Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fixed incorrect retrieval of acpchipinfo. Use devgetdrvdatadev-parent instead of devgetplatdatadev to correctly obtain members of acpchipinfo in the acp I2S driver. Previously, some members were not updated proper...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource This vulnerability could lead to a null-ptr-deref issue if platformgetresource returns NULL. Therefore, we need to check the return value...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tools/powerturbostat: Fixed the file pointer leak. Currently, if the fscanf function fails, an early return causes a leak of the open file pointer. This issue was fixed by closing the file before the return statement. This issue...

Astra Linux – Vulnerability in Firefox

The browser might have mistakenly transferred the pointer lock state to another tab, which could lead to clickjacking attacks. This vulnerability affects Firefox versions earlier than 85...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “neighbour”: Fixed null-ptr-deref in neighFlushDev. The kernel test robot reported null-ptr-deref in neighFlushDev. 0 The referenced commit introduced a per-netdev neighbor list and replaced neighFlushDev with it instead of using...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: fixed NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has a regression starting from 6.18-rc1. We have a issue with cephmdsauthmatch if fsname is NULL: c const char fsname =...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/FPU: Fixed NULL dereference in avx512status. Problem: When CONFIGX86DEBUGFPU is enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This occurs because the AVX-512 timestamp code uses...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Added a check for kstrdup in vccprobe. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fixed the potential NULL pointer dereferencing issue. If sdprobe encounters an error before sdkp-device is initialized, sdzbcreleasedisk is called. This leads to a NULL pointer dereferencing issue when sdiszoned is call...

Astra Linux – Vulnerability in Firefox, Thunderbird

A missing delay in the timing of the pointer lock mechanism could have allowed a malicious page to trick users into granting permissions. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86 – Handling of SRCU initialization failures during page track initialization Check the return value of initsrcustruct, which may fail due to OOM conditions when initializing the page track mechanism. Lack of checking lead...

Astra Linux – Vulnerability in NBD

In nbd-server in nbd before 3.24, there is an integer overflow that leads to a heap-based buffer overflow. A value of 0xffffffff in the name length field causes a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue occurs for the NBDOPTINFO,...

Astra Linux – Vulnerability in Linux

The fix for XSA-365 includes the initialization of pointers so that subsequent cleanup code would not use uninitialized or stale values. However, this initialization went too far and may, under certain conditions, also overwrite pointers that need to be cleaned up. The lack of cleanup would resul...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: The damofilter-list field is not initialized from the damosnewfilter function. The damosnewfilter function does not initialize the list field of the newly allocated filter object. However, the DAMON sysfs interface...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Media: Platform: MediTech: VPU: Fix for NULL pointer dereferencing If pdev is NULL, it is still dereferenced. This fixes the “match warning” in the following file: drivers/media/platform/mediatek/vpu/mtkvpu.c:570 – vpuloadfirmwar...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fixed possible NULL dereferencing. In the call to mac80211hwsimselecttxlink, the sta pointer might be NULL. Therefore, it is necessary to check that it is not NULL before accessing it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: ipu-bridge: Fixed the issue of NULL pointer dereferencing during SSDB/PLD parsing. When the functions ipubridgeparserotation and ipubridgeparseorientation are executed, sensor-adev is not set yet. Therefore, if either of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/handshake: fixed null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if the socket lookup fails. We should also call tracehandshakecmddoneerr before releasing the file; otherwise, dereferencin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ice: Do not perform transmission before switchdev is fully configured. There is a possibility that iceeswitchportstartxmit might be called while some resources are still not allocated, which could lead to a NULL pointer derefrenc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbuscore Fixed NULL pointer dereferencing. The i2cclient function is used in pmbusisenabled to remove the assumption that a regulator device is passed as an argument. This fixes the issue of NULL pointer dereferencing whe...