Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.52, there was an out-of-bounds read vulnerability in libpng’s simplified API, allowing for reading of up to 10^12 bytes beyond the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel before version 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c contains a use-of-fence issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Updated the intermediate power state for SI. Updated the current state to the boot state during dpm initialization. During subsequent initialization, setpowerstate is called to transition to the final power state...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The code kfdprocessnotifierrelease flushes svmrangerestorework, which in turn calls svmrangelistlockandflushwork to flush...

Astra Linux – Vulnerability in Linux-Firmware

Improper input validation in some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before the Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fixed a use-after-free in error handling of nouveauconnectorcreate. We cannot simply free the connector after calling drmconnectorinit on it. We need to clean up the DRM-related aspects first. This may not fix a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads, it is possible to reach the critical hardware shutdown...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed the issue where mode1 reset caused crashes. If the HW scheduler hangs and mode1 reset is used to recover the GPU, the KFD signals the user space to abort the processes. After the process aborts, user queues...

Astra Linux – Vulnerability in Qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fixed the use of the pointer offset in errorstateread. This fix addresses the issue where, when there is no i915gpucoredump but the bufoffset is non-zero, a kernel page fault may occur. This issue can occur when...

Astra Linux – Vulnerability in Firefox

The return value from gfx::SourceSurfaceSkia::Map wasn’t verified, which could potentially lead to a null pointer dereferencing. This vulnerability affects Firefox versions less than 110...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the type of the second parameter in the odneditdpmtable callback. With Clang’s kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...

Astra Linux – Vulnerability in libgd2

The GD Graphics Library also known as LibGD in versions 2.3.2 and earlier has a vulnerability due to the lack of checks for the return values of gdGetBuf and gdPutBuf functions...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fixed an issue where the maxsubslices array-index-out-of-bounds access occurred. It appears that the commit bc3c5e0809ae “drm/i915/sseu: Do not try to store EU mask internally in UAPI format” exposed a potential...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a NULL pointer check for kzalloc Why & How Check the return pointer of kzalloc before using it...

Astra Linux – Vulnerability in Firefox, Thunderbird

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

Astra Linux – Vulnerability in Firefox

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fixed the potential use of OF nodes after their memory was freed. The foreachchildofnode helper function releases the reference it holds to each node while iterating over its children. The explicit ofnodeput call is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup of FB if dpuformatpopulatelayout fails If dpuformatpopulatelayout fails, then FB is prepared, but not cleaned up. This results in the pincount being leaked from the GEM object, causing a crash during DRM file...