Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed the missing .istwopixelspercontainer field. Starting from version 6.11, the AMDGPU driver, when loaded with amdgpu.dc=1, may cause a NULL pointer dereferencing on PCs with older GPUs, such as R9 280X, due t...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: betop: Check the shape of output reports The betopffinit function only checks that the total sum of the report counts for each report field is at least 4. However, hidbetopffplay expects 4 report fields. A device that sends ...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereference in the ffhevcputhevcepelpixels8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

Astra Linux – Vulnerability in binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-srv: Avoid null pointer deref during path establishment. For RTRS path establishment, the RTRS client initiates and completes connection establishment. After establishing all its connections, information is exchanged...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835spihandleerr: Fixed the issue of NULL pointer dereferencing for non-DMA transfers. If an IRQ-based transfer times out, the bcm2835spihandleerr function is called. Since commit 1513ceee70f2 “spi: bcm2835: Drop...

Astra Linux – Vulnerability in SQLite3

In SQlite 3.31.1, a potential null pointer derefrence was detected during the INTERSEC query processing...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: alcorpci: Fix nullptrderef when there is no PCI bridge There is an issue with the ASPM optional capability checking function. A device may be directly connected to the root complex. In this case, bus-selfbridge will be...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ATA: libata-transport: fixed the double call to atahostput in atatportadd In the error path in atatportadd, when calling putdevice, atatportrelease is called. This function decreases the refcount of ‘ap-host’. Then, atahostput is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed potential improper pointer dereferencing in bpfsysbpf. The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case, the argument union bpfattr pointer along...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

The dotlsgetsockopt function in net/tls/tlsmain.c in the Linux kernel, as of version 6.2.6, lacks a call to locksock. This results in a race condition, which can lead to a use-after-free or NULL pointer dereferencing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: The function genlunregisterfamily is called first in nbdcleanup. Otherwise, there may be a race between the removal of the module and the handling of the netlink command, which can lead to an oops as shown below: BUG: Kernel...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: The damofilter-list field is not initialized from the damosnewfilter function. The damosnewfilter function does not initialize the list field of the newly allocated filter object. However, the DAMON sysfs interface...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fixed invalid pointer dereferencing for v1 platforms The commit 3ef9f710efcb “pinctrl: mediatek: Added EINT support for multiple addresses” introduced an access to the ‘soc’ field of the struct mtkpinctrl...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fixed a possible null pointer dereferencing issue. In tpg110getmodes, the return value of drmmodeduplicate is assigned to mode. This could lead to a NULL pointer dereferencing issue if drmmodeduplicate...

Astra Linux – Vulnerability in libjpeg-turbo

A crafted input file could cause a null pointer dereference in jcopysamplerows when processed by libjpeg-turbo...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fixed a possible null-ptr-deref issue. This issue could lead to a null-ptr-deref when the resourcesizeaddrange function is called, if the platformgetresource function returns NULL...

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...