51194 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: Fixed the issue of NULL pointer dereferencing in groupcpusevenly. While testing nullblk with configfs, the command echo 0 pollqueues would trigger the following panic: BUG: NULL pointer dereferencing in the kernel,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: iommusvabinddevice should return either a device handle or an ERRPTR value in error cases. Existing drivers idxd and uacce only check the return value using ISERR. This could potentially lead to a NULL pointer dereferencing issue...
Astra Linux – Vulnerability in Qemu
A stack overflow due to an infinite recursion vulnerability was detected in the eepro100 i8255x device emulator of QEMU. This issue occurs during the processing of controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or cause the QEMU...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test as follows: Unreferenced object: 0xffff88800906c618 size 8 Command: comm "i2c-idt82p33931", PID 4421,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: The driver data must be set before it is used. If vmclockptpregister fails during probing, vmclockremove is called to clean up the ptp clock and misc devices. This function uses devgetdrvdata to access the vmclock...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dax: Fixed the issue where daxmappingrelease was called after the object was freed. A test using CONFIGDEBUGKOBJECTRELEASE to remove a device-related dax region e.g., using modprobe -r daxhmem results in the following output:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Team: Replace the team lock with rtnl lock. Syszbot reports various ordering issues related to lower instance locks and team locks. It is recommended to use rtnl locks for protecting team devices, similar to bonding. This chan...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Cloning zoned device info when cloning a device When cloning a btrfsdevice, we are not cloning the associated btrfszoneddeviceinfo structure of the device, especially in cases where the filesystem is zoned. This ca...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: v4l: async: Fixed a NULL pointer dereferencing issue in the process of creating auxiliary links. In v4l2asynccreateancillarylinks, auxiliary links are created for lens and flash sub-devices. These are links between...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83792d A NULL pointer dereferencing issue was addressed by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed an incorrect offset in biotruncate The biotruncate function clears the buffer outside of the last block of bdev. However, the current implementation of biotruncate uses the wrong offset for the page. As a result, it...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fixed the use-after-free vulnerability in the ether3 Driver due to race conditions. In the ether3probe function, a timer is initialized using a callback function called ether3ledoff, which is bound to &prevdev-timer...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Fixed a use-after-free when renaming device names. Syzbot reported a slab-use-after-free with the following call trace: ========================================== BUG: KASAN: slab-use-after-free in nlaput+0xd3/0x150...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Requires seeding the RNG with RDRAND on CoCo systems. There are few uses of CoCo that do not rely on functional cryptography and, consequently, a functioning RNG. Unfortunately, the CoCo threat model means that the VM...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case, it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed another UAF in binderdevices. The commit e77aff5528a18 "binderfs: fixed a use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC’s revid implementation is flawed in several ways. Firstly, it assumes that simply because a sibling base device has been registered, it is also bound to a drive...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed a deadlock that occurred during netdev reset with active connections. This issue was addressed by preventing the deadlock that occurs when the netdev function is executed during a device reset while RDMA...