Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - ice: xsk: disabling TXQ interrupts before flushing hardware settings. - iceqpdis attempts to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps involved disabling interrupts on these queues...

Astra Linux – Vulnerability in libjpeg-turbo

Libjpeg-turbo 1.5.2 has a NULL Pointer Dereference issue in files jdpostct.c and jquant1.c, due to a malicious JPEG file...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Fix NULL pointer dereferencing in ofthermal functions. ofparsethermalzones parses the thermal-zone node and registers a thermalzone device for each subnode. However, if a thermal zone consumes a thermal sensor, and th...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: fixed possible store tearing in neighperiodicwork. While reviewing a related syzbot report involving neighperiodicwork, I noticed that I forgot to add an annotation when deleting an RCU-protected item from a list. When using...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: PCI: Fixed NULL dereferencing in the error path during SR-IOV VF creation. Fixed issues when virtfn setup fails, preventing NULL pointer dereferencing during device removal. The kernel error occurred due to incorrect error...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a “usb: host: xhci-plat: omit shared hcd if either root hub has no ports”, xhci-sharedhcd can be NULL, which causes the following...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtio-net: The issue of checking the received length in large packets has been fixed. Since commit 4959aebba8c0 “virtio-net: Use the MTU size as the buffer length for large packets”, when the guest gso is disabled, the allocated...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY The latest kernel will fail when dealing with the PHY interrupt configuration, as it now relies on allocated private resources. Therefore, running a probe to allocate...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: reliance on mt76connac2mactxrateval In order to address a potential NULL pointer dereferencing in mt7996macwritetxwi, the mt76connac2mactxrateval utility routine has been exported and reused in the mt7996 driv...

Astra Linux – Vulnerability in Samba

A null pointer dereference flaw was detected in Samba’s Winbind service in versions prior to 4.11.15, before 4.12.9, and before 4.13.1. A local user could exploit this flaw to crash the Winbind service, resulting in a denial of service...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fixed error handling in atatdevadd In atatdevadd, the return value of transportadddevice is not checked. As a result, a null-ptr-deref occurs when removing the module, because transportremovedevice is calle...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Avoid creating sub-groups asynchronously Asynchronous creation of sub-groups by a delayed operation could lead to a NULL pointer dereference when the driver directory is removed before the operation completes. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: Fixed null-ptr-deref in socklockinitclassandname and rmmod. When I ran the reproduction steps and waited for a few seconds, I observed two LOCKDEP warnings: a warning immediately followed by a null-ptr-deref. Reproduction...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed a UAF in blkcgunpinonline. blkcgunpinonline traverses the blkcg hierarchy to set the object as online. To traverse this hierarchy, it uses blkcgparentblkcg, but this call occurs after blkcgDestroyBlksblkcg, whic...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid accessing metadata when the pointer is invalid in objecterr. objecterr reports details about an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempti...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: IEEE802154: Do not leave a dangling SK pointer in ieee802154create. sockinitdata attaches the allocated SK object to the provided sock object. If ieee802154create fails later, the allocated SK object is freed, but the dangli...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: ti: tiscipmdomains: Check for a null return value from devmkcalloc. The devmkcalloc allocation function may fail and return a null pointer. This could lead to a null-pointer dereferencing later. It might be better to check...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: media: amphion: Fixed issues related to REVERSEINULL reported by Coverity. Suggested null-checking of pointor before dereferencing it...

Astra Linux – Vulnerability in libgd2

In the gdImageClone function in gd.c within libgd version 2.1.0-rc2 to 2.2.5, there is a NULL pointer dereferencing issue that allows attackers to crash an application through a specific function call sequence. This issue only affects PHP when it is linked with an external libgd not included as...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: dwc3-meson-g12a: Fixed an issue where the USB2 PHY glue initialization was performed when PHY0 was disabled. When only PHY1 is used for example, on Odroid-HC4, the regmap initialization code uses USB2 ports without...