Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fixed nullptrderef in com20020pciprobe During driver initialization, the pointer to card info is required—specifically, the variable ‘ci’. However, the definition of ‘com20020pciidtable’ indicates that this...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: The pointer to debugfsdir is set to NULL after removing debugfs. If init debugfs fails during device registration due to a memory allocation failure, the function debugfsremoverecursive is called. However, debugfsd...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Added a missing check for allocorderedworkqueue. Added a check on the return value of allocorderedworkqueue, as it may return a NULL pointer, causing a NULL pointer dereferencing in hdmihdcp.c and hdmihpd.c. Patch...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fixed NULL pointer dereferencing. A warning reported by smatch indicated a potential NULL pointer dereferencing issue, where one of the arguments to the API “irishfigen2handlesystemerror” might sometimes be null. To...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the bounds of the register are not correct. In particular, its...

Astra Linux – Vulnerability in Heimdal

Before version 7.7.1, Heimdal allowed attackers to cause a NULL pointer dereference in an SPNEGO acceptor, by using a preferredmechtype of GSSCNOOID and a non-zero initialresponse value for sendaccept...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – avoid null pointer dereference in mpicmpui During NVMeTCP authentication, a controller can trigger a kernel oops by specifying the 8192-bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereference in the ffhevcputunweightedpred8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fixed the issue where NULL was compared with ISERR. The devmkzalloc function does not return error pointers; it returns NULL in case of an error. Update the check to match this behavior...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A race condition was detected in the Linux kernel’s DRM/Exynos device driver, specifically in the exynosdrmcrtcatomicdisable function. This can lead to a null pointer dereferencing issue, which may potentially cause a kernel panic or a denial of service condition...

Astra Linux – Vulnerability in Qemu

A NULL pointer dereference flaw was discovered in the floppy disk emulator of QEMU. This issue occurs when processing read/write ioport commands, especially if the selected floppy drive is not initialized using a block device. This flaw allows a privileged guest user to crash the QEMU process on...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr in repeatcallfn damonsysfsrepeatcallfn calls damonsysfsupdtunedintervals, damonsysfsupdschemesstats, and damonsysfsupdschemeseffectivequotas without checking contexts-nr. If nrcontexts is set to ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a NULL dereference in ntfsupdatemftmirr. If ntfsfillsuper is not called, then sbi-sb will be equal to NULL. The code should check this pointer before dereferencing it. The Syzbot encountered this issue by passing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed the issue where dereferencing the null-ptr variable occurred unexpectedly. Syzbot reported several issues introduced by commit 44e602b4e52f „binderalloc: added missing mmaplock calls when using VMA”. In these...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: 8250port: Check IRQ data before use If the leaf driver wishes to use IRQ polling irq = 0, and the IIR register indicates that an interrupt occurred in the 8250 hardware, the IRQ data can be NULL. In such cases, we need to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should never dereference a NULL pointer, as drmatomicgetnewbridgestate may return such a pointer. Instead, a fixed format should be used instead...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: aspeed: Fixed a potential NULL dereferencing in aspeedpinmuxsetmux. pdesc could potentially be null, but still, dereferencing pdesc-name would lead to a NULL pointer access. Therefore, we moved a null check before the...

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server protocol handler for the HTTP/2 protocol checks the received request headers against the size limitations configured for the server. These restrictions are also applied to the HTTP/1 protocol. If any violations occur, an HTTP response is sent to the client with a status cod...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing in the ffhevcputweightedpredavg8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...