PT-2026-42401

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description The ptracePT SC REMOTE function failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. This allows a user with debugging capabilities to trigger arbitrary cod...

FreeBSD : FreeBSD -- Heap overflow in FUSE_LISTXATTR (3cc34467-54b6-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3cc34467-54b6-11f1-8d7a-bc241121aa0a advisory. When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: The encoder for NFSv2 GETACL results has been completed. The xdrstream conversion inadvertently left some code that set the pagelen of the send buffer. The XDR stream encoders should now handle this automatically. This...

Astra Linux - уязвимость в linux, linux-5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the issue where dcc-f2fsissuediscard was not invalidated during the error path. Syzbot reports a NULL pointer dereference issue as follows: refcountadd include/linux/refcount.h:193 inline refcountinc...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevented underflow in nfssvcdecodewriteargs Smatch reported the issue as follows: fs/nfsd/nfsxdr.c:341 nfssvcDecodeWriteArgs Warning: no lower bound on ‘args-len’ The type of the variable has been changed to unsigned to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix for a kernel crash that occurred due to a null io-bio. We should return immediately if io-bio is null before performing any actions. Otherwise, a panic will occur. Bug: Kernel NULL pointer dereferencing, address:...

Astra Linux - уязвимость в u-boot

An integer overflow occurs in the ext4fsreadsymlink function in Das U-Boot before version 2025.01-rc1. This issue arises due to the use of the zalloc function, which adds one to a le32 variable. This occurs through a crafted ext4 file system with an inode size of 0xffffffff. As a result, the mall...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a potential NULL dereference in nfsgetclient. None of the callers is expected to receive a NULL return value from nfsgetclient. Therefore, this code will result in an Oops error. It’s better to return an error pointer....

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed a potential race condition when creating a tree that connects to IPC. Protected access to TCPServerInfo::hostname when naming the IPC tree; this is because the name might be freed by the cifsd thread, potentially...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed incorrect splitting in btrfsdropextentmaprange. In production, we encountered various WARNON messages in the extentmap code, specifically in btrfsdropextentmaprange, when we had to call addextentmapping for the...

Astra Linux - уязвимость в chromium

Before version 94.0.4606.54, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient data validation in the File System of Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Reworked the handling of scratch space for READPLUS again I discovered that the read code might send multiple requests using the same nfspgioheader. However, the nfs4procreadsetup function is only called once. As a resul...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, it may result ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: Respect the gfp mask in kasanpopulatevmalloc. kasanpopulatevmalloc and its helpers ignore the caller’s gfpmask and always allocate memory using the hardcoded GFPKERNEL flag. This makes them inconsistent with...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifsflock has been fixed. If flock is not used, before returning -ENOLCK, the xid should be freed; otherwise, the xid will be leaked...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a deadlock in nilfscountfreeblocks A semaphore deadlock can occur if nilfsgetblock detects metadata corruption while locating data blocks, and a superblock writeback occurs at the same time: task 1 task 2 ------...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...