Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: keys: Fixed UAF in keyput Once a key’s reference count is reduced to 0, the garbage collector thread may destroy it at any time. Therefore, keyput is no longer allowed to access the key after that point. The only action that keyp...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of two refcount values on its page. We are the current...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ax25: Fixed the reference count leak issue in ax25dev. The functions ax25addrax25dev and ax25devdevicedown have a reference count leak issue related to the object “ax25dev”. Memory leak issue in ax25addrax25dev: The reference...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix refcount leak on error path When failing to allocate reportdesc, opts-refcnt has already been incremented; therefore, it needs to be decremented to prevent the options structure from being permanently locke...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: 9p: Fixed the fid refcount leak in v9fsvfsgetlink. We now check for protocol versions that are later than required, after a fid has been obtained. Simply move the version check to an earlier stage...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: Fixed potential resource leaks. nfcgetdevice now takes a reference to the device and adds it; nfcputdevice is added to release it when no longer needed. Additionally, the style warning was corrected by using the error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: Fixed a UAF Use-after-Allocation issue in tegraslinkremove. After calling spiunregistermaster, the refcount of the master will be decreased to 0, and it will be freed in spicontrollerrelease. The device data...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Address the issue reported by KCSAN regarding bpflrulist. KCSAN reported a data-race when accessing node-ref. Although node-ref doesn’t need to be accurate, this opportunity can be used to use a more common READONCE and...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: gpio: amd8111: Fixed the issue with the reference count leak of PCI devices The function foreachpcidev is implemented through pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fixed a reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routine has a clear reference leak in its error handling path. If the call to kernfsfindandget fails, kn will be NULL. As a result, th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed a reference count leak in dmardevscopeinit. The function foreachpcidev is implemented by pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the returned pcide...

Astra Linux – Vulnerability in libdbi-perl

A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fixed a reference leak when pmruntimegetsync fails. The PM reference count is not expected to be incremented on the return in lpi2cimxmasterenable. However, pmruntimegetsync will still increment the PM reference...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed a reference leak in the GID entry when the createah operation fails. If the AH create request fails, the sgidattr should be released to avoid a reference leak during the release of the GID table...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken every time it was used, but it was only released once, when the final reference to the tty struct was removed. This issue was fixed by taking t...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Memory issue: tegra20-emc – fixed a bug related to references to OF nodes in tegraemcfindnodebyramcode. When the offindnodebyname function releases the reference to the argument “device node”, the tegraemcfindnodebyramcode functi...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in cephgetsnapdir The cephgetinode will search for or insert a new inode into the hash for the given vino, and return a reference to it. If new is non-NULL, its reference is consumed. We should...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will free QP structure after successful return from siwqpdestroy call, so...

Astra Linux - уязвимость в linux

In the Linux kernel, from drivers/block/nbd.c up to version 5.10.12, there is a use-after-free in the nbdaddsocket function. This issue could be triggered by local attackers who have access to the nbd device. The attack occurs during I/O requests at a certain point in device setup, specifically...