Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed handling of incorrect devices during the bond netevent process. The current implementation of the bond netevent handler only checks whether the handled netdev is a VF representative. However, there is no check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: A possible memory leak has been fixed in sh7760fballocmem. When information such as info-screenbase is not ready, calling sh7760fbfreemem does not release the memory correctly. Instead, call dmafreecoherent...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Do not call cleanup on profile rollback failure When profile rollback fails in mlx5enetdevchangeprofile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile-cleanu...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Added a check for mgmtallocskb in mgmtdeviceconnected. Added a check on the return value of mgmtallocskb in mgmtdeviceconnected to prevent null pointer dereferencing...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: HID: amdsfh: “free driverdata” after destroying the hid device The HID driver callbacks are no longer called after the hiddestroydevice function is called. Therefore, the driverdata should only be freed after the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: Base: Resources are freed when a device is unregistered. In the current code, the devresreleaseall function is only called if the device has a bus and has been probed. This leads to issues when using devices that lack a...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix the return value of f2fsconvertInline inode If the device is read-only, make f2fsconvertInline inode return EROFS instead of zero. Otherwise, it may trigger a panic during the writing of dirty pages of inline inodes, as...

Astra Linux – Vulnerability in Qemu

A NULL pointer dereference flaw was discovered in the floppy disk emulator of QEMU. This issue occurs when processing read/write ioport commands, especially if the selected floppy drive is not initialized using a block device. This flaw allows a privileged guest user to crash the QEMU process on...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: int3472: The issue of double-freeing the GPIO device during the unregister function has been fixed. The regulatorunregister function already frees the associated GPIO device. On the ThinkPad X9 Lunar Lake, this caus...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fixed the return type of netcpndostartxmit With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to ensure that the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa27xudc: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: Core: Fix for unbalanced node refcount in regulatordevlookup The following report was received: ERROR: Memory leak; expected refcount 1 instead of 2. Unbalanced in ofnodeget/ofnodeput – destroyed cset entry: Attaching...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the refcount leak for PCI devices. According to the comments on pcigetdomainbusandslot, it returns a PCI device with a refcount that increments after use. Therefore, the caller must decrement the reference count...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: bq257xx: A leak in the device node reference occurred in bq257xxregdtparsegpio. In bq257xxregdtparsegpio, if the subchild is not successfully retrieved, the function returns without calling nodeputchild, resulting in a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: Register the MDIO bus under devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mISDN: fixed an issue involving misuse of putdevice in mISDNregisterdevice. We should not release references to putdevice before calling deviceinitialize...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: A bad drive in the topology can result in a kernel crash. When the SAS Transport Layer support is enabled and a device is exposed to the operating system through the driver, if INQUIRY commands fail, the driver...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded devices. The dev pointer received as an argument in the inilluminanceperiodavailableshow function refers to the device embedded within the IIO device, not the i2c clien...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock. A deadlock may occur because i3cmasterregister acquires &i3cbus-lock twice. See the log below. Use i3cdev-desc-info instead of calling...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...