Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fixed a NULL pointer dereferencing in hugetlbsfillsuper When configuring a hugetlb filesystem via the fsconfig syscall, there is a possibility of a NULL dereferencing in hugetlbfsfillsuper, caused by assigning NULL to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Check whether hwpp is valid in dpuencoderhelperphyscleanup. The commit 8b45a26f2ba9 “drm/msm/dpu: Reserve CDM blocks for writeback in case of YUV output” introduced a warning about another conditional block in...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: A null pointer check was added in updateeventsingroup. kasprintf returns a pointer to dynamically allocated memory; this pointer can be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fixed a null pointer dereferencing in ofsysconregister. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed a NULL pointer dereferencing issue in gfs2rgrpdump. Syzkaller reported a NULL pointer dereferencing issue when accessing rgd-rdrgl in gfs2rgrpdump. This can occur when creating rgd-rdgl fails in readrindexentry. A NUL...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check the return value when calling devsetname If devsetname fails, the devname will be null. Check the return value of devsetname to avoid a null-ptr-deref...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

The dotlsgetsockopt function in net/tls/tlsmain.c in the Linux kernel, as of version 6.2.6, lacks a call to locksock. This results in a race condition, which can lead to a use-after-free or NULL pointer dereferencing...

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.0259...

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable” to cause a NULL pointer dereference. Version 5.9.2 includes a patch to addres...

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials could use an incorrectly formatted OID in a GET-NEXT command to nsVacmAccessTable, resulting in a NULL pointer dereferencing. Version 5.9.2 includes a patch...

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the function vimregexecstring at regexp.c:2729 in the GitHub repository vim/vim, prior to version 8.2.4901. NULL pointer dereferencing in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash through crafted inputs...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy’s long-nonblocking-modeset-vs-cursor-atomic fails with a NULL pointer dereference. This issue can be reproduced when both an eDP panel and a DP monitor are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: A NULL pointer dereference has been fixed in tcpmpdsvdm. It is possible that typecregisterpartner returns ERRPTR upon failure. When port-partner results in an error, a NULL pointer dereference may occur, as show...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fixed potential NULL pointer dereferencing in ncmbitrate In Google’s internal bug report 265639009, we received a crash report from a aarch64 GKI 5.10.149-android13 running device. This report is currently...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, there was a NULL pointer dereference vulnerability in rdpwritelogoninfov2. This vulnerability allowed a malicious RDP server to crash the FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix nullptrderef in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious dat...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996: fixed null pointer dereference in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store the updated queue settings in that case and apply them later...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fixed NULL pointer dereferencing in sanitycheck. If mockchain returns NULL due to a memory allocation failure, it is passed to dmafenceenableswsignaling, resulting in a NULL pointer dereferencing there. Call...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...