11850 matches found
Astra Linux – Vulnerability in Git
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. These untrusted parties could create the folder C:.git, which would be included in Git...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: um: vector: Fixed a memory leak in vectorconfig. If the return value of the umlparsevectorifspec function is NULL, we should call kfreeparams to prevent the memory leak...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fixed a race condition UAF in i915perfaddconfigioctl. Userspace may attempt to race the creation of the oaconfig object with config remove, resulting in a use-after-free if we dereference the object after unlocking the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: Fixed a possible NULL pointer dereference in the remove function. Attempting to remove the driver will cause a crash in cases where the vport fails to initialize. The following trace comes from an instance where the driver...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Do not configure WoWlan in the shutdown hook if it is not enabled. If WoWlan was never configured during the operation of the system, hw-wiphy-wowlanconfig will be NULL. The rsiconfigwowlan function checks whether...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: avs: Fixed a potential RX buffer overflow issue. If an event causes the firmware to return an invalid RX size for LARGECONFIGGET, memcpyfromio might end up copying too many bytes. This issue was fixed by using min...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig It was checked that the pointer to the swmodeconfig function is not NULL before calling it. Not all buses define this callback, which could lead to a NULL pointer being...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: Holding csfgcfgcsdevlock while removing cscfg from csdev. There may be a race condition related to coresight configuration: CPU0 CPU1 perf enable load module cscfgloadconfigsets Activate configuration. // sysfs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid division by zero by initializing the dummy pitch to 1. Why If the dummy values in populatedummydmlsurfacecfg are not updated, they may lead to a division by zero in downstream calls such as...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: pci: Configure manual DAC mode via PCI config API only To support 36-bit DMA, configure the chip’s proprietary bit via the PCI config API or the chip’s DBI interface. However, the PCI device’s mmap is not set yet, an...
Astra Linux – Vulnerability in ffmpeg
A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the configinput function in the afacrossover.c file...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recvwork There is one uaf issue in recvwork when running NBDCLEARSOCK and NBDCMDRECONFIGURE: nbdgenlconnect // confref=2 connect and recvwork A nbdopen // confref=3 recvwork A done // confref=2 NBDCLEARSO...
Astra Linux – Vulnerability in Firefox
If an attacker were able to alter specific about:config values for example, malware running on the user’s computer, the Devtools remote debugging feature might be enabled in a way that is unnoticed by the user. This would allow a remote attacker who can establish a direct network connection to th...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: A possible resource leak was fixed in icomprobe. When pcireadconfigdword failed, calls to pcireleaseregions and pcidisabledevice were made to reallocate the previously allocated resources...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid deadlock in sriovnumvfsstore caused by pcidevlock The sysfs sriovnumvfsstore path acquires the device lock before the config space access lock: sriovnumvfsstore devicelock A 1 acquires the device lock sriovconfigure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY The latest kernel will fail when dealing with the PHY interrupt configuration, as it now relies on allocated private resources. Therefore, running a probe to allocate...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in vDPA with the VDUSE backend. Currently, there are no checks in the VDUSE kernel driver to ensure that the size of the device configuration space is consistent with the features advertised by the VDUSE user-space application. In the event of a mismatch, the Virtio driver...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added a missing error check to scarlett2usbsetconfig. The scarlett2usbsetconfig function calls scarlett2usbget, but did not check the result. If this function fails, an error is returned instead of continuing wit...
Astra Linux - уязвимость в golang-1.19, golang-1.23
Creating a malicious file using cmd/go can result in writing to a file controlled by an attacker, with partial control over the file’s content. The cgo pkg-config: directive in a Go source file provides command-line arguments that are passed to the Go pkg-config command. An attacker can provide a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disabling Intel PT virtualization guest/host mode is enabled by default under CONFIGBROKEN. This means that KVM’s ptmode module parameter is set to BROKEN by default, thereby disabling support for virtualizing Intel PT...