Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xtensa: Fixed the refcount leak issue in the time.c file. In calibrateccount, the offindcompatiblenode function will return a node pointer with the refcount incremented. We should use ofnodeput when this node pointer is no...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fixed the potential use of OF nodes after their references are dropped. The foreachchildofnode helper function drops the reference it takes to each node while iterating over its children. The explicit ofnodeput call...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed a use-after-free in acpiutcopyipackagetoipackage. There is a use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Reading of size 1 at addr ffff888112afc460 by task...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imondisconnect Syzbot reports a KASAN issue as follows: BUG: KASAN: use-after-free in createpipe include/linux/usb.h:1945 inline BUG: KASAN: use-after-free in sendpacket+0xa2d/0xbc0...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev. Do not assign the Linux device to struct fbinfo.dev. The call to registerframebuffer initializes the field to the fbdev device. Drivers should not override its value. Fixed a b...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: wwan: t7xx: Fixed the FSM command timeout issue When the driver processes the internal state change command, it uses an asynchronous thread to handle the command operation. If the main thread detects that the task has tim...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: tee, amdtee: fixed the use-after-free vulnerability in amdteeclosesession. There is a potential race condition in amdteeclosesession that may cause a use-after-free in amdteeopenSession. For example, if a session has a referen...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb – fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented upon a return from the functions imgi2cxfer and imgi2cinit. However, pmruntimegetsync will still incremen...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fixed the refcount leak bug In usbhsrza1hardwareinit, the offindnodebyname function will return a node pointer with the refcount incremented. We should use ofnodeput when the node pointer is no longer needed...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fixed Use-after-Free, failed to increment the ref count of the skb while it was in use. This patch addresses a Use-after-Free issue identified by the syzbot. The problem arises when a skb is taken from the per-session...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed an issue where the dstclone function was used, but the result was set incorrectly. This issue arises because the entry might have a reference count of 0 or be already deleted, causing various problems...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix the refcount leak in sifivegpioprobe. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the missing ofnodeput call ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphierspiprobe The issue occurs in several error paths within uniphierspiprobe. When either dmagetslavecaps or devmspiregistermaster returns an error code, the function forgets to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the “disable” sysfs attribute. The show and store callback routines for the “disable” sysfs attribute in port.c acquire the device lock for the port’s parent hub. This can cause problems if another...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fixed a memory leak in uss720probe. uss720probe forgets to decrease the refcount of usbdev in uss720probe. This issue is fixed by decreasing the refcount of usbdev using usbputdev. BUG: Memory leak Unreferenced objec...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed incorrect reg type conversion in releasereference Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release this memory by calling the corresponding helper...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Thunderbolt: Fixed a use-after-free in tbdpdprxwork. The original code relied on canceldelayedwork in tbdpdprxstop, which does not ensure that the delayed work item tunnel-dprxwork has fully completed if it was already running...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fixed potential use after free in efcnportvportdel The krefput function will call nport-release if the reference count drops to zero. The nport-release function is efcnportfree, which frees the “nport” object...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fixed the kernel panic that occurred during a warm reset. During a warm reset, device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerat...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: TLS: Fixed a race condition between the async notify and socket close operations. The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler’s complete function is...