Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some USB hubs will negotiate DisplayPort Alt mode with the device. However, they will then negotiate a data role swap after entering the Alt mode. This data role swa...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915: Fixed the system suspension without fbdev being initialized. If fbdev is not initialized for some reason—in practice on platforms without a display—suspending fbdev should be skipped during system suspension. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check the folio pointer to ensure it is not NULL. It can become NULL if the bbmap function is called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fixed the stack layout to match the archftraceregs argument of ftracereturntohandler. Naresh Kamboju reported a “Bad frame pointer” kernel warning while running the LTP trace ftracestresstest.sh in riscv. We can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed kernel address leakage in atomic fetch The change in commit 37086bfdc737 “bpf: Propagates stack bounds to registers in atomic operations with BPFFETCH” regarding the handling of checkmemaccess is flawed. This flaw allo...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netsched: Fixed NULL dereferencing in fifosetlimit. syzbot reported another NULL dereferencing in fifosetlimit. 1 I can reproduce the issue with the following commands: unshare -n tc qd add dev lo root handle 1:0 tbf limit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drbd: fixed the issue of null-pointer dereference during local read operations. In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: c reqmodreq, what, NULL, &m; The handler for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a check for kmemdup. Since kmemdup may return a NULL pointer, it would be better to add a check on the return value to avoid dereferencing a NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: Potential allocated iovec in the cache may be freed after a failure. If a read/write request passes through ioreqrwcleanup, and an allocated iovec is attached to the request but fails to be placed into the rwcache, it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armffa: Check if ffadriverremove is present before executing it. Currently, ffadrv-remove is called unconditionally from ffadeviceremove. Since the driver registration does not check for this, and allows it to be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential null-ptr-dereference in tracearray in kprobeeventgentestexit When testgenkprobecmd fails after kprobeeventgencmdend, it will go to delete, which will call kprobeeventdelete and release the...

Astra Linux – Vulnerability in ffmpeg

A issue was discovered in the function latmwritepacket in the file libavformat/latmenc.c in Ffmpeg 4.2.1. This issue allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer dereference...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fixed the null-pointer-dereference issue in slgtclean. When the driver fails at allochdlcdev, and then we remove the driver module, we will encounter the following error: 25.065966 General protection fault; likel...

Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/bridge: sii902x: Fixed the probing race issue A null pointer dereference crash has been observed rarely on TI platforms using the sii9022 bridge: 53.271356 sii902xgetedid+0x34/0x70 sii902x 53.276066...

Astra Linux – Vulnerability in binutils

A issue was discovered in elflinkinputbfd within elflink.c, part of the Binary File Descriptor BFD library also known as libbfd, as included in GNU Binutils 2.31. There is a NULL pointer dereferencing issue in elflinkinputbfd when it is used to find STTTLS symbols without a TLS section present. A...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: Added the missing icedeinithw function in devlinkreinitpath. devlink-reload results in a iceinithwfailed error. Removing the ice driver causes a NULL pointer dereference issue. +0.102213 ice 0000:ca:00.0: iceinithwfailed: -1...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: The proper IRQ domain must be passed to generichandledomainirq. Starting with the commit dd26c1a23fd5 “PCI: rcar-host: Switch to msicreateparentirqdomain”, the MSI parent IRQ domain is set to NULL because the obje...

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in the saneiepsonnetread function in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, known as GHSL-2020-075...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fixed NULL dereference in error cleanup. In watchqueuesetsize, the error cleanup code does not take into account that freepage cannot handle a NULL pointer when trying to free buffer pages that have been allocated. Th...