Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netsched: Fixed NULL dereferencing in fifosetlimit. syzbot reported another NULL dereferencing in fifosetlimit. 1 I can reproduce the issue with the following commands: unshare -n tc qd add dev lo root handle 1:0 tbf limit...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing in the ffhevcputweightedpredavg8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: GPU: lontium-lt9611: Fixed a NULL pointer dereference in lt9611connectorinit. A NULL check on bridge-encoder indicates that it may be NULL, but it has already been dereferenced on all paths leading to the check. 812: if...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel through version 5.16-rc6. The function rtwinitxmitpriv in drivers/staging/r8188eu/core/rtwxmit.c lacks a check on the return value of rtwallochwxmits, which can lead to a null pointer derefrence...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed the potential NULL pointer dereferencing in nilfsbtreeinsert The patch series “nilfs2: fixes potential issues with empty B-tree nodes” addresses three potential issues with empty B-tree nodes that can occur with...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstjpegdecnegotiate function in gstjpegdec.c. This function does not check for a NULL return value from gstvideodecodersetoutputstate. When this occurs,...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fixed the null-ptr-deref issue in hugetlbfsParseParam Syzkaller reported a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: checking the return value after calling platformgetresource. This will cause a null-ptr-deref if platformgetresource returns NULL; therefore, we need to check the return value...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bnxten: Adjusted the logging of firmware messages in case the token is released in hwrmsend. If the token is released because token-state equals BNXTHWRMDEFERRED, the released token set to NULL is used in log messages. This issue...

Astra Linux – Vulnerability in Linux

A NULL pointer dereference flaw was discovered in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1. This flaw allows a local user to crash the system. The flaw occurs when the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fixed a potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but this function is exposed to user space before the entry is allocated via...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource This vulnerability could lead to a null-ptr-deref issue if platformgetresource returns NULL. Therefore, we need to check the return value...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed the missing .istwopixelspercontainer field. Starting from version 6.11, the AMDGPU driver, when loaded with amdgpu.dc=1, may cause a NULL pointer dereferencing on PCs with older GPUs, such as R9 280X, due t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for xfrm realdev null pointer dereference We should not set realdev to NULL, because packets may still be in transit, and xfrm might call xdodevoffloadok in parallel. All callbacks assume that realdev is set. Example...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed potential NULL pointer dereferences in dcn10setoutputtransferfunc. The stream pointer is used in dcn10setoutputtransferfunc before checking whether stream is NULL. The issue was fixed in:...

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, when parsing a crafted XML file, performs incorrect memory handling, resulting in a NULL pointer being dereferenced while running strcmp on a NULL pointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in the axichanhandleerr function. Since there is no protection for vd, a kernel panic will be triggered in exceptional cases. You can refer to the processing of the...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...