Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fixed a nullptrderef issue in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: sr – fixed possible use-after-free and nullptrderef issues. The pernet operations structure for the subsystem must be registered before registering the generic netlink family...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check the return value after calling platformgetresourcebyname. If platformgetresourcebyname returns NULL, it may lead to a null-ptr-deref issue. Therefore, we need to check the return value. Patchwork:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: can: afcan: fixed NULL pointer dereferencing in canrcvfilter. Similar to the issue reported in commit 8aa59e355949 “can: afcan: fixed NULL pointer dereferencing in canrxregister”, we need to check for a missing initialization ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecuart: properly fixed the race condition The crosecuartprobe function calls devmserdevdeviceopen before calling serdevdevicesetclientops. This can lead to a NULL pointer dereference: BUG: NULL pointer...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: A possible null-ptr-deref occurred in ubifreevolume. This issue will occur in the following scenario: uifinit ubiaddvolume cdevadd – If this function fails, it will call killvolumes. deviceregister killvolumes – If...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devmkcalloc As the devmkcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwl3945: Added a check for the return value of createsinglethreadworkqueue to avoid NULL pointer dereferencing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Bluetooth: btsdio: fix use after free bug in btsdioRemove due to unfinished work” This issue has been resolved through commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f. This patch introduces a possible null-ptr-def problem...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed null pointer dereference in bnxtbstracecheckwrap. With older firmware versions, we might encounter the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for the FW trace data type that has not been initialized. This could lead to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: Failure to properly handle cases where a primary plane for a video-port is missing. Each window of vop2 is usable by a specific set of video ports. Therefore, when binding vop2, we iterate through the list of...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Null pointer dereferencing has been prevented in nvmefciogetuuid. The nvmefcfcpop structure, which describes an AEN operation, is initialized with a null pointer to the request structure. An FC LLDD may make a call to...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76txqschedule by protecting mtxq-wcid with rculock between mt76txqschedule and stainfoalloc, free. 18853.876689...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fixed potential NULLptr dereferencing issues. If SKB allocation fails, continue instead of using a NULL pointer. Coverity CID: 1497650...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device using transportRemoveDevice, which is called from sasRemoveHost. The kerne...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: cx23885 – Fixed a nullptrderef bug in bufferprepare and bufferfinish. When the driver calls cx23885riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer risc-cpu. Later...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Intel: quarkdts: fixed error pointer dereference. If allocsocdts fails, we can simply return. Trying to free “socdts” will result in a Oops error...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid NULL dereference of btusbmtkclaimisointf In the btusbmtksetup function, we set btmtkdata-isopktintf to: usbifnumtoifdata-udev, MTKISOIFNUM This function may return NULL in some cases. Even when...