Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fixed a potential memory leak in kmemcacheopen. In the error path, the slub cache’s randomseq value might be leaked. This issue was addressed by using kmemcacherelease to release all relevant resources...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fixed a memory leak in the error path. If, for some reason, the speedbin length is incorrect, then there is a memory leak in the error path, as we never free the speedbin buffer. This commit fixes the error path so...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpucs: fixed the reference count leak of a dmafence object. This issue occurs in an error path within amdgpucsfencetohandleioctl. When info-in.what falls under the default case, the function simply returns...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Do not skip cleanup in the error path of the remove function. Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: espintcp: fixed skb leaks. Several error paths now include a kfreeskb...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: plfxlc: fixed a potential memory leak in lfxusbenablerx. The urbs variable is not freed during exception paths in lfxusbenablerx. This could lead to a memory leak. To fix this issue, add a call to kfree for the urbs variabl...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dma-buf/syncfile: Do not leak fences during merge failures. Each call to addfence performs a dmafenceget operation on the relevant fence. In error-prone scenarios, we did not call dmafenceput, resulting in all those fences bei...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nftables: nftdynset: fixed a possible stateful expression memory leak in the error path. If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Cleaning up a dangling pointer on the bind error path The mtkdrmBind function may fail, in which case drmdevPut is called, destroying the drmdevice object. However, a pointer to that object was still being held by t...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: The page is released in the error path to avoid BUGON. Consider the following sequence of events: 1. The userspace sends a UFFD ioctl, which ultimately calls shmemmfillatomicpte. We successfully account the blocks, a...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fixed a potential memory leak related to jitdata. Make sure that jitdata is freed through kfree in the error path...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: The affinity hint was cleared before calling ath11kpcicfreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation o...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000 – Fixed a UAF bug in the error path of probing. When the driver fails in sndcardregister during probing, it will free the bcd2k-midiouturb before terminating it, which could lead to a UAF bug. The following log can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: rpmsg: Fixed a possible refcount leak in rpmsgregisterdeviceoverride. rpmsgregisterdeviceoverride must call putdevice to free the vch when driversetoverride fails. This issue was fixed by adding a call to putdevice in the erro...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cxl: Fixed a memory leak in the error handling path. The bitmapzalloc function must be balanced by a corresponding bitmapfree function in the error handling path of afuallocateirqs...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a memory leak in mlx5eptpopen. When kvzallocnode or kvzalloc fails in mlx5eptpopen, the memory pointed to by “c” or “cparams” is not freed, which can lead to a memory leak. This issue has been fixed by freeing th...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fixed a possible double-free in the error handling path. When the auxiliarydeviceadd function returns an error and then calls auxiliarydeviceuninit, the callback function adevrelease calls kfreemadev. We should not cal...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: EFI: Fixed NULL dereference in the init error path. In cases where runtime services are not supported or have been disabled, the runtime services’ workqueue will never be allocated. Do not attempt to destroy the workqueue...

Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that processes images. It might seem like stbiloadgifmain does not provide any guarantees regarding the content of the output value delays in case of failure. Although it sets delays to zero at the beginning, it does not do so if the image is n...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fixed the issue where the reference count of the platform device was checked during the error path. The probe function never performs any platform device allocation. Therefore, the error path “undoplatformdevalloc”...