69 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: md-raid10: fixed the KASAN warning There is a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We have fixed this warning by verifying that the value “number” is valid. BUG: KASAN:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The overflow check in the probe session-duplication function increased the session count, even when there were no more available sessions. This could lead to corruption of memory beyon...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - regulator: pfuze100 – Fixed the refcount leak in pfuzeparseregulatorsdt. - ofnodeget now returns a node with the refcount incremented. - calling ofnodeput is no longer required when referencing a node is no longer necessary...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mac80211: A potential double-free operation occurred during mesh join. While commit 6a01afcf8468 “mac80211: Mesh: Deleting ie data when leaving the mesh” fixed a memory leak that occurred during mesh leave/teardown, it introduced...
Astra Linux – Vulnerability in Linux 5.15
A use-after-free flaw was discovered in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c within the NFS filesystem of the Linux kernel. This issue could allow a local attacker to crash the system or may lead to a kernel information leak...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: The MR restrack must be released when it is deleted. The MR restrack also needs to be released when it is deleted; otherwise, a memory leak may occur, as the task struct will not be released...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a bug in extent parsing when ehentries == 0 and ehdepth 0. When traversing inode extents, the ext4extbinsearchidx function assumes that the extent header has been validated previously. However, there are no checks to...
Astra Linux – Vulnerability in Linux 5.15
A flaw in memory writing within the Linux kernel’s UDF file system functionality was discovered. This flaw allows a user to trigger certain file operations, which in turn triggers udfwritefi. A local user could exploit this flaw to crash the system or potentially cause other malicious actions...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3 – A refcount leak was addressed in mtkpcieinitirqdomains. The function ofgetchildbyname returns a node pointer whose refcount is incremented. Therefore, we should use ofnodeput on it when we no longer need it. ...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereferencing in steamrecv,sendreport It is possible for a malicious device to fail to submit a Feature Report. The HID Steam driver currently does not handle this situation and dereferences the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: - usbnet: Fixed a memory leak in error cases. - usbnetwritecmdasync: Incorrectly handled which buffers need to be freed in different error cases. Changes made in versions: - v2: Added a “Fixes” tag. - v3: Fixed an issue with a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed null-ptr-deref when xps sysfs alloc fails. There is a null-ptr-deref when xps sysfs alloc fails: BUG: KASAN: null-ptr-deref in sysfsdocreatelinksd+0x40/0xd0 Reading a 8-byte value at address 0000000000000030 by...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fixed a memory leak in the -hpdnotify callback. The EDID returned by drmbridgegetedid needs to be freed...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: mtd: maps: pxa2xx-flash: fixed a memory leak in the probe function. Added “free ‘info’” upon remapping errors to avoid memory leaks. : Reworded the commit log...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxt: prevents a UAF Use After Free error after handing over control to the PTP worker. When reading the timestamp, bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterward, ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Media: i2c: ov772x: Fixed a memory leak in ov772xprobe. A memory leak was reported when testing ov772x with the bpf mock device. AssertionError: Unreferenced object 0xffff888109afa7a8 size 8: comm "python3", pid 279, jiffies...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Do not hard code the device address length in fdb dumps. syzbot reports that some netdev devices do not have a six-byte address. Replace ETHALEN with dev-addrlen. 1 In cases where dev-addrlen = 4 BUG: KMSAN:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – fix double-free on the TX path. We observe kernel crashes, lockups, and KASAN errors related to the ax210 firmware. One of the KASAN logs pointed to the TX path, and it appears that there is indeed a way to...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem with the udlfb driver, caused by an endpoint that does not have the expected type. usb 1-1: Failed to read the EDID byte 0; result: -71. usb 1-1: Unable to...