Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In video/aperture, it is now possible to match the device in sysfbdisable. In apertureremoveconflictingpcidevices, we currently only call sysfbdisable for VGA-class devices. This leads to the following issue when the primary devi...

Astra Linux – Vulnerability in Linux

A NULL pointer dereference flaw was discovered in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1. This flaw allows a local user to crash the system. The flaw occurs when the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/msm: Add missing check and destroy for allocorderedworkqueue” This change reverts to the previous behavior in commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0. A recent patch attempted to fix the issues related to msmdrminit,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: unittest: Fix null pointer dereferencing in ofunittestfindnodebyname Description: When kmalloc fails to allocate memory in kasprintf, variables like name or fullname will be NULL. In this case, strcmp will cause a null...

Astra Linux - уязвимость в linux-5.15

A flaw in the NULL Pointer Dereference mechanism within the Linux kernel’s NTFS3 driver function attrpunchhole was identified. A local user could exploit this flaw to crash the system...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel before version 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allowed an unprivileged user to trigger a denial of service system crash through a crafted traffic control configuration set up using the "tc qdisc" and "tc class" commands. This issue affect...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/eventsbase.c allows event-channel removal during the event-handling loop a race condition. This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2, where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub’s argument list. However, it does not check in case the memory allocation fails. Once the allocation fails, a NULL pointer will be processed by the parseoption function,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i2c: smbus – fixed the dereferencing of NULL function pointers. Baruch reported an OOPS error when using the Designware controller as the target. Only targeting mode breaks the assumption that one transfer function is always...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fixed a NULL pointer dereferencing in hugetlbsfillsuper When configuring a hugetlb filesystem via the fsconfig syscall, there is a possibility of a NULL dereferencing in hugetlbfsfillsuper, caused by assigning NULL to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Check whether hwpp is valid in dpuencoderhelperphyscleanup. The commit 8b45a26f2ba9 “drm/msm/dpu: Reserve CDM blocks for writeback in case of YUV output” introduced a warning about another conditional block in...

Astra Linux – Vulnerability in curl

Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: A null pointer check was added in updateeventsingroup. kasprintf returns a pointer to dynamically allocated memory; this pointer can be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fixed a null pointer dereferencing in ofsysconregister. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a NULL pointer dereferencing issue in gfs2rgrpdump. Syzkaller reported a NULL pointer dereferencing issue when accessing rgd-rdrgl in gfs2rgrpdump. This can occur when creating rgd-rdgl fails in readrindexentry. A NUL...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check the return value when calling devsetname If devsetname fails, the devname will be null. Check the return value of devsetname to avoid a null-ptr-deref...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fixed the null-pointer dereference in pgtablecacheadd. kasprintf returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure. Ensure that the allocation was successful by checking th...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

The dotlsgetsockopt function in net/tls/tlsmain.c in the Linux kernel, as of version 6.2.6, lacks a call to locksock. This results in a race condition, which can lead to a use-after-free or NULL pointer dereferencing...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...