Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers during parsing of Scarlett2 mixer interfaces The Scarlett2 mixer has a quirky behavior in the USB-audio driver; it may encounter a NULL dereference when a malformed USB descriptor is passed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The senddone handler now handles completion without using IBSENDSIGNALED. With smbdirectsendbatch, we likely have requests that do not include IBSENDSIGNALED. These requests will be destroyed during the final request...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: fixed the RESPONSE authenticator parser OOB read issue. The rxgkverifyauthenticator function copies authlen bytes into a temporary buffer, and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add the buffer to the list only after a successful allocation. We moved the listaddtail function to after dmaalloc attrs succeeds when creating internal buffers. Previously, the buffer was enqueued into buffers-list...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ice: ptp: do not emit a WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to only pass through a PF that does not own the source timer. In such cases, the PTP controlling PF adapter-ctrlpf is neve...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: Fixed error handling for pagepool in lan966xfdmarxallocpagepool. pagepoolcreate may return an ERRPTR upon failure. This return value is used unconditionally in the subsequent loop. The error pointer is passed throug...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/zcrypt: Fixed a memory leak when CCA cards are used as accelerators. Tests revealed that a memory leak occurs when CCA cards are used as accelerators for clear-key RSA requests ME and CRT. With the recent modifications to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - Media: qcom: camss: vfe: Fixed an out-of-bounds access in vfeisrregupdate. The vfeisr function iterates using MSMVFEIMAGEMASTERSNUM7 as the loop boundary and passes the index to vfeisrregupdate. However, the vfe-line array i...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - usb: dwc2: gadget: Fixed the mismatch between spinlock and unlock calls in dwc2hsotgudcstop. - dwc2gadgetexitclockgating internally calls the callgadget macro. This macro expects hsotg-lock to be held since it performs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed the classification of interlaced plain extents for encoded extents. Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Check whether the target buffer list is still of the legacy type during recycling. There is a gap between the time the buffer is acquired and the time it potentially gets recycled. If the bufferlist is empty, someon...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an incorrect return value after changing the leaf in lookupextentdataref After commit 1618aa3c2e01 “btrfs: simplified return variables in lookupextentdataref”, the err and ret variables were merged into a single ret...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validation of doorbelloffset during user queue creation. The function amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without proper checking. An arbitrarily large...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate the content of the release report before using it for RTL8922DE. The commit 957eda596c76 "wifi: rtw89: pci: validate the sequence number of the TX release report" performs validation on existing chips...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipvs: Fixed the NULL dereference in the error path of ipvsaddservice. When ipvsbindscheduler successfully calls ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the cleanup code...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: Fixed a heap buffer overflow in ioam6fillTraceData. In the receive path, ioam6fillTraceData uses trace-nodelen to determine how much data to write for each node. It relies on this field directly from the incoming...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls. The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/hugetlb: restored global reservations to the subpool The commit a833a693a490 "mm: hugetlb: fixed an incorrect fallback for the subpool" fixed this issue. Additionally, a underflow error was addressed in hstate-resvhugepages...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: arm64: Fixed a no-op check in setaccessflags, which could lead to errors when detecting SMMU/ATS faults. The function contpteptepsetaccessflags compared the gathered value from ptepget with the requested state to detect no-ops...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed an infinite fault loop that occurred during GPA intercepts when permissions were denied. This issue prevents infinite fault loops when guests access memory regions without proper permissions. Currently,...