Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre – fixed a resource leak in the remove process. In hpreremove, when the disable operation of qm sriov fails, the following logic should continue to be executed to release the remaining resources that have be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed UAF in mgmtremoveadvmonitorcomplete. This fixed MGMTOPREMOVEADVMONITOR so that it does not use mgmtpendingadd, to avoid crashes like the one below:...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: The BUGON functions in addnewfreespace have been removed. In addnewfreespace, there were these BUGON functions that were used to handle any failures in adding free space to the in-memory free space cache. Such failures are...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Power: Supply: bq27xxx: Fixed handling of pollinterval and races during removal operations. Before this patch, the bq27xxxbatteryteardown function set pollinterval to 0 to avoid requeuing the delayedwork item during...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: removed the unused checkbuddypriv function. The commit 2461c7d60f9f “rtlwifi: Update header file” introduced a global list of private data structures. Later, the commit 26634c4b1868 “rtlwifi: Modify existing bits t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: md: raid1: fixed a potential out-of-bounds error in raid1removedisk. If rddev-raiddisk is greater than mddev-raiddisks, an out-of-bounds error will occur in raid1removedisk. We have already encountered similar reports, as...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fixed a use-after-free in epremovewaitqueue If a non-root cgroup is removed while there is a thread that registered a trigger and is polling on a pressure file within the cgroup, the polling waitqueue will be freed in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: s390/dcssblk: fixed the kernel crash caused by corruption in the listadd operation. The commit fb08a1908cb1 “dax: simplified the daxdevice gendisk association” introduced new logic for gendisk association, requiring drivers to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: Fixed a potential use of the object “link” after it is freed in the function iwlmldremovelink. This code frees the “link” by calling kfreerculink, rcuhead, and then dereferes “link” to obtain “link-fwid”. Save...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spmi: Added a check for a remove callback when removing a SPMI driver. When removing a SPMI driver, a crash may occur due to a NULL pointer dereference if no remove callback is defined. This was observed in a call trace when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a “usb: host: xhci-plat: omit shared hcd if either root hub has no ports”, xhci-sharedhcd can be NULL, which causes the following...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PM: domains: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must have had dput called upon it; otherwise, memory will leak over time. To simplify things, simply call...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed another UAF in binderdevices. The commit e77aff5528a18 "binderfs: fixed a use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed a use-after-free in acpiutcopyipackagetoipackage. There is a use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Reading of size 1 at addr ffff888112afc460 by task...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fixed the memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be passed to dput, otherwise a memory leak will occur over time. To simplify things, simply call...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid removing buffers when legacy fileio is active The vb2ioctlremovebufs call manipulates the internal buffer list of the queue. This may potentially overwrite pointers used by the legacy fileio interface...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in removephbdynamic In removephbdynamic we use &phb-ioresource, after we've called deviceunregister&hostbridge-dev. But the unregister may have freed phb, because pcibiosfreecontrollerdeferred ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: moxart: fixed potential use-after-free when removing a path. It was reported that the mmc host structure could be accessed after it was freed in moxartremove. Therefore, this issue was addressed by saving the base register of the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: imx: Do not skip cleanup in the error path of the remove function Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue i...