Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: protection against NULL references from qediovgetvfinfo We must ensure that the information returned by the helper function is valid before using it. This issue was identified by the Linux Verification Center...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Added a NULL check in imxcardprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, imxcardprobe does not check for this case, which results in a NULL pointer being dereferenced. A...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio: Fixed an issue where unmapping of memory was not properly handled for indirect desc tables. When usedmaapi and premapped are set to true, the dounmap function is not called. As a result, the vringunmapextrapacked function...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: added a missing condition check for the existence of the mapped data. The function nvmemapdata is called when the request contains physical segments; therefore, the function nvmeunmapdata should also have the same...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the erefcnt leak in ext4xattrblockcachefind. Syzbot reports the following warning: ============================================ WARNING: CPU: 0, PID: 5075, at fs/mbcache.c:419, module mbcachedestroy+0x224/0x290. Linke...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: Memory freed for the tmpfile name When opening a ubifs tmpfile in an encrypted directory, the function fscryptsetupfilename allocates memory for the name that will be stored in the directory entry. However, after the name ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fixed the issue of “not skipping locked entries when scanning entries” The commit 6be3e21d25ca “fs/dax: not skipping locked entries when scanning entries” introduced a new function, waitentryunlockedexclusive, which waits...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use the number of bits to manage bitmap sizes. To allocate bitmaps, the mpi3mr driver calculates the sizes of bitmaps using bytes as the unit. However, bitmap helper functions assume that bitmaps are allocated using...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fixed the potential NULL pointer dereferencing issue. If sdprobe encounters an error before sdkp-device is initialized, sdzbcreleasedisk is called. This leads to a NULL pointer dereferencing issue when sdiszoned is call...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The use-of-free condition was fixed by using callrcu for oplockinfo. Currently, ksmbd immediately frees oplockinfo using kfree, even though it is accessed during critical sections of the RCU read-side, such as in functions...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context. TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework after the respective DMA operations are completed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport-portstate before calling done Callback In the nvmefchandlelsrqstwork function, the lsrsp-done callback is set only when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp’s LLDD...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: A buffer overflow has been fixed in the liootargetnaclinfoshow function. The function liootargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checkin...

Astra Linux – Vulnerability in imagemagick

In the functions CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all part of /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations that were used with the floor function. These calculations resulted ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: handle pagepooldevallocpages error The fecenetupdatecbd function calls pagepooldevallocpages, but it does not handle the case where NULL is returned. A WARNON!newpage message is generated, but the program still proceeds...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rtrs: Ensure that the ‘ibsge list’ is accessible. Move the declaration of the ‘ibsge list’ variable outside the ‘alwaysinvalidate’ block to ensure that it remains accessible for use throughout the function. Previously, th...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: niusb6501: fixed NULL dereferencing in command paths. The driver uses USB transfer buffers of the endpoint size, but there were no sanity checks on their sizes. This can lead to dereferencing of zero-size pointers or...

Astra Linux – Vulnerability in Thunderbird

A data race could occur in the PK11ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR 102.2 and Thunderbird 102.2...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: i2c: tc358743: Fixed a crash that occurred in the probe error path when using polling. If an error occurs in the probe function, we should remove the polling timer that was alarmed earlier. Otherwise, the timer is calle...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check the queue mode setting from configfs. Make sure to check the device queue mode in the nullvalidateconf function, and return an error for NULLQRQ since we do not allow legacy I/O paths. Without this patch, we...