Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for crashes when mounting with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. Stack Trace: RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call Trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: qede: ensure that the skb is allocated before use. qedebuildskb assumes that buildskb always works and proceeds directly to skbreserve. However, buildskb may fail under memory pressure. This results in a kernel panic because the...

Astra Linux – Vulnerability in Linux, Linux 5.15

When SMT is enabled, certain AMD processors may speculateively execute instructions using a target from the sibling thread after a SMT mode switch, which may potentially lead to information disclosure...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the netdevsim device driver of the Linux kernel, related to the scheduling of events. This issue arises due to improper management of a reference count. This could allow an attacker to create a denial-of-service condition on the system...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpslowstartafteridle. When reading sysctltcpslowstartafteridle, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘ipmi: fix msg stack when IPMI is disconnected’” This fix reverts to the previous behavior in commit c608966f3f9c2dca596967501d00753282b395fc. This patch contains a minor bug that can cause the IPMI driver to enter an...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winchhandlers before registering the winchIRQ. Registering a winchIRQ can lead to a race condition; an interrupt may occur before the winch is added to the winchhandlers list. If this happens, registerwinchirq ad...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses the same device for both CPU and Platform. In such cases, the CPU component driver may not have the required driver-name fiel...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent the use of a lock before it is initialized. If a failure occurs during the probe of hfi1 before the sdmamaplock is initialized, the call to hfi1freedevdata will attempt to use a lock that has not been...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Intel-Microcode

Information exposure due to microarchitectural states after transient execution in certain vector execution units of some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In btusb, there is an issue where the cleanup operations during btusbdisconnect are not performed in the correct order, leading to a Use-After-Free UAF condition. There is also a KASAN issue in btusbdisconnect: A re...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: sysfb – Fixed a platform-device leak in the error path. Be sure to free the platform device even in the unlikely event that registration fails...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: FS:JFS:UBSAN: array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 The index 196694 is out of range for the type ‘s81365’ also known as...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ptdma: In ptcoreexecutecmd, it is necessary to use a spinlock. The interrupt handler ptcoreirqhandler of the ptdma driver can be called from the interrupt context. The code flow within this function may lead to ptcoreexecutecmd,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. The warning occurs during the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented; therefore, it needs to be decremented to prevent the options structure from being permanently locke...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP The ptpclocksettime function assumes that every ptpclock has implemented settime64. By using -EOPNOTSUPP as a stub, we prevent a NULL derefrence from occurring. This fix is similar to th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed the use of memory after freeing it in scsihexpandernoderemove. The function mpt3sastransportportremove called in scsihexpandernoderemove frees the port field of the sasexpander structure. This leads to a...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fixed integer overflow in sample size validation The wavefrontsendsample function has a problem with integer overflow when validating the sample size. The header-size field is of type u32, but it is cast to int f...