Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: The uncached inode fails to enter the group. Syzbot has reported the following BUG: Kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: A resource leak has been fixed in the remove function. A call to tmiommchostfree is missing from the remove function, in order to balance a call to tmiommchostalloc in the probe. This is done in the error handli...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmbtreeremove: Assign newroot only when the removal succeeds. The removeraw function in dmbtreeremove may fail due to IO read errors e.g., failure to read the content of the origin block during shadowing. Additionally, the value ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: w83792d Fixed NULL pointer dereferencing by removing unnecessary structure fields. If the driver reads a value that is sufficient for the condition: val & 0x08 && !val & 0x80 && val & 0x7 == val 4 & 0x7 then NULL pointe...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: A resource leak was fixed in the zorro7xxremoveone function. The error-handling code of the probe releases a resource that is not actually freed within the remove function. In some cases, the ioremap operation mus...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the sashba.phy memory leak in mpi3mrremove Released mrioc-sashba.phy at .remove...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firewire: ohci: prevents leakage of leftover IRQs when unbinding The commit 5a95f1ded28691e6 “Firewire: ohci: uses a devres for the requested IRQ” also removed the call to freeirq in pciremove. This resulted in a leftover IRQ...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free ...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fixed a use-after-free bug in ndlcremove due to a race condition This bug affects both stncii2cremove and stncispiremove. Take stncii2cremove as an example. In stncii2cprobe, it calls ndlcprobe and binds &ndlc-smwork...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fixed a reference count leak in the probe and remove functions. rcarfcpget takes a reference, which should be balanced with rcarfcpput. Added the missing rcarfcpput function in fdp1remove, and corrected the error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: A missing clkdisableunprepare call was added to intelethpciremove. The commit 09f012e64e4b “stmmac: intel: Fix clock handling on error and remove paths” removed this clkdisableunprepare call. This issue was partial...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fixed a use-after-free in the “remove” path of the driver. When devm runs functions in the “remove” path for a device, it executes them in reverse order. This means that if there are parts of your driver...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of leaking the platform device when the module was removed. Avoid resetting the i8042platformdevice pointer that is shared across modules in i8042probe or i8042remove. This ensures that the device c...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux – Vulnerability in RustC

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Passing a u64 value to ocfs2truncateInline may lead to an overflow. Syzbot reported a kernel bug in ocfs2truncateInline. There are two reasons for this: first, the parameter value passed is greater than...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: qup: Do not skip cleanup in the error path of the remove function. Returning early in the remove callback of a platform driver is incorrect. In this case, the DMA resources are not released during the error path. This issue ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dpaa2-switch: Fixed a memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove. The cmdbuff needs to be freed when an error occurs in dpaa2switchaclentryadd and dpaa2switchaclentryremove...