Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: Unregistering the i2c device after unregistering the CEC adapter. The cecunregisteradapter function assumes that the underlying CEC adapter is callable. For example, if the CEC adapter currently has a valid...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through UHID, there is a possibility that we do not have output reports, and as a result, reportfield is set to null...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: fixed a memory leak in idpfvccoredeinit Make sure to free hw-lan regs. Reported by kmemleak during reset: Unreferenced object 0xff1b913d02a936c0 size 96: comm "kworker/u258:14", pid 2174, jiffies 4294958305 Hex dump first 3...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: mediatek: vcodec: fix decoder disable PM crash It is not possible to call pmruntimedisable when the architecture supports a sub-device for “dev-pm.dev” is NUll, or it may cause a crash log. 10.771551 pc :...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: In the bitPutcs function, the bound-check glyph index was derived from the character value masked by 0xff or 0x1ff. This may lead to reading beyond the end of the built-in font array, exceeding the actual number o...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: net: caif: fixed a memory leak in caifdevicenotify In the event of a failure in caifenrolldev, the allocated linksupport will not be assigned to the corresponding structure. Therefore, simply free the allocated pointer in case of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fixed a double-free operation in the aux add failure case. After a successful auxiliarydeviceinit call, auxdev-dev.release i.e., xenvmreleasedev is responsible for freeing the memory allocated to nvm. If there is a...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Handle errors from amdgpucgscreatedevice in amdpowerplaycreate. Add error handling to propagate the failures of amdgpucgscreatedevice to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind When the device is bound, we register the HDMI codec device. However, we do not unregister it when the device is unbound, resulting in a device leakage issue. We need to unregister...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix a hang issue when the device state is set via sysfs This fix addresses a regression introduced in the commit f0f82e2476f6 “scsi: core: Fix capacity setting to zero after offlineizing a device”. The problem...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: The refcount leak caused by setting the SOBINDTODEVICE socket option has been fixed. If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. The commit...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: Fixed potential resource leaks nfcgetdevice now takes a reference to the device and adds it; nfcputdevice is added to release it when no longer needed. Additionally, the warning message was corrected by using the error co...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines resulted in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: netsec: fixed error handling in netsecregistermdio. If phydeviceregister fails, phydevicefree must be called to reset the reference count; thus, the memory associated with the phy device and its name can be freed in the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add a lock when modifying the device list. The device list requires its associated lock to be held when being modified; otherwise, the list could become corrupted, as syzbot discovered...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ata: libata-transport: fixed error handling in atatlinkadd In atatlinkadd, the return value of transportadddevice is not checked. As a result, a nullptrdereference exception occurs when removing the module, because...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca – A memory leak was fixed in the device probe, and the phy-pendingskb variable was properly freed after allocation. However, it was forgotten to be freed during the error handling and removal processes, resulting in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/gup: rejecting FOLLSPLITPMD with hugetlb VMAs. The patch series “mm: fixes for device-exclusive entries hmm”, version 2. While discussing the PageTail call in makedeviceexclusiverange, I recently discovered that device-exclusi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in the iopf reporting path. The existing I/O page fault handler currently locates the PCI device by calling pcigetdomainbusandslot. This function searches the list of all PCI devices until the desire...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: Handling failures in registering sensors with a thermal zone correctly. If an attempt is made to register a sensor with a thermal zone and it fails, the call to devmthermalzoneofsensorregister may return -ENODEV. This c...