Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as the host, that the gadgetgiveback function appends one byte to the end of a properly...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets When connecting to a Linux host with CDCNCMNTBDEFSIZETX set to 65536, it was observed that we receive short packets, which sometimes occur at intervals of 5–10 seconds...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed a possible NULL pointer dereferencing in sndusbpcmhasfixedrate. The argument of the subs function may be NULL; therefore, do not use it before a NULL check...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing the ENDXFER command. Currently, for all controller IP/versions except DWC3usb3 = 310a, a 1ms wait is required unconditionally for the completion of ENDXFER when the IOC is not set. Th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible for this issue to occur when the mass storage function tries to queue requests from the main thread. However, other threads may already disable the endpoint when the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fixed a memory leak in dwc3qcominterconnectinit. In the alloc Resources for path handle function of oficcget, resources should be released when they are no longer needed. This should be done similarly in the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented; therefore, it needs to be decremented to prevent the options structure from being permanently locke...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: isdn: mISDN: hfcsusb: fixed a memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. This issue was addressed by freeing the urb before freeing th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uaudio: Fixed a race condition related to the use of controls after freeing resources during the gadget unbinding process. It is recommended to use control IDs instead of pointers, as these are handled correctly usin...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb:dwc2: check return value after calling platformgetresource This issue could lead to a null-ptr-deref error if platformgetresource returns NULL. Therefore, we need to check the return value...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Avoid reading uninitialized memory in ath9khtcrxmsg. syzbot reports that the uninitialized value is accessed at ath9khtcrxmsg. For ioctlUSBRAWIOCTLEPWRITE, the function ath9khifusbrxstream may call ath9khtcrxmsg with...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fixed a memory leak in nfcmrvlplaydeferred. Similar to the handling of playdeferred in commit 19cfe912c37b “Bluetooth: btusb: Fixed a memory leak in playdeferred”, we thought a patch might be necessary here as well...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fixed NULL fb and crtc dereferences on USB disconnection. When the connection is disconnected, the function drmatomichelperdisableall is called, which sets both the fb and crtc for a plane to NULL before performing the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since the commit c49cfa917025 “USB: serial: use generic method if no alternative is provided in the USB serial layer”, the USB serial core calls the generic resume implementation when the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: etases58x: allows partial RX URB allocation to succeed. When es58xallocrxurbs fails to allocate the requested number of URs, but manages to allocate some of them, it returns an error code. This causes es58xopen to return early,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: udc: fix use-after-free in usbgadgetstatework A race condition during the gadget teardown can lead to a use-after-free in usbgadgetstatework, as reported by KASAN: - BUG: KASAN: invalid-access in sysfs...

Astra Linux – Vulnerability in Qemu

In QEMU 5.0.0, the file hw/usb/hcd-ohci.c contains a stack-based buffer over-read issue, caused by values obtained from the host controller driver...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fixed a potential out-of-bounds error in ucsiccgupdatesetnewcamcmd The "cmd" variable can be controlled by the user via debugfs. This means that "newcam" can be as high as 255, while the size of the uc-updated array i...

Astra Linux – Vulnerability in Linux, Linux 5.10

A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: Do not assume adequate headroom for SDIO headers The function mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr. Both functions blindly assume that adequate headroom will be available...