51305 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ax25: The refcount leak caused by setting the SOBINDTODEVICE socket option has been fixed. If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. The commit...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed the issue where the refcount of the subsystem for the @blockclass class was leaking. The blkcgfillrootiostats function iterates over the devices belonging to the @blockclass class using classdeviterinit|next...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check the control transfer buffer size before accessing it. If the first fragment is shorter than struct usbcdcnotification, we cannot calculate the expectedsize. Instead, log an error and discard the notification...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal The devicedel function can cause new work to be scheduled in the gadget-workqueue. This issue is observed, for example, with the dwc3 driver, as follows: c devicedel...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Added locks for usbdriverclaiminterface The documentation for usbdriverclaiminterface states that “the device lock” is required when this function is called from locations other than probe. This seems ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: etases58x: fixed the potential NULL pointer dereferencing on udev-serial. The driver assumed that es58xdev-udev-serial could never be NULL. While this is true for commercially available devices, an attacker could spoof the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac: A NULL pointer dereference occurred in the brcmftxfinalize function. When the device is removed or the kernel module is unloaded, a potential NULL pointer dereference may occur. The following sequence leads to the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: clk-imx8mn: fixed a memory leak in imx8mnclocksprobe. Use devmofiomap instead of ofiomap to automatically handle the unused ioremap regions. If any errors occur, the memory allocated by kzalloc may leak; however, usi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rpmsg: Fixed a possible refcount leak in rpmsgregisterdeviceoverride. rpmsgregisterdeviceoverride must call putdevice to free the vch when driversetoverride fails. This issue was fixed by adding a call to putdevice in the erro...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: blk-mq: Fixed a possible memory leak when registering the ‘hctx’ variable failed. There is one issue that arises during fault injection tests: An unreferenced object with a size of 512 bytes: bash comm "insmod", pid 308021,...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue with mlx5ibgethwstats when used for devices. Currently, when mlx5ibgethwstats is used for a device where portnum = 0, there is a special handling to ensure that the correct counters are used. However,...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: Unregistering the i2c device after unregistering the CEC adapter. The cecunregisteradapter function assumes that the underlying CEC adapter is callable. For example, if the CEC adapter currently has a valid...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ocxl: The issue of a reference count leak for PCI devices occurred when calling getfunction0. getfunction0 calls pcigetdomainbusandslot. As commented, this function returns a PCI device with a reference count increase. Therefore,...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: The dvbdev: device driver adopts a reference counter to avoid Use-After-Free UAF vulnerabilities. It is known that the dvbunregisterdevice function is prone to use-after-free issues. In other words, the cleanup performed by...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero errors In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from the user. Then, the functions fbsetvar and info-fbops-fbcheckvar will be called, which might...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage. ============================================ WARNING: Possible recursive locking detected 5.18.0 3 No...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevents recovery work from being queued during device removal. Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hsr: It is necessary to hold the rcu lock and dev lock during the execution of hsrgetportndev. The hsrgetportndev function calls hsrforeachport, which requires holding the rcu lock. On the other hand, before returning the port...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fixed the double-free of fwnode in i2cunregisterdevice. Before committing the change df6d7277e552 “i2c: core: Do not dereference fwnode in struct device”, i2cunregisterdevice only called fwnodehandleput on ofnode-s by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: canaan: k230: added a NULL check in DT parsing. A NULL check was also added for the return value of ofgetproperty when retrieving the “pinmux” property in the group parser. This prevents a potential NULL pointer...