61300 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Added a check for memory allocation. allocpbl can return an error when memory allocation fails. The driver does not check the status of memory allocation in some instances...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: negative file sizes are now rejected in squashfsread inode. Syskaller reports a “WARNING in ovlcopyupfile” in overlayfs. This warning occurs because the underlying Squashfs file system returns a file with a negative...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of a zone on the Solaris host, the zone name is checked by listing the process using the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a fake zone name a...
Astra Linux – Vulnerability in Poppler
The JPXStream::init function in Poppler 0.78.0 and earlier does not check for negative values of stream length, which can lead to an Integer Overflow. This allows an attacker to allocate a large memory chunk on the heap, with the size controlled by them. This issue was demonstrated by pdftocairo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fixed the TOCTOU race condition in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. This chec...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: checks dot and dotdot of dxroot before making dir indexed Syzbot reports the following issue: ============================================ BUG: Unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cdrom: The check for lastmediachange has been rearranged to avoid unintentional overflow. When running syzkaller with the newly reintroduced signed integer wrap sanitizer, we encounter this error: 366.015950 UBSAN:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check the pipe offset before setting vblank. The size of pipectx is MAXPIPES; therefore, its index must be checked before accessing the array. This fix addresses an OVERRUN issue reported by Coverity...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size. Functions like plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of a certain minimum size. Currently, this is only...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing inode number range checks The patch series “nilfs2: Fixing potential issues related to reserved inodes” addresses these issues. This series fixes a use-after-free issue reported by syzbot, which was caused by th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmsmac – added a gain range check to wlcPhyiqcalgainparamsnphy. In wlcPhyiqcalgainparamsnphy, add a gain range check to WARN, instead of potentially unsafe access to the tbliqcalgainparamsnphy array. This fix has been...
Astra Linux – Vulnerability in Shadow
Shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typecaltmodeattention Some USB hubs will negotiate DisplayPort Alt mode with the device. However, they will then negotiate a data role swap after entering the Alt mode. This data role swa...
Astra Linux – Vulnerability in OpenLDAP
In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device; this value can be any number between 0 and 255. To prevent out-of-bounds access, a...
Astra Linux – Vulnerability in Linux 5.10
There is a vulnerability related to time-of-check to time-of-use issues in the iouringsubsystem’s IORINGOPCLOSE operation in the Linux kernel versions 5.6 to 5.11 inclusive. This vulnerability allows a local user to elevate their privileges to root. Introduced in the version...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A vulnerability was discovered in the HCI socket implementation due to a missing capability check in the net/bluetooth/hcisock.c file within the Linux kernel. This flaw allows an attacker to execute management commands without authorization, compromising the confidentiality, integrity, and...
Astra Linux – Vulnerability in Linux 5.15, Linux
In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Hardened access to reset domains. Accessing reset domain descriptors via indexes in SCMI driver requests, through the SCMI reset operation interface, may potentially lead to out-of-bound violations if the SCMI...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters being checked were obtained from an untrusted...