Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed the issue of duplicate endpoints by clearing the reserved bits in the descriptor. Syzbot has identified a bug in usbcore see the Closes tag below. The bug is caused by our assumption that the reserved bits in the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: core: Remove the lock of the OTG mode during gadget suspension/resumption to avoid deadlock. When the CONFIGUSBDWC3DUALROLE configuration is selected, and the system is triggered to enter suspension using the following...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Do not free the command immediately Do not release the command prematurely. Wait for the status completion of the sense status. The command can then be released. Otherwise, we will perform a double-release of t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fixed a stack-out-of-bounds read in usbcheckintendpoints Syzbot1 identified a stack-out-of-bounds read of the epaddr array from the hid-thrustmaster driver. This array is passed to the usbcheckintendpoints...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: The issue was that can: ucan: introduced an out-of-bound read in the strscpy function’s source code. Commit 7fdaf8966aae “can: ucan: use strscpy instead of strncpy” inadvertently resulted in an out-of-bound read of one byte from...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpudmhdcp.c copies pointers to amdgpudmconnector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs ISERR bug The qmpusbiomap helper function currently returns the raw result of devmioremap for non-exclusive mappings. Since devmioremap may return a NULL pointer, and the caller only checks error...

Astra Linux – Vulnerability in Qemu

A vulnerability related to out-of-bounds read/write access was discovered in the USB emulator of QEMU in versions prior to 5.2.0. This issue occurs during the processing of USB packets from a guest, when the value of USBDevice’s ‘setuplen’ exceeds the value of ‘databuf4096’ in the dotokenin and...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fixed out-of-bounds accesses in RX fixup The ax88179rxfixup function contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device. Specifically: - The metadata array...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Video: fbdev: smscufx: Fixed null-ptr-deref in ufxusbprobe I received a report of a null-ptr-deref issue: Bug: NULL pointer dereferencing in the kernel; address: 0000000000000000 … RIP: 0010:fbdestroymodelist+0x38/0x100 … Call...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Drivers: USB: Host: Fixed a deadlock in oxubussuspend There is a deadlock in oxubussuspend, as shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | Wait for a while ... | oxuwatchdog...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xxudc: Fixed the refcount leak in lpc32xxudcprobe. The ofparsephandle function returns a node pointer with the refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb:dwc2: Fixed a memory leak in dwc2hcdinit The usbcreatehcd function allocates memory for the hcd structure. We should call usbputhcd to free that memory when platformgetresource fails, thereby preventing the memory leak. To fi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Error handling was added in xhcimapurbfordma. Currently, xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. However, if kzallocnode fails, the call to sgpcopytobuffer may lead ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Use the correct buffer size when parsing configfs lists This commit fixes the support for the uvc gadget on 32-bit platforms. The commit 0df28607c5cb “usb: gadget: uvc: Generalize helper functions for reuse”...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fixed potential NULL pointer dereferencing in ncmbitrate In Google’s internal bug report 265639009, we received a crash report from a aarch64 GKI 5.10.149-android13 running device. This report is currently...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: Check the packet for fixup for true limits. If a device sends a packet that lies between 0 and sizeofu64, the value passed to skbtrim as the packet length will wrap around, resulting in a very large value. The driver...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Added a NULL check for “date-evtskb”. Fixed crashes due to NULL pointers. 6104.969662 BUG: NULL pointer dereferencing in the kernel; address: 00000000000000c8 6104.969667 PF: Supervisor read access in kernel...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fixed a possible NULL pointer dereferencing caused by driver concurrency. In dwc2hcdurbenqueue, the statement “urb-hcpriv = NULL” is executed without holding the lock “hsotg-lock”. In dwc2hcdurbdequeue: c...