Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fixed a possible null-ptr-deref issue when initializing hardware. The result of the avsdaifindpathtemplate function must be verified before being used. Since the ‘template’ is already known when...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: A fix was made to the NULL pointer dereference in dwc3gadgetsuspend. In current scenarios where “Plug-out” and “Plug-In” operations are performed continuously, there is a possibility that a NULL pointer...

Astra Linux – Vulnerability in SQLite

In SQLite version 3.22.0, databases whose schemas are corrupted using the CREATE TABLE AS statement could lead to a NULL pointer dereferencing issue, related to build.c and prepare.c...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in the axichanhandleerr function. Since there is no protection for vd, a kernel panic will be triggered in exceptional cases. You can refer to the processing of the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed an issue where a use-after-free occurred when disabling sriov. The use-after-free was detected by kfence when disabling sriov. What was read after it was freed was vf-pcidev: it was freed from pcidisablesriov, and...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: objtool: Fixed the SEGFAULT issue. findinsn: This function will return NULL in case of failure. Check the insn order to avoid a kernel error due to NULL pointer dereferencing...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: pxa: fixed a null-pointer dereference in filter The kasprintf function would return a NULL pointer when kmalloc fails to allocate memory. It is necessary to check the return pointer before calling strcmp...

Astra Linux – Vulnerability in Qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xenvifrxnextskb: Avoid entering this function with an empty rx queue. xenvifrxnextskb expects that the rx queue is not empty. However, if the loop in xenvifrxaction performs multiple iterations, the availability of another skb in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the media section, for staging, in media for zoran, the correct buffer size for zoranreapstatcom was calculated incorrectly. When tmpdcim=1 is set, the index of the buffer was miscalculated. This could lead to a NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “phy: qcom-qmp-combo: fix NULL-deref on runtime resume” The commit with ID fc64623637da “phy: qcom-qmp-combo,usb: add support for separate PCSUSB region” began treating the PCSUSB registers as potentially separate from the PCS...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some USB hubs will negotiate DisplayPort Alt mode with the device. However, they will then negotiate a data role swap after entering the Alt mode. This data role swa...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed the system suspension without fbdev being initialized. If fbdev is not initialized for some reason—in practice on platforms without a display—suspending fbdev should be skipped during system suspension. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check the folio pointer to ensure it is not NULL. It can become NULL if the bbmap function is called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fixed the stack layout to match the archftraceregs argument of ftracereturntohandler. Naresh Kamboju reported a “Bad frame pointer” kernel warning while running the LTP trace ftracestresstest.sh in riscv. We can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed kernel address leakage in atomic fetch The change in commit 37086bfdc737 “bpf: Propagates stack bounds to registers in atomic operations with BPFFETCH” regarding the handling of checkmemaccess is flawed. This flaw allo...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netsched: Fixed NULL dereferencing in fifosetlimit. syzbot reported another NULL dereferencing in fifosetlimit. 1 I can reproduce the issue with the following commands: unshare -n tc qd add dev lo root handle 1:0 tbf limit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drbd: fixed the issue of null-pointer dereference during local read operations. In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: c reqmodreq, what, NULL, &m; The handler for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a check for kmemdup. Since kmemdup may return a NULL pointer, it would be better to add a check on the return value to avoid dereferencing a NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...