Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm: Fixed a potential null-ptr-deref due to drmmmodeconfiginit. drmmmodeconfiginit will call drmmodecreatestandardproperties, and it does not check the return value. When drmmodecreatestandardproperties fails due to allocatio...

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079...

Astra Linux – Vulnerability in ffmpeg, ffmpeg5

There is a NULL pointer dereference vulnerability in FFmpeg’s Firequalizer filter libavfilter/affirequalizer.c. This vulnerability arises due to a missing check on the return value of avmallocarray in the configinput function. An attacker could exploit this vulnerability by tricking a victim into...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: The proper IRQ domain must be passed to generichandledomainirq. Starting with the commit dd26c1a23fd5 “PCI: rcar-host: Switch to msicreateparentirqdomain”, the MSI parent IRQ domain is set to NULL because the obje...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection fault, likely due to an non-canonical address...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes. The modes in drcmclientmodesetprobe may fail to be allocated using kcalloc. If this occurs, we jump to out, and modesDestroy is called on it. This action will dereference modes. This could...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: pxa: fixed a null-pointer dereference in filter The kasprintf function would return a NULL pointer when kmalloc fails to allocate memory. It is necessary to check the return pointer before calling strcmp...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: Fixed NULL pointer dereferencing in icevsisetnapiqueues. Added NULL pointer checks in icevsisetnapiqueues to prevent crashes during resume from suspend when ringsqidx-qvector is NULL. Tested adapter: 60:00.0 Ethernet...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Added a check for the return value of mtkallocclkdata. The check is added to prevent dereferencing of a NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the block layer, care should be taken when checking for NULL bdev during polling. Wei reported a crash in an application that uses polled I/O: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/handshake: fixed null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if the socket lookup fails. We should also call tracehandshakecmddoneerr before releasing the file; otherwise, dereferencin...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb/client: Avoid referencing rdata=NULL in smb2newreadreq. This occurs when calling from SMB2read while using rdma, and when reaching the rdmareadwritethreshold...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fixed potential NULL dereferencing. The bpfjitbinaryfree function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge within NRJITITERATIONS steps, jitdata-header will be NULL, triggering a NULL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tipc: Check for a null pointer after calling kmemdup kmemdup may return a null pointer, so it is necessary to check for this. Otherwise, the null pointer will be dereferenced later in tipccryptokeyxmit, as can be seen in the trac...

Astra Linux – Vulnerability in Qemu

A NULL pointer dereference flaw was discovered in the floppy disk emulator of QEMU. This issue occurs when processing read/write ioport commands, especially if the selected floppy drive is not initialized using a block device. This flaw allows a privileged guest user to crash the QEMU process on...

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR in versions prior to 3.0.0-beta. A specially crafted input file provided by an attacker, when processed by the Dwa decompression functionality of OpenEXR’s IlmImf library, could lead to a NULL pointer dereferencing error. The greatest threat posed by this...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed double invocation of bnxtulpstop/bnxtulpstart Before the commit under the “Fixes” tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a null check in resourcelogpipetopologyupdate REASON When switching from “Extend” to “Second Display Only”, we sometimes call resourcegetotgmasterforstream on an eDP stream, even though the eDP is...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: Intel-thc-hid: Added a safety check for reading the DMA buffer. A readiness check for the DMA buffer is added before reading it, to avoid unexpected NULL pointer accesses...