Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: do not leak PM reference in the error path. If gpminfcapplytimings fails, the PM runtime usage counter must be dropped...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: xiicxfer: Fixed a runtime PM leak on the error path. The xiicxfer function acquires a runtime PM reference when it is entered. This reference is released when the function is exited. Currently, there is one error path...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This issue is addressed by the commit 443a98e649b4 “soundwire: bus: use pmruntimeresumeandget”. The calls to pmruntimeresumeandget are changed back to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: q6afe-clocks: fixed the issue of reprobing of the driver. The q6afe-clocks driver may experience reprobing situations. For example, if the APR services are restarted after a firmware crash. However, currently, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU. The runtime PM suspend callback does not know whether the IRQ handler is in progress on a different CPU core and therefore does not wait for it to finish. Dependi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: A sleeping function is called from an invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Added outer runtime PM protection to xelivektest@xedmabuf. Any process using the kunit interface that performs memory accesses should receive its own outer runtime PM protection, since it does not use the standard driver...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pmruntimeputsync pmruntimegetsync will increase the rumtime PM counter even when it returns an error. Thus a pairing decrement is needed to prevent refcount leak. Fix this by replacing this API with...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fixed a runtime PM leak on the error path. The cdnsi2cmasterxfer function acquires a runtime PM reference when it is executed. This reference is released when the function exits. Currently, there ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Soundwire: Fixing enumeration completion The Soundwire subsystem uses two completion structures that allow drivers to wait for the Soundwire device to be enumerated on the bus and initialized by their respective drivers. The code...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fixed the refcount leak in armsmmudevice when armsmmurpmget fails. The armsmmurpmget function invokes pmruntimegetsync, which increases the refcount of “smmu”. This occurs even though the return value is less than...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: EFI: Do not import certificates from UEFI Secure Boot for T2 Macs. On Apple T2 Macs, when Linux attempts to read the db and dbx EFI variables during early boot to load UEFI Secure Boot certificates, a page fault occurs in the...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handling of the case where pmruntimeget fails in .remove. In the unlikely event that pmruntimeget disguised as pmruntimeresumeandget fails, the remove callback returns an error early. The problem with this is tha...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: Remove system-wide suspend helper calls from runtime PM hooks. The -runtimesuspend and -runtimeresume callbacks are not expected to call spicontrollersuspend and spicontrollerresume. Remove these calls from the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the runtime warning in truncatefoliobatchexceptionals Commit 0e2f80afcfa6 "fs/dax: ensure all pages are idle before filesystem unmount" introduced the WARNONONCE to check whether the filesystem has removed all DAX...

Astra Linux – Vulnerability in apr-util

The integer overflow or wraparound vulnerability in the aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: EFI: Fixed NULL dereference in the init error path. In cases where runtime services are not supported or have been disabled, the runtime services’ workqueue will never be allocated. Do not attempt to destroy the workqueue...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for a null pointer of the pointer substream before dereferencing it. The pointer substream is dereferenced during the assignment of the pointer to the card. This occurs before the substream is checked for nullnes...