Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Correctly decodes TTLM with the default link map. The TID-to-link mapping TTLM elements do not contain any link mapping presence indicators when a default mapping is used, and parsing is skipped. It should be not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: Fixed a potential use of the object “link” after it is freed in the function iwlmldremovelink. This code frees the “link” by calling kfreerculink, rcuhead, and then dereferes “link” to obtain “link-fwid”. Save...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media:v4l2-core: A potential resource leak has been fixed in v4l2fwnodeparselink. If the fwnodegraphgetremoteendpoint function fails, fwnode is known to be NULL. Therefore, fwnodehandlePUT is a no-op. Instead, the reference...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Use IWLFWCHECK for link ID checking The lookup function iwlmvmrcufwlinkidtolinkconf is typically called with inputs from the firmware. Therefore, it should use IWLFWCHECK instead of WARNON...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After the DME Link startup, the error return value is set to the MIPI UniPro GenericErrorCode, which can be either 0 SUCCESS or 1 FAILURE. During a driver probe, the error cod...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed NULL pointer dereferencing in iavfgetlinkksettings. Fixed a potential NULL pointer dereferencing issue, caused by freeing adapter-vfres in iavfinitgetresources. The previous commit introduced a regression, where...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon missed situations. During beacon missed handling, the ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: Fixed the WARNON message for the monitor mode on some devices. On devices without WANTMONITORVIF and likely without channel context support, we receive a WARNON message when changing the per-link settings of a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed the link speed calculation in case of retrain failures. When pciefailedlinkretrain fails to retrain, it attempts to revert to the previous link speed. However, it calculates this speed from the Link Control 2 regist...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring: The incorrect reference to iokiocb in iolinkskb has been fixed. In the iolinkskb function, there is a bug where the value of prevnotif is incorrectly assigned using ‘nd’ instead of ‘prevnd’. This causes the context...

Astra Linux – Vulnerability in binutils

A vulnerability was discovered in GNU Binutils 2.45. The affected function is elflinkaddobjectsymbols in the file bfd/elflink.c of the Linker component. This vulnerability leads to out-of-bounds read attacks. The attack can be carried out locally. The exploit has been made public and can be...

Astra Linux – Vulnerability in Firefox and Thunderbird

By using a link with rel="localization", a use-after-free could occur if an object is destroyed during JavaScript execution, and then the object is referenced through a freed pointer, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: SCO: Fixed UAF on scosocktimeout The conn-sk might have been unlinked/freed while waiting for scoconnlock. Therefore, this check determines whether conn-sk is still valid by verifying that it is part of scosklist...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: The link ID is cleared from the bitmap during link deletion after cleanup. Currently, during link deletion, the link ID is first removed from the validlinks bitmap before any cleanup operations are performed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation REASON The last LT automation update may cause a crash by referencing currentstate and calling dcupdateplanesandstream, which may corrupt currentstat...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the structure struct...

Astra Linux – Vulnerability in Firefox and Thunderbird

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - Ice: Fixed the KASAN error in the LAG NETDEVUNREGISTER handler. Currently, the same handler is called for both the NETDEVBONDINGINFO LAG unlink notification and the NETDEVUNREGISTER call. This causes a problem, as the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fixed an issue where out-of-bounds access occurred during the multi-link element defragmentation process. Currently, during the multi-link element defragmentation process, the length of the multi-link element is...