61282 matches found
Astra Linux – Vulnerability in OpenSSL
Issue Summary: Checking excessively long DH keys or parameters can be very slow. Impact Summary: Applications that use functions like DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters are obtained from an untrusted...
Astra Linux – Vulnerability in Firefox and Thunderbird
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution within the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: A sanity check for the btrfs root has been added in btrfssearchslot. Syzbot reports a nullptrderef issue in btrfssearchslot. The reproducer uses rescue=ibadroots, and the extent tree root is corrupted; as a result, the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check the device status before requesting flushing. If a PMEM device is in an invalid state, the driver could wait indefinitely for the host acknowledgment in virtiopmemflush, causing the system to hang. Therefore, a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Do not configure WoWlan in the shutdown hook if it is not enabled. If WoWlan was never configured during the operation of the system, hw-wiphy-wowlanconfig will be NULL. The rsiconfigwowlan function checks whether...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: lib/testkho: Check whether KHO is enabled. We must check whether KHO is enabled before issuing KHO commands; otherwise, the KHO internal data structures will not be initialized...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a slab-out-of-bounds Read in dtSearch Currently, when searching for the current page in the sorted entry table of the page, there is an out-of-bound access. A bound check has been added to fix this error. Dave: The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: mediatek – Fixed a kernel crash that occurred when releasing the mtk iso interface. When performing reset tests and encountering abnormal card drop issues that lead to a kernel crash, it is necessary to perfo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumacltcam: Fixed incorrect use of the list API. Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call listfirstentry on the respective...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now, all other accesses to currxfer are performed under a lock. The NULL check of currxfer in tegraqspiisrthread must be protected with a spinlock. Without this protection...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check the streams before comparing them. WHAT & HOW amdgpudm can pass a null stream to dcisstreamunchanged. It is necessary to check for a null value before dereferencing these streams. This fix addresses a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection is added for late read accesses to the hierarchy. We retrieve a netdev during the preparation of Netlink operations pre-callbacks, and then we acquire a reference to it. Later, within the body of the...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Added a size check of 0 bytes to mtkdrmgemobj. A check was added to mtkdrmgeminit if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists, and the kernel will panic if a user-space...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The issue of page corruption caused by aracy check in freepages has been fixed. When we upgraded our kernel, we began encountering certain types of page corruption, such as the following: - BUG: Bad page state in the process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid accessing uninitialized data in f2fssanitychecknodefooter. syzbot reported the following bug: BUG: KMSAN: Access to uninitialized data in f2fssanitychecknodefooter+0x374/0xa20; file...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a null-ptr-deref issue when acquiring the remote IP address for an Ethernet bearer. Reproduction steps: 1. Create a tun interface. 2. Enable the L2 bearer. 3. Use TIPCNLUDPGETREMOTEIP with a media name set to “tun”...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/pagetablecheck: A crash occurred when checking ZONEDEVICE. Not all pages apply to the pgtable check. An example is ZONEDEVICE pages: they directly map PFNs, and they never allocate pageext, even if there’s a struct page around...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if the modulo result is 0 before performing division. How & Why If a value of 0 is read, it will cause a Divide-by-0 panic...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host – Added an alignment check for the event ring read pointer. Although we check the event ring read pointer using “isvalidringptr” to ensure it is within the buffer range, there is another risk that the pointer might...