Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixing use-after-free bugs caused by ax25dsdeltimer. When the ax25 device is being detached, the ax25devdevicedown function calls ax25dsdeltimer to clean up the slavetimer. When the timer handler is running, the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - media: meson: vdec: fixed a possible refcount leak in vdecprobe - v4l2deviceunregister must be called to reset the refcount obtained by v4l2deviceregister when vdecprobe fails or vdecremove is called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Fixed memory leak This checks whether CONFIGDEVCOREDUMP is enabled before attempting to clone the skb, and also ensures that btmtkprocesscoredump frees the skb following the same logic...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential out-of-bounds accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usbgetconfiguration for allocating dev-config. This...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fixed a possible memory leak if deviceadd fails. If deviceadd returns an error, the name allocated by devsetname needs to be freed. As noted in the comments for deviceadd, putdevice should be used to release the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: fix double-free in resetaddgpioauxdevice error path. When auxiliarydeviceadd fails, resetadd gpioauxdevice calls auxiliarydeviceuninitadev. The device release callback resetgpioauxdevicerelease frees adev, but the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed the use of spinunlockirqrestore, which is called with IRQs enabled. Fixed incorrect use of spinlockirq/spinunlockirq when spinlockirqsave/spinlockirqrestore was held. This issue was discovered through lock...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change to fix a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case. The isp1301getclient helper only increments the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: r6040: Fixed the kmemleak in the probe process and removed it. There is a memory leak reported by kmemleak: - Unreferenced object 0xffff888116111000 size 2048: comm “modprobe”, pid 817, jiffies 4294759745 age 76.502s Hex dump...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: Do not run mt76ustatusworker if the device is not running. Fixed the issue of NULL pointer dereferencing, preventing the mt76ustatusworker thread from being executed if the device is not running yet. KASAN:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: gve: Prevent ethtool operations after shutdown A crash can occur if an ethtool operation is invoked after the shutdown function is called. shutdown is invoked during system shutdown to stop DMA operations without performing...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fixed the issue of null pointer dereference on the pointer edp. The pointer dev is initialized, and the edp is dereferenced before edp is checked for being null. This could lead to a null pointer dereference issue. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net:mctp: Fix for device leak on probe failure The driver core holds a reference to the USB interface and its parent USB device while the interface is bound to the driver. There is no need to hold additional references unless tho...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: md: Fixed a deadlock between mddevsuspend and flushbio. A deadlock occurs when mddev is suspended while some of the flushbio operations are still in progress. This is a complex issue. T1: The first flush occurs at the end of t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/pmem: Fixed leaks in cxlpmemregion and cxlmemdev. When a cxlnvdimm object undergoes an -remove operation where the device is physically removed, nvdimmbridge is disabled, or the nvdimm device is disabled, any associated...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iommu: Fixed potential use-after-free during probe Kasan has reported the following use-after-free on dev-iommu: When a device probe fails and the dev-iommu is being freed. In the deviommufree function, deferredprobeworkfunc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle the deactivation of DBCs when the owner leaves. When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host via the QAICCONTROL MHI channel. QAIC handles this by calling...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: Unregisters the ECC engine upon probe error and device removal. The on-host hardware ECC engine remains registered both when the spiregistercontroller function returns an error, and also upon device removal...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...