Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtiovdpa: Building affinity masks conditionally We were trying to build the affinity mask using createaffinitymasks unconditionally, which could lead to several issues: - The affinity mask is not used for parent processes witho...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the file drivers/media/dvb-core/dmxdev.c within the Linux kernel, up to version 5.19.10, a use-after-free condition has occurred due to race conditions related to reference counts, affecting the functions dvbdemuxopen and dvbdmxdevrelease...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize the Dead CT worker with the unbind operation. Cancel and wait for any Dead CT worker to complete before continuing with the device unbinding. Otherwise, the worker will end up using resources freed by the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8712: fixed a potential memory leak in r871xudrvinit. In r871xudrvinit, if r8712initdrvsw fails, the memory allocated by r8712allocioqueue in r8712usbdvobjinit is not properly released. This is because no action is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fixed a stack overflow issue in line6miditransmit. The issue was addressed by correctly calculating the available space, including the size of the buffer. This correction prevents a buffer overflow when multiple MIDI...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: Fixed the PCI device reference count leak in mt7915pciinithif2. According to the comments on pcigetdevice, it returns a pcidevice with its reference count increased. We need to call pcidevput to decrease the referen...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel before version 5.13.6, the drivers/usb/host/max3421-hcd.c file allowed physically nearby attackers to cause a denial of service including use-after-free errors and panic conditions by removing a MAX-3421 USB device under certain circumstances...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscpi: Fixed string overflow in the SCPI genpd driver. Without the bounds checks for scpipd-name, a buffer overflow could occur when copying the SCPI device name from the corresponding device tree node. This occurs...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel up to 5.15.2, mwifiexusbrecv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker who can connect a crafted USB device to cause a denial of service skboverpanic...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, if mode-refresh happens to be 0x80000000, cvt.frefresh will become 0 when multiplied by 2 due to overflow. This value is then passed to fbcvthperiod, where...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The committed code attempted to simplify the process of deallocations, but this led to a double-free on the mcdev variable. If the MC device is a DPRC, a new mcbus is allocated, and the mcdev...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: A divide error occurred in ndlabeldatainit. If a faulty CXL memory device returns a incorrect zero LSA size in its memory device information Identified Memory Device Opcode 4000h, CXL Specification 3.1,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417. The videodevice for the MPEG encoder did not set devicecaps. This issue needs to be addressed; otherwise, the videodevice cannot be registered a WARNON message will be generated. This issue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: Do not bypass hidhwrawrequest The hidhwrawrequest function is actually useful for ensuring that the provided buffer and length are valid. Directly calling this function in the low-level transport driver bypassed those...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in the successful path. Setting tty-discdata before opening the NCI device means that we need to handle errors properly. This also creates a short window during which the device may continue ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: p54: Prevent buffer-overflow in p54rxeepromreadback Robert Morris reported: "If a malicious USB device pretends to be an Intersil p54 Wi-Fi interface and generates an eepromreadback message with a large eeprom-v1.len value,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: cxusb: No longer judges rbuf when the write fails syzbot reported a uninit-value in cxusbi2cxfer. Only when the write operation of usbbulkmsg in dvbusbgenericrw succeeds and rlen is greater than 0, the read operation of...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: A crash occurred due to dereferencing an uninitialized pointer. Since commit 7d5e9737efda “net: rfkill: gpio: getting the name and type from device property”, the rfkillfindtype function is called with the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed a crash that occurred during the transportportremove function, by using iocinfo. During this function, messages were logged via devprintk regarding &mpt3sasport-port-dev. At this point, the SAS transport devi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm: A NULL pointer dereference occurred in dmsuspend. There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereference. This issue occurs when...