Astra Linux - уязвимость в linux, linux-5.10

In various setup methods of the USB gadget subsystem, there is a possibility of unauthorized writing due to an incorrect flag check. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for exploitation. Product...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free flaw was discovered in the Linux kernel’s sound subsystem. This flaw occurs when a user triggers concurrent calls to the PCM hwparams function. The hwfree ioctls or similar race conditions occur within ALSA PCM for other ioctls. This flaw allows a local user to crash the system o...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device. The acpigetfirstphysicalnode function can return NULL in several cases e.g., when no such device exists, an ACPI table error occurs, the reference count drops to 0,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Ensure that traceeventfile has a ref counter. The following actions can cause the kernel to crash: bash cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&-...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In the md subsystem, there was a issue where the “activeio” value was not properly released after the submitflushes function was called. This caused the “activeio” value to remain unreleased indefinitely. The fix involves releasi...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: Kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 15...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: atm: The atmdevmutex is released after removing procfs in atmdevderegister. syzbot reported a warning during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicate device...

Astra Linux - уязвимость в linux, linux-5.10

A race condition flaw was discovered in the Linux kernel sound subsystem due to improper locking mechanisms. This could lead to a NULL pointer derefrence during the handling of the SNDCTLDSPSYNC ioctl command. A privileged local user such as root or a member of the audio group could exploit this...

Astra Linux - уязвимость в linux, linux-5.10

A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: pxa: fixed a null-pointer dereference in filter The kasprintf function would return a NULL pointer when kmalloc fails to allocate memory. It is necessary to check the return pointer before calling strcmp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: The “clear restart flag” is cleared after a jump back at the beginning of pxpstart. If we do not clear this flag, we will continue to jump back at the beginning of the function once we reach the end. Identified from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fixed the potential NULL pointer dereferencing issue. If sdprobe encounters an error before sdkp-device is initialized, sdzbcreleasedisk is called. This leads to a NULL pointer dereferencing issue when sdiszoned is call...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fixed the misuse of non-idle barriers as fence trackers. Users reported errors related to list corruption when using i915 perf with a number of concurrently running graphics applications. Root cause analysis...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the issue below. 0 When atmtcpvopen or atmtcpvclose is called via connect or close, atmtcpsendcontrol is called to send a special message within the kerne...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed the UAF Use-After-Free issue in the eraseblkcountseqshow function. The wear-leveling entry could be freed during an erroneous path, and this entry might be accessed again in eraseblkcountseqshow, for example: c...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidhalua: Fixed a memory leak related to ‘qdata’ in aluactivate. If alurtpgqueue fails during aluactivate, ‘qdata’ is not freed, resulting in the following memory leak: Unreferenced object: 0xffff88810b2c6980 size 32...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tracing: Do not allow mmap of persistent ring buffers. When attempting to mmap a trace instance buffer that is attached to reservemem, it would cause a crash: BUG: Unable to handle a page fault for address: ffffe97bd00025c8 - PF:...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector becomes NULL. However, in the case of ucsiacpi, we may still receive events that cause the ucsacpi code to call ucsiconnectorchange. Thi...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: A potential null-ptr-deref operation exists in ip6tablenattableinit. The ip6tablenattableinit function accesses net-gen-ptrip6tablenatnetops.id, but this function is exposed to user space before the entry is...