6946 matches found
Astra Linux – Vulnerability in PostgresSQL 11
A late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY operation in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. This feature enables the owner of the materialized view to run SQL functions, thereby allowing for the safe refreshing of...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, attempting to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa 168.967392 BUG: kernel NULL pointer dereferenc...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use listfirstornullrcu instead of rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty -...
Astra Linux – Vulnerability in libxml2
In libxml2 versions before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fixed a possible memory leak in thunderbaybuildfunctions Thunderbayaddfunctions will free memory associated with thunderbayfuncs when everything is correct. However, thunderbayfuncs will not be freed when...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Fixed the smatch static checker warning adev-gfx.imu.funcs could be NULL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fixed a slab-out-of-bounds read in iobundlenbufs sqe-len is a u32 type, but it is stored in sr-len, which is an int type. When userspace passes values of sqe-len that exceed INTMAX e.g., 0xFFFFFFFF, sr-len overflows ...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed memory ordering between normal and ordered work functions. Ordered work functions are not guaranteed to be handled by the same thread that executes the normal work functions. The only way to synchronize execution...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: hns3: fixed a kernel crash that occurred when uninstalling the driver. When the driver is uninstalled and the VFs are disabled concurrently, a kernel crash occurs. The reason is that both actions call the function...
Astra Linux – Vulnerability in glibc
A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fixed a race condition between enabling/disabling SR-IOV and hot-plug events. The commit 05703271c3cd “PCI/IOV: Added locking for PCI rescan/remove operations when enabling/disabling SR-IOV” attempted to address the race...
Astra Linux – Vulnerability in Firefox and Thunderbird
Methods AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters may experience integer overflows, resulting in underallocation of an output buffer and thus causing out-of-bounds write attacks. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed the missing .istwopixelspercontainer field. Starting from version 6.11, the AMDGPU driver, when loaded with amdgpu.dc=1, may cause a NULL pointer dereferencing on PCs with older GPUs, such as R9 280X, due t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/vf: Do not expose sysfs attributes that are not applicable to VFs. VFs cannot read the BMGPCIECAP0x138340 register, nor can they access the PCODE which is already guarded by the info.skippcode flag. Therefore, we should...
Astra Linux – Vulnerability in PHP 8.1, PHP 7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. pgsql and pdopgsql versions, the escaping functions do not check whether the underlying quoting functions return errors. This could lead to crashes if the Postgres server rejects the string as invalid...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: benet: Fixed a bug when creating VFs. The benet function crashes as soon as SRIOV VFs are created: Kernel bug at mm/vmalloc.c:3457! Oops: Invalid opcode: 0000 1 SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: Load...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port-specific driver unbind When we unbind a serial port via a hardware-specific 8250 driver, the generic serial8250 driver takes over control of the port. After that, an oops occurs approximately ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: iavf: fixed the hang that occurs upon reboot with ice When a system with E810 and existing VFs is rebooted, the following hang may occur. PID 1 is hung in iavfremove, part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU...