17705 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed races between xattrset|get and listxattr operations. Some issues may occur when performing concurrent xattrset|get and listxattr operations, such as assertion failures, memory corruption, and stale xattr values1. Thi...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access in ntfs inode syncstandardinformation in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass the file extension policy through a crafted HTML page...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux
A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerabilities have been resolved: USB: usbfs: Do not issue a WARN message regarding excessively large memory allocations. Syzbot discovered that the kernel generates a WARN message if the user attempts to perform a bulk transfer using usbfs with a buffer that ...
Astra Linux - уязвимость в chromium
Before version 101.0.4951.41, using the "after free" mechanism in the File System API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
A use-after-free flaw was discovered in the Linux kernel’s Ext4 File System, where a user can trigger multiple file operations simultaneously using the overlay FS mechanism. This flaw allows a local user to crash the system or potentially escalate their privileges on the system. Only if patch...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the re-dirty process of tree-log nodes There is a report of a transaction abort with the following script: !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test moun...
Astra Linux - уязвимость в linux-5.10, linux
A denial-of-service DOS issue was detected in the smb2ioctlqueryinfo function of the Linux kernel, within the fs/cifs/smb2ops.c Common Internet File System. This issue arises due to an incorrect return value from the memdupuser function. This flaw allows a local, privileged attacker with...
Astra Linux - уязвимость в linux-5.10, linux
A NULL pointer dereference flaw was discovered in dbFree in the fs/jfs/jfsdmap.c file of the Journaling File System JFS within the Linux kernel. This issue may allow a local attacker to cause the system to crash due to a missing sanity check...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4copy earlier. Ensure that the refcount and asynccopies fields are initialized early. The cleanupasynccopy function will reference these fields if an error occurs in nfsd4copy. If these fields are not...
Astra Linux - уязвимость в chromium
Insufficient data validation in the File System API of Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions through a crafted HTML page and malicious file. Chromium security severity: Low...
Astra Linux - уязвимость в zabbix
JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...
Astra Linux - уязвимость в linux-5.15, linux-6.1
A use-after-free flaw was discovered in the setupasyncwork function in the KSMBD implementation of the in-kernel Samba server and CIFS services in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed resources...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xfs: Only call xfarray,blobdestroy if we have a valid pointer. Only call the xfarray and xfblob destructors if we have a valid pointer, and make sure to null out that pointer afterwards. Note that this patch fixes a large number ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed the NFSv4.2 kernel bug at mm/usercopy.c:102. A call to listxattr with a buffer size of 0 returns the actual size of the buffer required for a subsequent call. When size 0, nfs4listxattr does not return an error...