Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cgroup: Added the missing cpusreadlock function to cgroupattachtaskall. The syzbot tool encounters a warning regarding percpurwsemassertheld&cpuhotpluglock when calling cpusetattach 1. This issue was missed because cpusetattach i...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed an issue where IO operations could hang due to a race condition involving the sbitmap wakeup mechanism. In blkmqmarktagwait, addwaitqueue might be re-ordered. In addition, blkmqgetdrivertag might fail if the driver...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed the refcount leak in nfsdgetdirdeleg Claude pointed out that there is a refcount leak in nfsdgetdirdeleg. Ensure that the reference to “fp” is released before returning...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nouveau/gsp: removing the WARNON messages in ACPI probes. These WARNON messages seem to trigger frequently, and we currently do not have a plan to fix them. Therefore, we’re simply removing them, as they are likely harmless...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Initializes the bytes read by the event handler. IPMB does not use i2c reads; however, the handler needs to set a value. Otherwise, an i2c read will return an uninitialized value from the bus...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Fuse: Fix for the deadlock caused by reclaimeduring. The commit e26ee4efbc79 “Fuse: Allocate ff-releaseargs only if release is needed” avoids allocating ff-releaseargs if the server does not implement open. However, in doing so,...

Astra Linux - уязвимость в linux, linux-5.10

A memory flaw after deallocation was discovered in the Linux kernel’s garbage collection for Unix domain socket file handlers. This flaw occurs when users call close and fget simultaneously, potentially triggering a race condition. This flaw allows a local user to crash the system or escalate the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fixed a race condition when gathering fdinfo group samples The commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups using an xarray lock, which could lead to use-after-free...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for out-of-bounds punch offset Punching a hole with a start offset that exceeds maxend is not allowed. This will result in a negative length in the truncateinodepartialfolio function when truncating the page cache,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - For the spi: amlogic: spifc-a4 component, there is a issue where the ECC engine is not registered properly upon probe failures, and the remove callback is not executed. - The amlsfcprobe function registers the on-host NAND E...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Added missing error checking for clock acquisition. The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when invalid...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PM: EM: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Memory: mtk-smi – fixed device leaks during the common probe. Make sure to remove the references made when checking the SMI device during a common probe after a late probe failure e.g., probe deferral, as well as during driver...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: freescale: Fixed a memory out-of-bounds issue when numconfigs is 1. The configuration passed in by padwakeup is set to 1 when numconfigs is 1. In this case, Configuration 1 should not be retrieved, which will be detected...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: ibmvfc: Queue resources are only allocated/free during probe/remove operations. Currently, sub-queues and event pool resources are allocated/free for every CRQ connection event, such as reset and LPM. This exposes the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoided memory leak in applereportfixup The applereportfixup function was returning a buffer allocated using kmemdup, but never freeing that buffer. The caller of reportfixup does not take ownership of the returned...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is counted as a MMCID user before it becomes visible in the process’ thread list and the global task list. This creates the following problem: CPU1 CPU2...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: The “Drain deferred trigger” operation is freed if kthread creation fails. Registration of boot-time triggers may fail before the trigger-data cleanup is completed. If a kthread exists, deferring the “Drain deferred...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: Stop checking the validity of op-maxfreq in the supportsop callback. In commit 13529647743d9 “spi: microchip-core-qspi: Support frequency switches per spi-memory operation”, the logic for checking the...