Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed missing NULL checks for kstrdup 1. Replaced “offindnodebypath"/"” with “ofroot” to avoid multiple calls to “ofnodeput”. 2. Fixed a potential kernel error during early boot when memory allocation fails while...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwrng: geode – Fixed the PCI device reference count leak issue. The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice indicates that it will increase the reference count of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Error processing should be added before returning from the function, and the return value has been modified...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Added missing error checks for clock acquisition. The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when invalid pointe...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: gpio: aggregator: Protect driver attr handlers against module unload Both newdevicestore and deletedevicestore access module global resources e.g., gpioaggregatorlock. To prevent race conditions during module unloading, a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - dm clone: Fixed a UAF Use-after-Free in clonedtr. - Dmclone also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in clonedtr...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. Syzbot was able to access the llcrcv functi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: Fixed a crash that occurred in wacomaesbatteryhandler. The commit fd2a9b29dc9c “HID: wacom: Remove AES powersupply after extended inactivity” introduced wacomaesbatteryhandler, which is scheduled as a delayed task...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fixed the nullptrderef issue in targetallocdevice There is a nullptrderef issue reported by KASAN: BUG: KASAN: nullptrderef in targetallocdevice+0xbc4/0xbe0 targetcoremod … kasanreport+0xb9/0xf0...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: loop: Overflow check during loop configuration The user space can configure a loop using an ioctl call. In this process, a configuration of type loopconfig is passed see the loioctl case on line 1550 of drivers/block/loop.c. This...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix a possible memory leak in iiosysfsTrigInit The devsetname function allocates memory for the device name. This memory needs to be freed when deviceadd fails. After calling putdevice, the reference held by...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue with mlx5ibgethwstats when used for devices. Currently, when mlx5ibgethwstats is used for a device where portnum = 0, there is a special handling to ensure that the correct counters are used. However,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: The issue of task hanging when the signal interrupt nbdstartdeviceioctl occurs has been fixed. The following program is a simplified version of the reproducer function: c int mainvoid int sv2, fd; if socketpairAFUNIX,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: zynq-ipi: fixed error handling when deviceregister fails When deviceregister fails, there are two issues: 1. The name allocated by devsetname is leaked. 2. The parent of the device is not NULL; deviceunregister is...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: macb: fixed the use of “free” after calling “rmmod”. “platdev-dev-platformdata” is released by calling “platformdeviceunregister”. The use of “pclk” and “hclk” constitutes a use-after-free. Since “deviceunregister” does n...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: octeonep VF: Fixed the issue where the devid used in the freeirq function did not match the original devid during the IRQ rollback process. The octepvfrequestirqs function requests MSI-X queues for IRQs with the devid set to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fixed the leak from the dev tracker. At the stage of direction checks, the netdev reference tracker is already initialized, but it is released with the wrong put call...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: fixed the potential NULL pointer dereferencing on udev-serial. The driver assumed that es58xdev-udev-serial could never be NULL. While this is true for commercially available devices, an attacker could spoof the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protection was added to the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. However, access to the device queue is not protected against...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...