15027 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixed a panic issue by disabling preemption. In RISCV, we must use an AUIPC + JALR pair to encode an immediate jump, creating a jump to an address beyond 4K. This may cause errors if we want to enable kernel...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/fpu: Fixed the copyxstatetouabi function to correctly copy init states. When an extended state component is not present in fpstate, but is present in init state, the function copies data from initfpstate using copyfeature...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access The issue arises from calls to max20086parseregulatorsDt where ofregulatormatch uses an array of struct ofregulatormatch allocated on the stack as the argument for the matches...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/pseries/iommu: The IOMMU incorrectly marks the MMIO range in DDW. The Power Hypervisor may allocate MMIO windows that intersect with the Dynamic DMA Window DDW range, which spans over 32-bit addressing. These MMIO page...
Astra Linux - уязвимость в edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nftables: nftdynset: fixed a possible stateful expression memory leak in the error path. If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without...
Astra Linux - уязвимость в glibc
A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mtd: core: added ofnodeget in the dynamic partitions code This fixes the issue with ofnodeput: 1.078910 6 cmdlinepart partitions found on the MTD device gpmi-nand 1.085116 Creating 6 MTD partitions on “gpmi-nand”: 1.090181...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: Fixed an out-of-bounds access issue in mchpipcgetclusteraggrirq. The clustercfg array is dynamically allocated to hold per-CPU configuration structures. Its size is determined by the number of online CPUs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an out-of-bounds dynptr write in bpfcryptocrypt. Stanislav reported that in bpfcryptocrypt, the size of the destination dynptr is not validated to be at least as large as the size of the source dynptr before calling th...
Astra Linux - уязвимость в firefox
Service workers may reveal the script-based base URL due to dynamic import. This vulnerability affects Firefox versions earlier than 113...
Astra Linux - уязвимость в isc-dhcp
In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted. This issue was fixed to avoid NULL pointer dereference during runtim...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Updated the intermediate power state for SI. Updated the current state to the boot state during dpm initialization. During subsequent initialization, setpowerstate is called to transition to the final power state...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: q6apm: moving component registration to an unmanaged version The q6apm component registers dynamic data from ASoC toplology, which are allocated using device-managed API functions. Assigning both components and...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: misc: miscminoralloc is now using ida to allocate IDs for all dynamic/misc dynamic minors. Previously, miscminoralloc only used ida to allocate IDs for minors in the MISCDYNAMICMINOR case. However, miscminorfree always used idafr...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset the dql stats during a NONFATAL reset. All ibmvnic resets should instead call netdevtxresetqueue when reopening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats...
Astra Linux - уязвимость в libvirt
A flaw was discovered in libvirt during its generation of SELinux MCS category pairs for virtual machines’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breach of sVirt confinement. The greatest threat posed by this vulnerability...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: swiotlb: Initialize the restricted pool listhead when SWIOTLBDYNAMIC=y. Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash during boot-time...
Astra Linux - уязвимость в connman
The client.c file in gdhcp within ConnMan, as of version 1.41, can be exploited by network-adjacent attackers who operate a crafted DHCP server. This exploitation can lead to a stack-based buffer overflow and a denial of service attack, resulting in the termination of the connman process...