61280 matches found
Astra Linux – Vulnerability in xwayland, xorg-server
A flaw was discovered in the Big Requests extension. The length of the request is multiplied by 4 before checking against the maximum allowed size, which may lead to an integer overflow and bypassing the size check...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: wifi: cfg80211: tests: Fixed a potential NULL dereference in testcfg80211ParseColocatedAp. kunitkzalloc may return NULL. Dereferencing it without a NULL check may lead to a NULL dereference. Added a NULL check for ies...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rhashtable: A potential deadlock was fixed by moving the schedulework outside of the lock. The check for hash table growth and work scheduling were moved outside of the rht lock to prevent a possible circular locking dependency...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmsmac – added a gain range check to wlcPhyiqcalgainparamsnphy. In wlcPhyiqcalgainparamsnphy, add a gain range check to WARN, instead of potentially unsafe access to the tbliqcalgainparamsnphy array. This fix has been...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: HID: hid-thrustmaster: A warning was fixed in thrustmasterprobe by adding an endpoint check. syzbot has identified a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: fixed integer types and null check locations Reason: Issues fixed: - Comparison with a wider integer type in the loop condition, which could lead to infinite loops. - Dereferencing a pointer before performing ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Module: Ensure that kobjectput is safe for the module type kobjects. In lookuporcreatemodulekobject, an internal kobject is created using modulektype. Therefore, calling kobjectput during error handling causes an attempt to use a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A memory leak was fixed in the parseleasestate function. The previous patch that added a bounds check for the create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Fixed a possible overflow in the DPE length check. Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. The term wDatagramInd...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: At the ata subsystem, in the libata-sff module, there is a issue where it is ensured that data cannot be written outside of the allocated buffer. Reveliofuzzing reported that an SCSIIOCTLSENDCOMMAND ioctl call, with outlen set to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in various contexts. When a program running in a non-preemptible context uses the bpfsendsignal function, issues may arise because this function can enter ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Do not unset the “window” parameter if it was never set. On pSeries, when a user attempts to use the same vfio container used by different iommu groups, the spaprtcesetwindow function returns -EPERM. The...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If the skb allocation fails, the pointer to struct canframe becomes NULL. This issue is actually handled everywhere within ctucanerrinterrupt, except for the only place where it is not...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jbd2: fixed a potential use-after-free issue in jbd2fcwaitbufs. In jbd2fcwaitbufs, using bh after referencing the buffer’s head count may lead to a use-after-free condition. Therefore, ensure that the buffer is updated before...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Added checks for devmkcalloc. Since devmkcalloc may return NULL, the return value needs to be checked to avoid dereferencing a NULL pointer...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: asus-wmi: Fixed incorrect registrations. The function asuswmiregisterdriver may be called from multiple drivers simultaneously, which can lead to incorrect list operations. Eventually, this can corrupt memory and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: A stack overflow issue was fixed when loading vlenb. The user-space load mechanism can place up to 2048 bits into the xlen bit stack buffer. Since we only need the xlen bits, we check the size of the buffer in advanc...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: A crash occurred during UFFDIOMOVE when PMD is a migration entry. When UFFDIOMOVE encounters a migration PMD entry, it proceeds with obtaining a folio and accessing it, even though the entry type is swpentryt. Add a...