Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed the issue where the workqueue was not released upon calling .release. The workqueue associated with a DSA/IAA device is not released when the object is freed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drbd: fixed the issue of null-pointer dereference during local read operations. In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: c reqmodreq, what, NULL, &m; The handler for...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: fastrpc: Do not remove the map from createprocess and devicerelease. Do not remove the map from the list during the error handling in fastrpcinitcreateprocess. Instead, call fastrpcmapput to avoid a use-after-free...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k – Do not call getc0compareint if the timer irq is installed. This prevents a warning: 0.118053 BUG: A sleeping function was called from an invalid context at kernel/locking/mutex.c:283. The issue was caused by the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal. Since thermaldebugcdevremove does not run under cdev-lock, it can run in parallel with thermal Debugcdevstateupdate. This may free the struct thermal...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Added a sentinel to the quirks table. The current driver lacks a sentinel in the struct socdeviceattribute array, which causes a buffer overflow error when the socdevicematchmt7621pciequirksmatch function is called...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The block mode of switchdev is applied when ADQ is active, and vice versa. ADQ and switchdev are not allowed to be enabled simultaneously. Enabling both at the same time may lead to nullptr dereferencing. To prevent this issue,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fixed a device reference count leak in atrtrcreate. When updating an existing route entry in atrtrcreate, the old device reference was not released before assigning the new device. This led to a device reference...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/ras: Fixed the device confusion related to the CPER handler. Upon inspection, the cxlcperhandleproterr function makes several fragile assumptions that can lead to crashes: 1. It assumes that the endpoints identified in the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns: Fixed a possible memory leak in hnaeaeregister. When a fault is injected during module probing, if deviceregister fails, but the refcount of the kobject is not decreased to 0, the name allocated in devsetname may be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fixed an error handling path in cm3605probe. The commit in “Fixes” also introduced a new error handling path, which should replace the existing one. Otherwise, some resources may be leaked...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: NFC: NULLed the dev-rfkill to prevent UAF The commit 3e3b5dfcd16a “NFC: reordered the logic in nfcun,registerdevice” assumes that the deviceisregistered function in the nfcdevup function will help to check when the rfkill is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fixed a reference count leak in pprnotifier. According to the comments for pcigetdomainbusandslot, it returns a PCI device with a reference count that increments after use. The caller must decrement the reference count...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: Wait until all skuserdata readers are finished before releasing the sock. There is a race condition in vxlan where, when deleting a vxlan device during packet reception, there is a possibility that the sock is release...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Free rawreport buffers in usbhidstop This fix addresses a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418ab47...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: fixed potential invalid pointer dereferencing in blkaddpartition. The blkaddpartition function originally used a single if-condition ISERRpart to check for errors when adding a partition. This was modified to handle the ca...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Balances the device reference count when destroying devices. Using devicefindchild to find the appropriate SCMI device to destroy causes an imbalance in the device reference count. This occurs because...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu: Clearing iommu-dma operations during cleanup. If iommudeviceregister encounters an error, it may result in tearing down already-configured groups and default domains. However, this still leaves devices connected to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of leaking the platform device when the module was removed. Avoid resetting the i8042platformdevice pointer that is shared across modules in i8042probe or i8042remove. This ensures that the device c...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: media: dvbdev: Fixed a memory leak in dvbMediaDeviceFree. The function dvbMediaDeviceFree leaks memory. It is necessary to free the dvbdev-adapter-conn object before setting it to NULL, as documented in...