Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: canaan: k230: added a NULL check in DT parsing. A NULL check was also added for the return value of ofgetproperty when retrieving the “pinmux” property in the group parser. This prevents a potential NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: armmpam: Fixed null pointer dereference when restoring bandwidth counters When a MSC that supports memory bandwidth monitoring is brought offline and then brought back online, the mpamrestorembwustate function calls rismsmonread...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996: Avoid NULL pointer dereferencing in mt7996setmonitor The function mt7996setmonitor dereferences a pointer to phy before performing the NULL sanity check. This issue could lead to NULL pointer dereferencing. To...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fixed a possible null-ptr-deref issue when assigning a stream. While AudioDSP drivers assign streams that are exclusively of HOST or LINK type, nothing prevents a user from attempting to assign a COUPLED stream. The...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pcmcia: A NULL pointer dereferencing was fixed in iodynfindioregion. In iodynfindioregion, pcmciamakeresource is assigned to res and used in pciBusallocResource. There is a dereferencing of res in pciBusallocResource, which could...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89: Avoid NULL dereferencing when a problematic packet is received on an unsupported 6 GHz band. There is a very rare chance that the RX report might be problematic, causing the software to assume that a packet was...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an DFS traversal error without CONFIGCIFSDFSUPCALL. When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. The logic for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and corresponding...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – Fix for null pointer access when aborting scanning. During the cancellation of scanning, we might use vifs that were not actually scanning. This issue was fixed by using the vifs that were actually performing scanni...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp – Always pass an error pointer to sevplatformshutdownlocked When 9770b428b1a2 “crypto: ccp – Move devinfo/err messages for SEV/SNP init and shutdown” moved the error messages so that they don’t need to be issued by...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mmc: via-sdmmc: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed handling of incorrect devices during the bond netevent process. The current implementation of the bond netevent handler only checks whether the handled netdev is a VF representative. However, there is no check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: acct: The last write operation should now occur from the workqueue, using the caller’s credentials. This resolves the issue where the acct2 system call could cause a NULL derefrence when writing to a file that triggers an interna...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fixed the NULL crash caused by the shrinker function when cgroupdisable=memory is set. Christian reported a NULL dereference in zswap; he was able to trace the issue back to the zswap shrinker function. This issue also...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Added a check for mgmtallocskb in mgmtdeviceconnected. Added a check on the return value of mgmtallocskb in mgmtdeviceconnected to prevent null pointer dereferencing...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fixed a possible null pointer dereference issue. In the vc4hdmiaudioinit function, the getaddress function may return NULL, which can later be dereferenced. This bug has been fixed by adding a NULL check. This issue was...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check the return value when calling devsetname If devsetname fails, the devname will be null. Check the return value of devsetname to avoid a null-ptr-deref...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fixed a nullptrderef issue in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “aio”: fixed the issue with mremap after a fork operation involving null-dereferencing. The commit e4a0d3e720e7 “aio: Makes it possible to remap the aio ring” introduced a null-dereference if mremap is called on an old aio mappin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fixed a potential NULL dereference in ethtoolsetcoalesce. ethtoolsetcoalesce now uses both .getcoalesce and .setcoalesce callbacks. However, the check for their availability is buggy. Therefore, changing the...