38661 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fixed NULL pointer access via aerinfo. The kzallocGFPKERNEL function may return NULL, resulting in kernel panic when accessing aerinfo-xxx. This issue has been fixed...
Astra Linux – Vulnerability in Graphviz
A buffer overflow in the Graphviz Graph Visualization Tools, starting from the commit ID f8b9e035 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service application crash by loading a crafted file into the "lib/common/shapes.c" component...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.51, using "After Free" in the Media section of Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: A reference count leak was fixed in snruncoremmiomap. pcigetdevice will increase the reference count of the returned pcidev. Therefore, snruncoregetmcdev will return a pcidev with its reference count...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15
A NULL pointer dereference vulnerability was discovered in the vmwgfx driver, located in the file vmwgfxexecbuf.c within the GPU component of the Linux kernel. The vulnerability affects device files such as '/dev/dri/renderD128' or 'Dxxx'. This flaw allows a local attacker with a user account on...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering. It is possible to trigger a use-after-free situation here by: a forcing rescanworkfunc to take a long time, and b using a pwrctrl driver that may be unloaded for som...
Astra Linux – Vulnerability in Mariadb 10.3
It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the subselect component...
Astra Linux – Vulnerability in Linux 5.15
A vulnerability, classified as problematic, has been identified in the Linux kernel. This issue affects the functions unixsockdestructor/unixreleasesock in the file net/unix/afunix.c of the BPF component. The manipulation leading to this issue results in a memory leak. It is recommended that a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fixed a crash in hvpcirestoremsimsg during hibernation. When a Linux virtual machine with a assigned PCI device runs on Hyper-V, if the PCI device driver is not yet loaded i.e., MSI-X/MSI is not enabled on the device,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed a reference count leak in dmardevscopeinit. The function foreachpcidev is implemented by pcigetdevice. The comment accompanying pcigetdevice states that it will increase the reference count of the returned pcide...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: The notifiers shared by the PCI and VIO buses were fixed. The failiommusetup function registers the failiommubusnotifier struct for both PCI and VIO buses. The struct notifierblock is a linked-list node, which mean...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing the name variable directly, tearing down components may lead to use-after-free errors. Duplicating the name variable can prevent this issue. At the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: preventing shift wrapping in rtw89coremlsrswitch The value of “linkid” comes from the user via debugfs. If it is larger than BITSPERLONG, it will result in shift wrapping, potentially leading to out-of-bounds...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the “Video” feature of Google Chrome prior to version 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent. If the controller is not marked as cache coherent, then the kernel will try to ensure coherence during DMA operations, which may lead to data corruption. Therefore...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Settings component of Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to interact with Dev Tools, potentially exploiting heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses the same device for both CPU and Platform. In such cases, the CPU component driver may not have the required driver-name fiel...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in Oracle Java SE component: Hotspot. The supported versions affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23. This vulnerability is difficult to exploit; an unauthenticated attacker with network access via multiple protocols can compromise Oracle Jav...
Astra Linux – Vulnerability in pillow
In Pillow before 8.1.0, PcxDecode has a buffer over-reading issue when decoding a crafted PCX file, because the user-supplied stride value is trusted for buffer calculations...