51308 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: siox: fixed a possible memory leak in sioxdeviceadd. If deviceregister returns an error in sioxdeviceadd, the name allocated by devsetname needs to be freed. As noted in the comments for deviceregister, it should use putdevice to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ata: libata-transport: fixed error handling in atatlinkadd In atatlinkadd, the return value of transportadddevice is not checked. As a result, a nullptrdereference exception occurs when removing the module, because...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fixed error handling in atatdevadd In atatdevadd, the return value of transportadddevice is not checked. As a result, a null-ptr-deref occurs when removing the module, because transportremovedevice is calle...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix a possible memory leak in iiosysfsTrigInit The devsetname function allocates memory for the device name. This memory needs to be freed when deviceadd fails. After calling putdevice, the reference held by...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of leaking the platform device when the module was removed. Avoid resetting the i8042platformdevice pointer that is shared across modules in i8042probe or i8042remove. This ensures that the device c...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data. The original logic for getting mma8452data is incorrect. The dev points to the device belonging to iiodev. We cannot use this dev to find the correct i2cclient. The...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: sofsdw – handling errors during card registration. If card registration fails, usually due to deferred probes, the device properties added for headset codecs are not removed, which leads to kernel errors during...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fixed error handling in sndprotoprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only calls ofnodeput in th...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Requires seeding the RNG with RDRAND on CoCo systems. There are few uses of CoCo that do not rely on functional cryptography and, consequently, a functioning RNG. Unfortunately, the CoCo threat model means that the VM...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed devices When an SCSI device is removed while still in active use, currently, sg will immediately return -ENODEV whenever an attempt is made to wait for active commands...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: coresight: Properly clear the connection field. The coresight devices track their connections output connections and hold a reference to the fwnode. When a device goes away, we iterate through the devices on the coresight bus and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently, the ml...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fixed an error handling path in cm3605probe. The commit in “Fixes” also introduced a new error handling path, which should replace the existing one. Otherwise, some resources may be leaked...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fixed a refcount leak in croseccodecplatformprobe. The ofparsephandle function returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Writeback: Avoid use-after-free after removing a device. When a disk is removed, the bdiunregister function is called to stop further writeback operations and wait for the associated delayed tasks to complete. However, wb...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: loop: Overflow check during loop configuration The user space can configure a loop using an ioctl call. In this process, a configuration of type loopconfig is passed see the loioctl case on line 1550 of drivers/block/loop.c. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Cloning zoned device info when cloning a device When cloning a btrfsdevice, we are not cloning the associated btrfszoneddeviceinfo structure of the device, especially in cases where the filesystem is zoned. This ca...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecuart: properly fixed the race condition The crosecuartprobe function calls devmserdevdeviceopen before calling serdevdevicesetclientops. This can lead to a NULL pointer dereference: BUG: NULL pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: ti: am65-cpsw: Fixed segmentation fault during module unloading. The call to am65cpswnussphylinkcleanup has been moved to after am65cpswnusscleanupndev, so phylink remains valid. This prevents the segmentation faul...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: octeonep: fixed a potential memory leak in octepdevicesetup. When errors such as unsupporteddev and mbox init occur, the variables oct-conf and iounmap oct-mmioi.hwaddr were not freed properly. This could lead to a memory leak...