Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Check for an error when searching for the parent of the backlight device. If the acpigetparent function called within acpivideodevregisterbacklight fails, for example, because acpiutacquiremutex fails inside...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fixed a NULL pointer issue in the channel unregistration function. The dmaasyncdevicechannelregister function may fail. In the event of a failure, chan-local is freed with freepercpu, and chan-local becomes null. When...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: efivarfs: forces RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware, we never assign a callback for that function. At the same time, we mount efivarfs as RO so that no on...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A race condition was detected in the QXL driver within the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle function. However, the handle is the only entity that holds a reference to qobj. This flaw allows an attacker to guess the val...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: A null pointer check was added in opalpowercapinit. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT – Avoid u32 multiplication overflow. In the function lpitupdateresidency, there is a possibility of overflow during multiplication, if tsckhz is large enough UINTMAX/1000. The multiplication operation should be replace...

Astra Linux – Vulnerability in binutils

The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A flaw was discovered in the IPv4 Resource Reservation Protocol RSVP classifier within the Linux kernel. The xprt pointer may extend beyond the linear portion of the skb structure, resulting in an out-of-bounds read in the rsvpclassify function. This issue could potentially cause a local user to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - ice: xsk: disabling TXQ interrupts before flushing hardware settings. - iceqpdis attempts to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps involved disabling interrupts on these queues...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the dmstats function, check for and propagate the allocpercpu failure. Check the return value of allocprecpu, and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does so. Otherwise, a NULL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “wifi: mac80211: fix memory leak in ieee80211ifadd” This resolution involves committing change 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. The function ieee80211iffree is already called from freenetdevndev, because...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound access in addsecretdacpath The sndhdagetconnections function may return a negative error code. This could lead to accessing the ‘conn’ array at a negative index. This issue was...

Astra Linux – Vulnerability in binutils

The demangletemplate function in cplus-dem.c within GNU libiberty, as part of GNU Binutils 2.30, allows attackers to trigger excessive memory consumption also known as OOM during the “Create an array for saving the template argument values” XNEWVEC call. This can occur during the execution of...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: betop: Check the shape of output reports The betopffinit function only checks that the total sum of the report counts for each report field is at least 4. However, hidbetopffplay expects 4 report fields. A device that sends ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in the axichanhandleerr function. Since there is no protection for vd, a kernel panic will be triggered in exceptional cases. You can refer to the processing of the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel through version 6.1-rc8. The function dpucrtcatomiccheck in the file drivers/gpu/drm/msm/disp/dpu1/dpucrtc.c lacks a check for the return value of kzalloc. This issue may lead to a NULL Pointer Dereference...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcppmdeladdtimer The mptcppmdeladdtimer function can call skstoptimersyncsk, &entry-addtimer. It is reported that there might already be a free entry, as reported by syzbot. Added RCU...

Astra Linux – Vulnerability in GhostScript

A vulnerability classified as problematic was discovered in GhostPCL 9.55.0. This vulnerability affects the chunkfreeobject function in the gsmchunk.c file. Manipulation with a malicious file can lead to memory corruption. The attack can be initiated remotely, but requires user interaction. The...

Astra Linux – Vulnerability in xorg-server

A vulnerability classified as critical was discovered in X.org Server. The vulnerability affects the GetCountedString function in the xkb/xkb.c file. This vulnerability can lead to a buffer overflow. It is recommended that you apply a patch to address this issue. The identifier associated with th...

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the addpartition function in the block/partitions/core.c file within the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue arises due to the lack of code cleanup when the deviceadd function fails...