110 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clkdisable from mtkiommuremove. After the commit b34ea31fe013 “iommu/mediatek: Always enable the clk on resume”, the iommu clock is controlled by the runtime callback. Therefore, the clkdisable function is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fixed a race condition in amdteeopenSession. There is a potential race condition in amdteeopenSession that may lead to a use-after-free. For example, in amdteeopenSession, after sess-sessmask is set, and before the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was performing a socket lookup, taking a reference count of the socket. It w...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: soundwire: Reverted “soundwire: qcom: Add setchannelmap API support”. This reversion corresponds to commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch caused issues with Dragonboard 845c sdm845. The following errors...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed NULL pointer dereferencing in nilfspalloccommitfreeentry. Syzbot reported a NULL pointer dereferencing bug: NILFS loop0: segctord started. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 0...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a possible null-ptr-deref issue when assigning a stream. While AudioDSP drivers assign streams that are exclusively of HOST or LINK type, nothing prevents a user from attempting to assign a COUPLED stream. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet: fixed a memory leak in nvmetauthsetkey When changing dhchap secrets, we also need to release the old secrets. kmemleak complaint: -- Unreferenced object 0xffff8c7f44ed8180 size 64: Comm “check”, pid 7304, jiffies 429568613...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fixed incorrect usage of kvalloc/vfree. The kv family of functions were accidentally freed with vfree instead of using kvfree. Please use kvfree instead...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxt: prevents a UAF Use After Free error after handing over control to the PTP worker. When reading the timestamp, bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterward, ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed data corruption in the dsync block recovery process for small block sizes. The helper function nilfsrecoverycopyblock in nilfsrecoverydsyncblocks incorrectly calculates the on-page offset when copying repair data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers during parsing of Scarlett2 mixer interfaces The Scarlett2 mixer has a quirky behavior in the USB-audio driver; it may encounter a NULL dereference when a malformed USB descriptor is passed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nouveau/gsp: removing the WARNON messages in ACPI probes. These WARNON messages seem to trigger frequently, and we currently do not have a plan to fix them. Therefore, we’re simply removing them, as they are likely harmless...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit. This code checks that the “index” has an upper limit, but it does not check for negative values. Changing the data type to unsigned will prevent underflow issues...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fixed a possible null-ptr-deref issue. This issue could lead to a null-ptr-deref when the resourcesizeaddrange function is called, if the platformgetresource function returns NULL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed issues with space cache corruption and potential double allocations. When testing spacecache v2 on a large set of machines, we encountered a few issues: 1. Errors of the type “unable to add free space :-17” EEXIST...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/gup: Fixed the FOLLFORCE COW security issue and removed FOLLCOW. Since the Dirty COW CVE-2016-5195 security issue occurred, we know that FOLLFORCE can potentially be dangerous, especially if there are races that can be exploit...
Astra Linux – Vulnerability in Linux 5.10
A vulnerability has been discovered in the Linux kernel. It has been rated as problematic. The affected component is the sessfreebuffer function in the fs/cifs/sess.c file of the CIFS Handler module. This vulnerability can lead to double-free operations. It is recommended that patches be applied ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Fixed an error in parsing OOB read responses for symlinks. When a CREATE command returns STATUSSTOPPEDONSYMLINK, the smb2checkmessage function returns success without performing any length validation. As a result,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...