51293 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: hns: Fixed a possible memory leak in hnaeaeregister. When a fault is injected during module probing, if deviceregister fails, but the refcount of the kobject is not decreased to 0, the name allocated in devsetname may be...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fixed a possible memory leak in tifm7xx1switchmedia If the deviceregister function returns an error in tifm7xx1switchmedia, the name of the kobject allocated by devsetname called during deviceadd may be leaked. Do not...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nbd: The issue of task hanging when the signal interrupt nbdstartdeviceioctl occurs has been fixed. The following program is a simplified version of the reproducer function: c int mainvoid int sv2, fd; if socketpairAFUNIX,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf The current code produces a warning when the total number of characters in the constituent block device names, plus the slashes, exceeds 200. snprintf returns the number of characters generated...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PNP: The memory leak caused by the name of devices being allocated dynamically has been fixed in pnpallocdev. After the commit 1fa5ae857bb1 “Driver core: get rid of struct device’s busid string array”, the name of devices is now...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlpciinitafu|adapter. If deviceregister fails in cxlpciafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a null-ptr-deref...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: macsec: sync features on RTMNEWLINK Syzkaller was able to lock the lower device via ETHTOOLSFEATURES: - netdevlock, include/linux/netdevice.h: 2761 inline - netdevops, include/net/netdevlock.h: 42 inline -...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: TI: am65-cpsw-nuss: Fixed null pointer dereferencing for ndev. In the TX completion packet stage of TI SoCs with a CPSW2G instance, which has a single external Ethernet port, ndev is accessed without being...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Team: Replace the team lock with rtnl lock. Syszbot reports various ordering issues related to lower instance locks and team locks. It is recommended to use rtnl locks for protecting team devices, similar to bonding. This chan...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: gve: Prevent ethtool operations after shutdown A crash can occur if an ethtool operation is invoked after the shutdown function is called. shutdown is invoked during system shutdown to stop DMA operations without performing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fixed the issue of releasing uninitialized resources on an error path. The commit in the fixes section ensured that mlx5vdpafree is the only entrypoint for releasing vdpa device resources added in mlx5vdpadevadd. This...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if the device is no longer registered. The syzbot still reports that unregisternetdevice: waiting for vcan0 to become free. Usage count = 2. Even after commit 93a27b5891b8 “can: j1939: a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent device. The commit 813665564b3d “iio: core: Convert to use the firmware node handle instead of the OF node” changed the type of nodes used for label retrieval in...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fixed a possible memory leak in ibmebusbusinit. If deviceregister returns an error in ibmebusbusinit, the name of the kobject allocated by devsetname, which is called in deviceadd, is leaked. According to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize the Dead CT worker with the unbind operation. Cancel and wait for any Dead CT worker to complete before continuing with the device unbinding. Otherwise, the worker will end up using resources freed by the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The mcbausb driver fails to populate the ndochangemtu function, allowing for a buffer overflow. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The onl...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: Fixed a possible name leak in rioregistermport. If deviceregister returns an error, the name allocated by devsetname needs to be freed. This should be done using putdevice, so that the reference in the error path is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: The reference count of the device should always be dropped in ibdelsubdeviceandput. Since nldevdeldev introduced in commit 060c642b2ab8 “RDMA/nldev: Add support for adding/deleting a sub IB device through netlink” grab...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fixed a possible memory leak in efctdeviceinit. In efctdeviceinit, when efctscsiregfctransport fails, efctscsitgtdriverexit is not called to release memory used by efctscsitgtdriverinit, resulting in a memory leak:...