21932 matches found
Astra Linux - уязвимость в linux
The IBM Power9 AIX 7.1, 7.2, and VIOS 3.1 processors may allow a local user to obtain sensitive information from the data in the L1 cache under certain circumstances. IBM X-Force ID: 189296...
Astra Linux - уязвимость в bind9
Every named instance configured to run as a recursive resolver maintains a cache database that holds the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; i...
Astra Linux - уязвимость в linux-6.1
Improper initialization of the CPU cache memory could allow a privileged attacker with access to the hypervisor to overwrite the SEV-SNP guest memory, resulting in loss of data integrity...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...
Astra Linux - уязвимость в intel-microcode
Improper Isolation or Compartmentalization in the stream cache mechanism for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for out-of-bounds punch offset Punching a hole with a start offset that exceeds maxend is not allowed. This will result in a negative length in the truncateinodepartialfolio function when truncating the page cache,...
Astra Linux - уязвимость в mbedtls
Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...
Astra Linux - уязвимость в firefox
Under certain circumstances, the offline cache of a ServiceWorker may have been leaked to the file system when using private browsing mode. This vulnerability affects Firefox versions earlier than 111...
Astra Linux - уязвимость в qemu
A flaw was discovered in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A malicious user could exploit this flaw to crash the QEMU process on the host...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Split the initial and dynamic conditions for extentcache. Let’s allocate the extentcache tree without dynamic conditions to avoid a panic caused by a missing condition, as shown below. Create a file with a compressed fla...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm, swap: Fixed a potential UAF issue related to VMA readahead. Since commit 78524b05f1a3 “mm, swap: avoiding redundant swap device pinning”, the common helper function for allocating and preparing a swap entry in the swap cache...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: parisc: Remove WARNONONCE from flushcachevmap. I have observed warnings occasionally being triggered...
Astra Linux - уязвимость в libhttp-daemon-perl
HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe the risks are; most Perl-based applications are served...
Astra Linux - уязвимость в firefox
Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The combination of caching and suggestion techniques may have led to the title of a website visited during private browsing mode being stored on...
Astra Linux - уязвимость в dnsmasq
A flaw was discovered in dnsmasq in versions prior to 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, who can determine the outgoing port used by dnsmasq, only needs to guess the random...
Astra Linux - уязвимость в docker.io-app
BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. Two malicious build steps running in parallel, which share the same cache mounts for subpaths, could cause a race condition that allows files from the host system to be...
Astra Linux - уязвимость в amd64-microcode
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...
Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: dm cache: Fixed the issue where uninitialized delayedwork objects were flushed during a cachectr error. An unexpected WARN message may occur when cache creation fails, caused by destroying the uninitialized delayedwork object ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: fixed the race condition in dstnegativeadvice The dstnegativeadvice function does not enforce proper RCU rules when sk-dstcache must be cleared, which could lead to a Use-After-Free UAF exception. The proper RCU rules state...