Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel before version 5.13.6, the drivers/usb/host/max3421-hcd.c file allowed physically nearby attackers to cause a denial of service including use-after-free errors and panic conditions by removing a MAX-3421 USB device under certain circumstances...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two distinctly different samples of NEC uPD720200 one with a start/stop bug, one without it were observed to cause IOMMU faults after some “Missed Service Errors”. Th...

Astra Linux – Vulnerability in Qemu

QEMU 5.0.0 has a use-after-free issue in the hw/usb/hcd-xhci.c file, as the return value of usbpacketmap is not checked...

Astra Linux – Vulnerability in Qemu

In QEMU 5.0.0, the hw/usb/hcd-ohci.c file contains an infinite loop when a TD list has a loop...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usbstringcopy The string ‘s’ provided by the user space could easily have a length of zero. If this is left unchecked, it will first result in an OOB read in the form of if str0 - ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix for the warning when handling the discoveridentity message Since both the source and sink devices can send the discoveridentity message in PD3, the kernel may display a warning. ------------ Cut here ---...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdceem: Fix for the “tx fixupskb leak” issue. When usbnet transmit sends a skb, it is handled in eemtxfixup. If skbcopyexpand fails, it returns NULL. In this case, usbnetstartxmit has no chance to free the original skb. The...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, causing the system to send a specially crafted response to APDUs. The following issues were caused by insufficient control over the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb-storage: alauda: Check whether the media is initialized. The member “uzonesize” of the struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing division errors in alaudareaddata and alaudawritelba. - A...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep, and we might be referring to a non-existent ep, triggering a NULL pointer exception. In certain configurations, we might use few...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource This vulnerability could lead to a null-ptr-deref issue if platformgetresource returns NULL. Therefore, we need to check the return value...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ath9k: Fixed a use-after-free in ath9khifusbrxcb. Syzbot reported a use-after-free during the Read operation in ath9khifusbrxcb. The problem arose from incorrect initialization of htchandle-drvpriv. A likely call stack that...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: feem: Fixed a memory leak in eemunwrap. The existing code did not handle the failure case of usbepqueue in the command path, potentially leading to memory leaks. Improved error handling to free all allocated...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Deadlock issue fixed This patch introduces the ucsiconmutexlock and ucsiconmutexunlock functions to the UCSI driver. The ucsiconmutexlock function ensures that the connector mutex is only locked if ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fixed the null-ptr-deref in anyseemasterxfer. In anyseemasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fixed the issue where the reference count of the platform device was checked during the error path. The probe function never performs any platform device allocation. Therefore, the error path “undoplatformdevalloc”...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver fails to populate the ndochangemtu function, allowing for a buffer overflow. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The onl...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: USB: gadget: Fixed the memory leak in the rawgadget driver. Currently, increasing rawdev-count occurs before invoking rawqueueevent. If rawqueueevent returns an error, invoking rawrelease will not trigger devfree to be called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fixed a race condition that could lead to a UAF in sndusbmidifree. The previous commit 0718a78f6a9f, “ALSA: usb-audio: Properly terminates the timer upon endpoint deletion,” addressed a UAF issue caused by the...