Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock. A deadlock may occur because i3cmasterregister acquires &i3cbus-lock twice. See the log below. Use i3cdev-desc-info instead of calling...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not ASSERT if the newly created subvolume has already been read. BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: Assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ----------- cut...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uether: Fixed NULL pointer dereferencing in ethgetdrvinfo The commit ec35c1969650 “usb: gadget: fncm: Fixed netdevice lifecycle handling with devicemove“” re-parents the gadget device to /sys/devices/virtual during...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fixed a NULL pointer dereferencing issue when removing debugfs. We now remove the debugfs entries of the device when unbinding the driver. This now causes a NULL-pointer dereferencing issue at the end of the module,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: linkwatch: Use devput in the callers to prevent UAF. After linkwatchdodev calls devput to release the linkwatch reference, the device’s refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The maximum minor value is set to blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both ends. Therefore, NREXTDEVT is a valid index returned by blkallocextminor. This ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet: mtkppe: Avoid NULL dereferencing when gmac0 is disabled. If gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer dereferencing, leading to a system crash. This occurs because...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPFMAPTYPEDEVMAP does not have it set. This is...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: atm: The atmdevmutex is released after removing procfs in atmdevderegister. syzbot reported a warning during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicate device throu...

Astra Linux – Vulnerability in usbguard

A issue was discovered in USBGuard prior to version 1.1.0. On systems where the usbguard-dbus daemon is running, a non-privileged user could enable USBGuard to allow all USB devices to be connected in the future...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9121: Fixed an issue where uninit-value was used in da9121assignchipmodel. KASAN report: A out-of-bounds error occurred in regmapinit. BUG: KASAN: Out-of-bounds access in regmapinit, drivers/base/regmap/regmap.c:841....

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: media: v4l2-async: Fixed error handling after finding a match. Once an async connection is found to match an fwnode, a sub-device may be registered if it wasn’t already. Its binding operation is performed, auxiliary links are...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c: 751;...

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QEMU virtual crypto device during handling of data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the values of srclen and dstlen in virtiocryptosymophelper, which may lead to a heap buffer overflow if these values differ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jbd2: fixed the potential buffer head reference count leak. In the case of jbd2fcwaitbufs, if the buffer is not up-to-date, it will return -EIO without updating journal-jfcoff. However, in jbd2fcreleasebufs, the buffer head will ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Added .owner field to vmclockmiscdevfops. Without the .owner field, the module can be unloaded while /dev/vmclock0 is open, resulting in an oops...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: A possible name leak in ocxlfileregisterafu has been fixed. If deviceregister returns an error in ocxlfileregisterafu, the name allocated by devsetname needs to be freed. As commented in deviceregister, it should use...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before registering the video device The video drvdata should be set before the video device is registered. Otherwise, videodrvdata may return NULL in the open file operations, leading to errors...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nullblk: Fixed a issue where a NULL pointer dereference occurred when configuring ‘power’ and ‘submitqueues’. Writing ‘power’ and ‘submitqueues’ concurrently would trigger a kernel panic. Test script: bash modprobe nullblk...