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in the port.c file: the disablestore function may return NULL if the hub to which the port belongs is removed concurrently...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fixed a memory leak in dvbusbadapterinit. Syzbot reported a memory leak in “dvbusbadapterinit.” The leak occurs because the current iteration’s adapter-priv is not freed in case of an error. Currently, if an error...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed race between aiocancel and AIO request complete FFS-based applications can utilize the aiocancel callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application...