Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: For mptcp: pm: only decrement addaddraccepted for MPJ requests. The following warning has been added: … WARNONONCEmsk-pm.addaddraccepted == 0. Adding this warning helped to identify a bug when running the “remove single subflow”...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fixed a race condition between netvscprobe and netvscremove. In commit ac5047671758 “hvnetvsc: Disabling NAPI before closing the VMBus channel”, napidisable was called for all channels, including all subchannels, withou...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: The free irq operation was corrected in the remove path. A check for fsledma-txirq/errirq has been added to avoid the following warning, as there is no errirq on the i.MX9 platform. Otherwise, a kernel dump...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spmi: Added a check for a remove callback when removing a SPMI driver. When removing a SPMI driver, a crash may occur due to a NULL pointer dereference if no remove callback is defined. This was observed in a call trace when...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a leak of kobject names for sub-group spaceinfo. When createspaceinfosubgroup allocates elements of spaceinfo-subgroup, the function kobjectinitandadd is called for each element via btrfssysfsaddspaceinfotype. Howeve...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: moxart: fixed potential use-after-free when removing a path. It was reported that the mmc host structure could be accessed after it was freed in moxartremove. Therefore, this issue was addressed by saving the base register of the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: A resource leak has been fixed in the remove function. A call to tmiommchostfree is missing from the remove function. This is to balance the call to tmiommchostalloc in the probe. This adjustment is made in the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a “usb: host: xhci-plat: omit shared hcd if either root hub has no ports”, xhci-sharedhcd can be NULL, which causes the following...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fixed a resource leak in the remove callback. The remove callback returned early if pmruntimeresumeandget failed, skipping the cleanup of the SPI controller and other resources. This issue has been addressed by...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Passing a u64 value to ocfs2truncateInline may lead to an overflow. Syzbot reported a kernel bug in ocfs2truncateInline. There are two reasons for this: first, the parameter value passed is greater than...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed UAF in mgmtremoveadvmonitorcomplete. This fixed MGMTOPREMOVEADVMONITOR so that it does not use mgmtpendingadd, to avoid crashes like the one below:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: kernfs: fixed the potential NULL dereference in kernfsremove. When lockdep is enabled, lockdepassertheldwrite could cause a potential NULL pointer dereference. The following smatch warnings have been fixed: fs/kernfs/dir.c:1353...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xhci: sideband: do not dereference a freed ring when removing a sideband endpoint. In the xhcisidebandremoveendpoint function, it is incorrect to assume that the endpoint is running and has a valid transfer ring. Lianqin...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64: probes: Removed the broken LDR literal uprobe support. The simulateldrliteral and simulateldrswliteral functions are unsafe to use for uprobes. Both functions were originally designed for use with kprobes, and accessed...

Astra Linux - уязвимость в rustc

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fixed a use-after-free bug in ndlcremove due to a race condition. This bug affects both stncii2cremove and stncispiremove. Take stncii2cremove as an example. In stncii2cprobe, it calls ndlcprobe and binds &ndlc-smwor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this by using the cifssgsetbuf helper function, which converts vmalloc’d...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Do not skip cleanup in the error path of the remove function. Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue ...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: trace/blktrace: A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must also call dput, otherwise a memory leak will occur over time. To simplify things, simply call debugfslookupandremove, whi...