61290 matches found
Astra Linux – Vulnerability in Poppler
A issue was discovered in Poppler 0.71.0. There is a potentially fatal abort in Object.h; this will lead to a denial of service, as EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pdscore: The pdsccheckpcihealth function was fixed to use a work thread for execution. When the driver detects that fwstatus == 0xff, it attempts to perform a PCI reset on itself using the pciresetfunction function within the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fixed the error path ordering in edacmcalloc. When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice, which will ultimately call the device’s release function. However, the initializatio...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Check the attribute length for the bearer name. syzbot reported uninit-value issues: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Use checkaddoverflow to prevent overflow of the u16 DACL size. The functions setposixaclentriesdacl and setntacldacl accumulate the ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size c...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: added a bounds check on the Transfer Tag. The ttag is used as an index to retrieve the cmd in nvmettcphandleh2cdatapdu. A bounds check was added to prevent out-of-bounds access...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel through version 5.16-rc6. The function malidpcrtcreset in the file drivers/gpu/drm/arm/malidpcrtc.c lacks a check on the return value of kzalloc. This could lead to a null pointer dereferencing...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mailbox: zynq-ipi: fixed error handling when deviceregister fails When deviceregister fails, there are two issues: 1. The name allocated by devsetname is leaked. 2. The parent of the device is not NULL; deviceunregister is...
Astra Linux – Vulnerability in Linux 5.10
There is a vulnerability related to time-of-check to time-of-use issues in the iouringsubsystem’s IORINGOPCLOSE operation in the Linux kernel versions 5.6 to 5.11 inclusive. This vulnerability allows a local user to elevate their privileges to root. Introduced in the version...
Astra Linux – Vulnerability in Linux 5.15
A NULL pointer dereference flaw was discovered in the Linux kernel’s drivers/gpu/drm/msm/msmgemsubmit.c code, specifically in the submitlookupcmds function. This flaw occurs because there is no check on the return value of kmalloc. This issue allows a local user to crash the system...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the drivers/mtd/ubi/vtbl.c file in the Linux kernel, up to version 6.7.4, it is possible for the code to attempt to allocate zero bytes, resulting in a crash due to a missing check for ubi-lebsize...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fix for buffer overflow in elem comparison. For vendor elements, the code assumes that 5 octets are present without checking them. Since the element itself has already been checked for compatibility, we only need...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: essiv – The ssizei check is moved to the beginning of essivaeadcrypt, so it is also checked for decryption and in-place encryption operations...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Added a length check to avoid buffer overflow. A buffer overflow occurs due to the use of snprintf to write data into the buffer “buf” in the targetlugpmembersshow function located in...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pid: Added a check for ns null in pidnrns. taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes, null is returned for taskactivepidns. This can trigger kernel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i40e: Added a maximum boundary check for VF filters. There is no check to ensure that VF can request a maximum number of filters. This limitation should be added...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: added input size checking in procwritesimdisk A malicious user could potentially enter an arbitrarily bad value into memdupusernul, which might cause the kernel to crash. This follows the same pattern as the patc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ovl: fixed null pointer dereference in ovlgetaclrcu The following processes are involved: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck checkacl getcachedaclrcu ovlget inodeacl...