Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I encountered the following issue during the devicemscc-miim load test, with CONFIGOFUNITTEST and CONFIGOFDYNAMIC enabled: - ERROR: Memory leak; the expected reference count was 2...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if the device is destroyed The current implementation of HID’s bpf function assumes that no output reports or requests will occur after the hidbpfdestroydevice function is called. This leads to a bug wher...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pdscore: removed the write-after-free issue related to clientid. A use-after-free error was encountered during stress testing: Mon Apr 21 21:21:33 2025 BUG: KFENCE: use-after-free write at pdscauxbusdevdel+0xef/0x160 pdscore Mon...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fixed deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional, there is a deadlock with the ‘statelock’ spinlock between ks8851startxmitspi and ks8851irq: Watchdog: BUG: Soft lock...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armffa: Fixed FFA device names for logical partitions. Each physical partition can provide multiple services, each with a unique UUID. Each such service can be represented as a logical partition with a unique combinatio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish between block-based and fscache mode When erofskillsb is called in block-dev based mode, sbdev may not have been initialized yet. If CONFIGEROFSFSONDEMAND is enabled, this will cause a mistake in...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: The second sensor, hi3660, was removed. The commit 74c8e6bffbe1 “driver core: Add allocsize hint to devm allocators” exposes a panic “BRK handler: Fatal exception” during the hi3660thermalprobe function. Thi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed an UAF in nbdgenlconnect, where an error path occurred after calling nbdstartdevice. There is a use-after-free issue in nbd: - block nbd6: Received control failed result: -104; sockets are being shut down. Bug: KASAN:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed an issue where an invalid lock was taken on a wedge. If devices like GuC upload are wedged, the submission is not yet enabled, and the state has not even been initialized. This fix prevents the wedge-related calls...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mISDN: A possible memory leak in mISDNregisterdevice has been fixed. After committing 1fa5ae857bb1 "driver core: get rid of struct device’s busid string array", the name of the device is allocated dynamically. The putdevice...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fixed the race involving destroyworkonstack. The following debug object splat was observed during testing: ODEBUG: Freeing an active object active state 0: 0000000097d23782; Object type: workstruct; Hint:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver UAF When using drmkunithelperallocdrmdevice, the driver may be referenced by device-managed resources until the device is freed. This typically happens later than when the kunit-managed resource...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/srpt: Do not register the event handler until the srpt device is fully set up. In rare cases, KASAN reports a use-after-free error in the srptrefreshport function. This appears to occur because the event handler is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca – fixed a situation where the kernel’s NULL pointer was dereferenced due to an IO error. The initial settings will be written before the codec probe function is called. However, the rt711-component has not yet be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a null pointer dereferencing after failing to issue FLOGI and PLOGI commands. If lpfcissueelsflogi fails and returns a non-zero status, the node’s reference count is decremented to trigger the release of the...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: Fixed the issue of NULL pointer dereferencing in groupcpusevenly. While testing nullblk with configfs, the command echo 0 pollqueues would trigger the following panic: BUG: NULL pointer dereferencing in the kernel,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iommusvabinddevice should return either a device handle or an ERRPTR value in error cases. Existing drivers idxd and uacce only check the return value using ISERR. This could potentially lead to a NULL pointer dereferencing issue...

Astra Linux – Vulnerability in Qemu

A stack overflow due to an infinite recursion vulnerability was detected in the eepro100 i8255x device emulator of QEMU. This issue occurs during the processing of controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or cause the QEMU...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test as follows: Unreferenced object: 0xffff88800906c618 size 8 Command: comm "i2c-idt82p33931", PID 4421,...