Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Added a missing check for allocorderedworkqueue. Also added a check on the return value of allocorderedworkqueue, as it might return a NULL pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmvtpmproxy: fixed a race condition in the creation of /dev/vtpmx. The /dev/vtpmx becomes visible before ‘workqueue’ is initialized, which can lead to memory corruption in the worst-case scenario. This issue is addressed by...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iouring: Check whether iowq is killed before queuing it. Task work can be executed after the task has gone through iouring termination—whether it’s the final taskwork run or the fallback path. In this case, task work will find th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: fixed a data race with the pwq-stats increment KCSAN has identified a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-ra...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpftimercancelandfree Currently, the same issue as in the previous patch two timer callbacks attempting to cancel each other can also occur through bpfmapupdateelem. More precisely, freeing elements containing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: The null-ptr-deref issue in vkmsrelease has been fixed. A null-ptr-deref occurs when trying to destroy the workqueue in vkms-output.composerworkq during vkmsrelease. KASAN: Null-ptr-deref occurred in the range...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU0 stuck for 22s!...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a slab-use-after-free issue in hdcpwork Why A slab-use-after-free issue was reported when HDCP was destroyed, but the propertyvalidatedwork queue was still running. How The delayed work was canceled when th...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. When the driver is removed it assumes that the workqueue was...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfdstartxmit function fails, the driver stops processing messages, and the interrupt routine does not return, resulting in an indefinite execution even after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fix the UaF issue in listener shutdown According to Christoph’s report after refactoring the passive socket initialization, the mptcp listener shutdown path is vulnerable to a UaF issue. BUG: KASAN: Use-after-free in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Error handling in iavfinitmodule has been fixed. The iavfinitmodule no longer destroys the workqueue when pciregisterdriver fails. Instead, call destroyworkqueue when pciregisterdriver fails to prevent resource leaks. This...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, causing a NULL pointer dereferencing in hdmihdcp.c and hdmihpd.c. Patch...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fixed a UAF issue in f2fsinodeinfo in f2fsfreedic. The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after reading, and the kworker responsible for...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq The storvscerrorwq workqueue should not be marked as WQMEMRECLAIM, as it does not need to retain the status of forward progress under memory pressure. Marking this workqueue ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcicore: cancels all operations upon calling hciunregisterdev. syzbot reports that calling hcireleasedev from hcierrorreset can cause a deadlock at destroyworkqueue. This occurs because hcierrorreset is called from...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health during the shutdown callback. There is no point in performing recovery operations during device shutdown. If health-related tasks are initiated, one must wait until they are completed to avoid race...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the potential use of a null pointer in destroyworkqueue within the error path of initcifs. Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 initcifs Error: We previously assumed th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should only be released after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: workqueue: The issue related to the selection of wakecpu in kickpool has been fixed. With cpupossiblemask=0-63 and cpuonlinemask=0-7, the following kernel error was observed: smp: Bringing up secondary CPUs… smp: Brought up 1 nod...