13608 matches found
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Do not attempt to read beyond the “commit” boundary. When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There are mechanisms to detect and handle this issue, but t...
Astra Linux - уязвимость в linux-6.1
A use-after-free vulnerability in the Linux kernel’s fs/smb/client component can be exploited to achieve local privilege escalation. In the event of an error in smb3fscontextParseparam, the ctx-password variable is freed, but the variable is not set to NULL, which could lead to a double-free. We...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A heap out-of-bounds write vulnerability in the Linux Kernel Performance Events perf component of the Linux kernel can be exploited to achieve local privilege escalation. If the perfreadgroup function is called when the siblinglist of an event is smaller than that of its child, it may increment o...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop errors within the hook verdict, and thus the nfhookslow function can cause a double-free vulnerabili...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Regenerate the buddy structure after block freeing fails when under fc replay. This fix primarily reverts to commit 6bd97bf273bd “ext4: Remove redundant mbregeneratebuddy”, and reintroduces the function mbregeneratebuddy...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fixed the issue of parameter context leaks during the damonsysfsnewtestctx function failure. The patch series “mm/damon/sysfs: fixed memory leaks and NULL pointer dereferencing issues”, version 4. DAMONSYSFS may...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: server: Fixed a leak in activenumconn when there is a failure in transport allocation. The commit 77ffbcac4e56 “smb: server: fixed the leak of activenumconn in ksmbdtcpnewconnection” addresses the failure path in kthreadrun...
Astra Linux - уязвимость в linux-5.10
A double-free bug in the packetsetring function in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny services. We recommend upgrading the kernel to a version that is not affected by this bug, or rebuilding the code after the...
Astra Linux - уязвимость в tiff
A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...
Astra Linux - уязвимость в tiff
The "Divide By Zero" error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f8d0f9aa...
Astra Linux - уязвимость в tiff
A out-of-bounds read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service attack through a crafted tiff file. For users who compile libtiff from source code, the fix is available in the commit 408976c4...
Astra Linux - уязвимость в linux-5.10, linux
There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk does not skip inactive elements during the set walk, which can result in double deactivation of PIPAPO Pile Packet Policies elements...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A use-after-free vulnerability exists in the net/sched:clsfw component of the Linux kernel, which can be exploited to achieve local privilege escalation. When the fwchange function is called on an existing filter, the entire tcfresult struct is always copied into the new instance of the filter...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A use-after-free vulnerability exists in the Linux kernel’s net/sched:clsu32 component, which can be exploited to gain local privilege escalation. If the tcfchangeindev function fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write occurs due to the lack of skb-cb initialization in the ipvlan network driver. This vulnerability is exploitable if CONFIGIPVLAN is...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3724 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3516 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...