61283 matches found
Astra Linux – Vulnerability in Ruby-Rack
A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciuart: A missing NULL check was added in h5enqueue. The Syzbot encountered a general protection fault in pmruntimeresume. The issue was due to a missing NULL check. hu-serdev can be NULL, and we should not blindly...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ath5k: The OOB issue in ath5keepromreadpcalinfo5111 has been fixed. The bug was discovered during fuzzing. The stack trace indicates that the issue lies in ath5keepromconvertpcalinfo5111. When no curve is selected in the loop, th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/a3xx: Fixed error handling in a3xxgpuinit. These error paths now return 1 on failure, instead of a negative error code. This could lead to an Oops in the calling function. Another issue is that the check for "if ret !=...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the issue where unrecoverable MCE calls the async handler from NMI. The machine check handler is not considered NMI on 64s. The earlier handler is the actual NMI handler; it schedules the machinecheckexception...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device; this value can be any number between 0 and 255. To prevent out-of-bounds access, a...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixing the use-after-free bug of nswriter when remounting the filesystem. If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on the disk, and it is remounted with read/write access, or if an...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for RSA. Requests with a source buffer size greater than the size of the key are rejected. This prevents potential integer underflow issues that might occur when copying the source scatterlist...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for DH. Requests with a source buffer that is larger than the size of the key are being rejected. This is to prevent a possible integer underflow that might occur when copying the source...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimized the process of clearing pending PMI values and removed the WARNON for the PMI check in powerpmudisable. The commit 2c9ac51b850d “powerpc/perf: Fix PMU callbacks to clear pending PMI values before resetting...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the video:fbdev:arkfb module, the function arkfbsetpar calculates the value of screensize based on user input. If the user provides an incorrect value, the value of screensize may be larger than info-screensize, which may lead...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/ttm: Fixed the bug where a dummy res NULL pointer was dereferenced. Check the bo-resource value before accessing the memtype resource. v2: Fixed an issue with the commit description unwrapping warning. 40.191227 T184 Gener...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: virtionet: a memory leak inside XPDTX has been fixed using mergeable. When we call xdpconvertbufftoframe to obtain xdpf, if it returns NULL, we should check whether xdppage was allocated by xdplinearizepage. If it was newly...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xfrm: The issue occurs in the error path of the xfrmpolicycheck function. When the fetching process of the object pols1 fails, the function simply returns 0, without decrementing the reference count of pols0. This happens either...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of the screen before memsetio In the function s3fbsetpar, the value of ‘screensize’ is calculated based on user input. If the user provides an incorrect value, the value of ‘screensize’ may be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Do not pick up BE without a substream When DPCM attempts to establish valid BE connections using dpcmaddpaths, it does not check whether the selected BE actually supports the given stream direction. As a result, when ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: BPF: Do not use tnumrange for array range checking when dealing with poke descriptors. Hsin-Wei reported a KASAN issue triggered by their BPF runtime fuzzer, which is based on a customized syzkaller: - BUG: KASAN: Out-of-bound...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fixed an issue where incorrect filemapcount values were stored for non-leaf pmd/puds. The page table check trigger BUGON occurred unexpectedly when collapsing hugepages: ------------ cut here ------------ Kernel bug at...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is greater than 0x80, it represents a shift value. Ensure that the shift value is not too large before using it the maximum cluster size for...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: Do not set sb values if the sanity check fails. If the bitmap area contains invalid data, the kernel will crash, and mdadm will trigger a “Segmentation fault”. This is a bug specific to cluster-md. In non-clustered...