Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: validate the length of the advertising payload sent via meshsend The meshsend function currently limits the MGMTOPMESHSEND operation based on the total command length. However, it does not verify whether the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm flakey: Do not corrupt the zero page. When we need to zero a certain range on a block device, the function blkdevissuezeropages submits a write request with the bio vector pointing to the zero page. If we use the dm-flakey...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: regmap: slimbus: Fix the buscontext pointer in regmap init calls The commit 4e65bda8273c “ASoC: wcd934x: Fix error handling in wcd934xCodecParsedata” revealed the issue in the slimbus regmap. This commit causes audio playback ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If the functions in sbiecall.c are traceable, the command: echo "sbiecall:snapshot" /sys/kernel/tracing/setftracefilter can cause the kernel to enter a deadlock. Functions in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: s390/dcssblk: fixed the kernel crash caused by corruption in the listadd operation. The commit fb08a1908cb1 “dax: simplified the daxdevice gendisk association” introduced new logic for gendisk association, requiring drivers to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: Added the missing icedeinithw function in devlinkreinitpath. devlink-reload results in a iceinithwfailed error. Removing the ice driver causes a NULL pointer dereference issue. +0.102213 ice 0000:ca:00.0: iceinithwfailed: -1...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we will fail silently and return all available features. However, the manual...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: filelock: Removes locks reliably when a race between fcntl/close operations is detected. When the fcntlsetlk operation races with the close operation, the created lock is removed using dolockfilewait. However, LSMs may allow t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fslupm: A bug in the funexecop function was fixed; a “off-by-one” test was corrected. The “op-cs” values are copied into “fun-mchipnumber”, which is used to access the “mchipoffsets” and “rnbgpio” arrays. These arra...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting the ACL. A NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL later. It finds that the ACL is only a default ACL based on the mode bits, not the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – avoid null pointer dereference in mpicmpui During NVMeTCP authentication, a controller can trigger a kernel oops by specifying the 8192-bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu/powerplay/psm: A memory leak was fixed in the power state initialization process. The commit 902bc65de0b3 „drm/amdgpu/powerplay/psm: Return an error in power state init“ ensured that the power state initialization...

Astra Linux – Vulnerability in mbedtls

Mbed TLS versions prior to 3.6.4 allow a use-after-free in certain situations of applications developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument, which is documented as an output argument. The documentation does not indicate that the functi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block: Fix for a race condition between wbtenabledefault and IO submission. When wbtenabledefault is executed outside of the queue freezing mechanism in elevatorchange, it can cause the wbt inflight counter to become negative -1,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix for a use-after-free caused by irqcheckwork in flexcoppciremove. The original code uses canceldelayedwork in flexcoppci Remove, which does not guarantee that the delayed task irqcheckwork has fully completed if i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: blk-throttle: Set BIOTHROTTLED when bio has been throttled. 1. In the current process, all bio instances will set the BIOTHROTTLED flag after the blkthrotlbio function is called. 2. If bio needs to be throttled, a timer will b...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fixed the null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818ai Cancel, which stems from the fact that in case of early device detachment via pcl818detach, subdevice dev-readsubdev may not have...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fixed the issue of leaking the multicast GID table reference. If the CM ID is destroyed while the CM event for multicast creation is still queued, the cancelworksync function will prevent the work from running. This also...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: sofsdw – handling errors during card registration. If card registration fails, usually due to deferred probes, the device properties added for headset codecs are not removed, which leads to kernel errors during...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...