61290 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS: Issues with the LTP test failing when timestamps are delegated have been fixed. The utimes01 and utime06 tests fail when delegated timestamps are enabled, especially in subtests that modify the atime and mtime fields using t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fixed the KASAN global-out-of-bounds warning When running the “perf mem record” command on CWF, the following KASAN global-out-of-bounds warning was observed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommufd: Check for uptr overflow syzkaller discovered that setting up a page with a user VA that exceeds zero can trigger WARNONs, especially when pinuserpages returns 0 due to invalid arguments. This issue prevents the creati...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a missing NULL pointer check for the pingpong interface. This check is almost always performed in dpuencoderphyswbsetupctl, but in a single location, the check is missing. Also, use convenient locals variables...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places where qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam Each of these functions converts nlattr to a specifi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: A potential null-ptr-deref occurred in passestablish. If getepfromtid fails to find a non-NULL value for ep, ep will be dereferenced later, regardless of whether it is empty. This patch adds a simple sanity check to f...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwl4965 – Added a check for the return value of the createsinglethreadworkqueue function. The check is added to prevent NULL pointer dereferencing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/dsi: fixed memory corruption caused by too many bridges. Added a missing sanity check on the bridge counter to prevent corruption of data beyond the fixed-sized bridge array, in case there are ever more than eight...
Astra Linux – Vulnerability in Blender
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption, or potentially code execution...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resources for the second interface The imon driver probes two USB interfaces. When probing the second interface, the driver assumes blindly that the first interface was bound to the same imon...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘f2fs: fix to do sanity check on extent cache correctly’” The syzbot reports a bug in f2fs as follows: UBSAN: Array-index-out-of-bounds in fs/f2fs/f2fs.h:3275:19 Index 1409 is out of range for type ‘le32923’ aka ‘unsigned...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodedeliverreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the durable handle context. A missing bounds check was added for the durable handle context...
Astra Linux – Vulnerability in mbedtls
In Mbed TLS versions prior to 2.28.10, and 3.x versions prior to 3.6.3, on the client side, servers with trusted certificates for arbitrary hostnames are accepted, unless the TLS client application calls mbedtlssslsethostname...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Arm Mbed TLS before version 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock...
Astra Linux – Vulnerability in Firefox
The incorrect object was checked as NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox versions earlier than 123...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters being checked were obtained from an untrusted...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Check if there is a station first in the client probe. When probing a client, first check if one exists, and then check the channel context. Otherwise, a warning can easily be triggered by probing when the AP hasn...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verifyremainingdatalength respects maxfragmentedrecvsize This issue is related to the check for dataoffset + datalength...