Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: e1000e: Changing usleeprange to udelay in PHY mdic access. This is a partial revert of commit 6dbdd4de0362 “e1000e: Workaround for sporadic MDI errors on Meteor Lake systems”. The referenced commit used usleeprange within the PHY...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed NULL access in the assignchannelcontexthandler function. Currently, when ath12kmacassignviftovdev fails, the radio handle is accessed from the link VIF handle arvif for debugging purposes. This is incorrec...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: p54: Prevent buffer-overflow in p54rxeepromreadback Robert Morris reported: "If a malicious USB device pretends to be an Intersil p54 Wi-Fi interface and generates an eepromreadback message with a large eeprom-v1.len value,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: Avoid using partially committed contexts. One major use of damoncall is the update of DAMON parameters online. This is done by calling damoncommitctx within the damoncall callback function. damoncommitctx can fail...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed the call trace observed during I/O with CMF enabled. The following issue was observed with CMF enabled: BUG: Using smpprocessorid in a preemptible context. Code: systemd-udevd/31711 Kernel: Caller is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the process context workqueue from amdtpdomainstreampcmpointer and updatepcmpointers, thereby eliminating its overhead. With...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Makes rmwlock a rawspinlock. The following bug was triggered: ============================= Bug: Invalid wait context 6.12.0-rc2-XXX 406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7921 – Fixed kernel panic due to null pointer dereference Fixed a kernel panic caused by a null pointer dereference in the mt792xrxgetwcid function. The issue arises because the deflink structure is not properly...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the create lease context. A missing bounds check was added for the create lease context...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the durable handle context. A missing bounds check was added for the durable handle context...

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel before version 5.10. The file drivers/infiniband/core/ucma.c contains a use-after-free, as the context of the ctx variable is accessed through ctxlist in certain situations where ucmamigrateid is called, specifically when ucmaclose is invoked. This issue...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: deferring partition scanning. We need to prevent the partition scanning from occurring within the controller’s scanwork context. If a path error occurs here, I/O operations will wait until a path becomes available...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: comp – Use the same definition for the context alloc and free operations. In commit 42d9f6c77479 “crypto: acomp – Move the scomp stream allocation code into acomp”, the cryptoacompstreams struct was designed to rely on th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in an atomic context. The following bug report occurred with the PREEMPTRT kernel: - Bug: A sleeping function was called from an invalid context at...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save the CS register in cases of AMD Zen IF Poison errors. The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC for poison consumption errors. Therefore,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: Do not schedule in atomic context A bug was reported as follows when CONFIGDEBUGATOMICSLEEP and tryverifyintasklet are enabled. 129.444685 T934 Bug: Sleeping function called from invalid context at...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flushcpuslab/freeslab invocations in task context. Commit 5a836bf6b09f "mm: slub: move flushcpuslab invocations freeslab invocations out of IRQ context" moved all flushcpuslab invocations to the global workqueue to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: lib/buildid: Use kernelread for the sleepable context. A bug has been prevented: “BUG: Unable to handle a NULL pointer dereferencing in filemapreadfolio.” For the sleepable context, change freader to use kernelread instead of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: removed the callcontrol in inactive contexts. If the damoncall function is executed against a DAMON context that is not running, the function returns an error while keeping the damoncallcontrol object linked to the...