Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: Validate the payload size before reading the handle. The handleresponse function dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed o...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Fixed NULL pointer dereferencing caused by uninitialized group-iommufd. group-iommufd is not initialized for the iommufdctxput function. 20018.331541 BUG: NULL pointer dereferencing in the kernel, address: 00000000000000...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssgprueth: Fixed NULL pointer dereferencing in pruethprobe. In the pruethprobe function, if one of the calls to emacPhyConnect fails because of ofPhyConnect returning NULL, then the subsequent call to phyattachedinfo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed corruption of q-blkglist during disk rebinding. Multiple instances of the gendisk function can be allocated/added for a single request queue during disk rebinding. As a result, blkg may still remain in q-blkgli...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iio: adc: aspeed: Fixed the refcount leak in aspeedadcsettrimdata. The function offindnodebyname returns a node pointer with a refcount incremented; we should use ofnodeput on it after processing. Added the missing ofnodeput...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm raid: fixed access issues beyond the end of the raid member array. When the dm-raid table is loaded using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is determined by the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: A memory leak was avoided in the magicmousereportfixup function. The magicmousereportfixup function returned a buffer that was allocated using kmemdup. However, this buffer was never freed. The caller of...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tomoyo: Fixed the UAF write bug in tomoyowritecontrol. Since tomoyowritecontrol updates head-writebuf when the write function is called for long lines, we need to retrieve head-writebuf after holding head-iosem. Otherwise,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nsfs: Permission checks for ns iteration ioctls have been tightened. Even privileged services should not necessarily be able to access the namespaces of other privileged services, so that they cannot leak information to each othe...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fixed the issue of a memory leak caused by the failure to remove generic power domains when the ofgenpdaddprovideronecell function fails during probing. If the ofgenpdaddprovideronecell function fails during...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a lockup issue caused by a race condition between inode eviction and inode caching. There is a race condition between inode eviction and inode caching that can cause a live struct btrfsinode to be missing from the...

Astra Linux – Vulnerability in ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the urlopendynbufinternal function in libavformat/aviobuf.c...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed a deadlock between rcutaskstrace and eventmutex. Fixed the following deadlock: - CPU A: - freeevent - perfkprobedestroy - mutexlock&eventmutex - perfTraceEventUnreg - synchronizercutaskstrace There are several paths...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is only used for the DP83822 PHY; the private data pointer remains uninitialized for the smaller DP83825/26 models. While all uses of the...

Astra Linux – Vulnerability in ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference to usbgetdev is not released during the gpiompsseprobe error paths. This issue was fixed by using device-managed helper functions. Additionally, the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a null check for the ‘afb’ variable in the amdgpudmplanehandlecursorupdate function v2. This commit moves the null check for the ‘afb’ variable to the line where it is actually used in the...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xsk: Fixed a race condition in socket teardown Fixed a race condition in the xsk socket teardown code that could lead to a NULL pointer dereferencing. The current xskunbindcode in xskunbinddev starts by setting xs-state to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - ice: fixed the issue where calls to PF PTP cleanup iceptpcleanuppf function and the ‘pslock’ mutex deinitialization were missed during error paths involving driver removal. The cleanup process for releasing PTP resources...

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...