Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: freechooseargmap has been made resistant to partial allocations that may lead to NULL pointer dereferencing. freechooseargmap may dereference a NULL pointer if its caller fails after a partial allocation. For example, in...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Driver Core: Fixed a potential nullptrderef issue in deviceadd. I encountered the following nullptrderef issue during the fault injection test: Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000058 CPU: 2 PID:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers during parsing of Scarlett2 mixer interfaces The Scarlett2 mixer has a quirky behavior in the USB-audio driver; it may encounter a NULL dereference when a malformed USB descriptor is passed...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed a memory leak in setsspcomplete. A memory leak was fixed in setsspcomplete, where the mgmtpendingcmd structures are not freed after they are removed from the pending list. Commit 302a1f674c00 “Bluetooth:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: A double-free bug has been fixed in rockchipusb2phyprobe. The foreachavailablechildofnode function calls ofnodeput to release the child NPN in each successful loop. After exiting the loop when the child...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: Fix peer HE MCS assignment In ath11kwmisendpeerassoccmd, the peer’s transmit MCS is sent to the firmware as the receive MCS, while the peer’s receive MCS is sent as the transmit MCS. This contradicts the definitions...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: The zero-initialize of the eb.vma array in i915gemdoexecbuffer was corrected. The eb.vma array is initialized with values of 0 when the eb structure is first set up. Specifically, this sets the eb-vmai.vma pointers ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: The admin tagset is released if the initialization fails. The nvmefabrics function creates a NVMe/FC controller in the following path: nvmfdevwrite → nvmfcreatectrl → nvmefccreatectrl → nvmefcinitctrl The nvmefcinitctrl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: The spinlock is used as a lock for protecting the context list. Previously, a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block. Th...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: sched/deadline: Only the freecpus field is set for online runqueues. Commit 16b269436b72 “sched/deadline: Modified cpudl::freecpus to reflect rd-online“” introduced the cpudlset/clearfreecpu functions, allowing the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in agilent USB. If the agilent USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A “dirty folio” is one that has been written to. A “clean folio” is the opposite. Since a clean folio contains no user data, it can be freed under memory pressure. However, preserving the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed SError causing kernel panic upon closing. The occurrence of SError causing kernel panic was rare during testing. The root cause was entering suspend mode due to an timeout of the autosuspend delay...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fixed NULL dereferencing in linedisprelease. linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. This retrieval depends on the attachment list, but the attachment may have...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fixed a resource leak in the remove callback. The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of the SPI controller and other resources. This issue has been addressed by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disabled LPM on ST1000DM010-2EP102. According to a user report, the ST1000DM010-2EP102 has issues with LPM, causing random system freezes. This drive belongs to the same BarraCuda family as the ST2000DM008-2FR10...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “comedi: runflags cannot determine whether to reclaim chanlist” The syzbot reported a memory leak 1. The commit 4e1da516debb “comedi: Add reference counting for Comedi command handling” did not account for the exceptional exit ca...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: ioam: fixed potential NULL dereferencing in ioam6fillTraceData We need to check in6devget for a possible NULL value, as suggested by Yiming Qian. Also, replace skbdstdevrcu with skbdstdev, and add two missing READONCE...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The issue of double-free of the fcport has been completely fixed. In the function qla24xxelsdcmdiocb, sp-free is set to qla2x00elsdcmdspfree. When an error occurs, this function is called by qla2x00sprelease. Durin...