Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free of the addlock mutex Commit 6098475d4cb4 “spi: Fix deadlock when adding SPI controllers on SPI buses” introduced a per-controller mutex. However, the mutexunlock call for that lock occurs after the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ARM: In the dts section, for the qcom subsystem, replace the gcc PXO handle with pxoboard fixed clock. Replace the gcc PXO handle with the pxoboard fixed clock value declared in the dts file. The gcc driver does not provide PXOSR...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vduse: It is now checked that the offset is within the bounds during the getconfig function. This check only examines “len”, but does not examine “offset”. This could lead to an out-of-bounds read if “offset dev-configsize” is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: MIPS: Loongson64: DTS: Actually fixed the PCIe port nodes for ls7a. Fixed the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning interruptprovider: /bus@10000000/pci@1a000000: 'interrupt-cells' found,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vc4: Fixed deadlock issues during DSI device attachment The attachment of a DSI device to a DSI host is performed while the host device’s lock is held. Unregistering the host device in the “device attachment” error path...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “comedi”: checking the attached status of devices in compatible IOCTLs. Syzbot identified a issue 1 that causes the kernel to crash, seemingly due to the absence of the callback dev-getvalidroutes. This should never happen, as th...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fixed a null dereference issue in the parse of dev addr operation. A logical error was addressed, which could lead to a null dereference if the mode is set incorrectly for the given addr type...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: Fixed a possible name leak in rioregistermport. If deviceregister returns an error, the name allocated by devsetname needs to be freed. This should be done using putdevice, so that the reference in the error path is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: ti: am65-cpsw: Fixed segmentation fault during module unloading. The call to am65cpswnussphylinkcleanup has been moved to after am65cpswnusscleanupndev, so phylink remains valid. This prevents the segmentation faul...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: The vulnerability relates to hardening the uplink netdev access in case the device is unbound. The function mlx5uplinknetdevget retrieves the uplink netdevice pointer from mdev-mlx5eres.uplinknetdev. However, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ath11k: fixed the netdev open race condition. Make sure to allocate the necessary resources before registering the device. This specifically prevents a race condition where open triggers a BUGON in modtimer, when ath11kmacopstart...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data. The original logic for getting mma8452data is incorrect. The dev points to the device belonging to iiodev. We cannot use this dev to find the correct i2cclient. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: leds: class: Protect access to brightnessshow using ledcdev-ledaccess mutex There is a NULL pointer issue observed when Process A adds a hid device, resulting in the addition of a ledcdev object. Subsequently, another call to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: mdio: Check the regmap pointer returned by devicenodetoregmap The call to devicenodetoregmap in airohamdioprobe may return an ERRPTR if the regmap initialization fails. Currently, the driver stores the pointer without...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: Fixed clkhwgetclk when dev is NULL. Any registered clkcore structure may have a NULL pointer in its dev field. Although this has never been officially documented, this is evident from the widespread use of clkregister and...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fixed the latency and residency issues during CPU/L2 idle states. The entry/exit latency and minimum residency in the idle states of the MSM8998 device were incorrect. Firstly, the timings were set for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The can: hi311x module has corrected the ndochangemtu function to prevent buffer overflows. Sending a PFPACKET allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only check...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixing use-after-free bugs caused by ax25dsdeltimer. When the ax25 device is being detached, the ax25devdevicedown function calls ax25dsdeltimer to clean up the slavetimer. When the timer handler is running, the...