226293 matches found
Astra Linux – Vulnerability in Linux
A NULL pointer dereference flaw was discovered in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem, regarding the way the user terminates the LR-WPAN connection. This flaw allows a local user to crash the system. The greatest threat posed by this vulnerability is to system...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.x. The kernel/bpf/verifier.c file contains unwanted out-of-bounds speculation during pointer arithmetic operations, which allows for side-channel attacks that circumvent Spectre mitigations and extract sensitive information from kern...
Astra Linux – Vulnerability in Linux, Linux 5.10
A memory overflow vulnerability was discovered in the ipc functionality of the memcg subsystem in the Linux kernel. This vulnerability occurs when a user calls the semget function multiple times, thereby creating semaphores. This flaw allows a local user to deplete resources, resulting in a denia...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usbnet: A sanity check for maxpacket. A value of 0 for maxpacket makes no sense, and it causes an error because we need to divide by it. Given up. V2: Typos in the log have been corrected, and stylistic issues have also been...
Astra Linux – Vulnerability in Linux, Linux 5.10
A issue was discovered in the Linux kernel for PowerPC before version 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to a bug in the implementation of arch/powerpc/kvm/book3shvrmhandlers.S, which handles the values of the SRR1 register...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw was discovered in the Linux kernel. A use-after-free vulnerability in the NFC stack can pose a threat to confidentiality, integrity, and system availability...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A flaw was discovered in the Linux kernel. A use-after-free may occur when plugging/dismounting a malicious USB device that claims to be an Asus device. Similar to the previously known CVE-2023-25012, but in Asus devices, the workstruct structure may be modified by the LED controller during the...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel’s EBPF verifier when handling internal data structures. Internal memory locations could be exposed to userspace. A local attacker with the permission to insert eBPF code into the kernel can exploit this vulnerability to leak internal kernel memor...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsnew inode in the file fs/nilfs2/inode.c of the BPF component. This vulnerability allows for manipulation after the memory allocation function free is called. The attack ca...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Remove duplicate resource teardown The epfntbepcdestroy function duplicates the teardown that the caller is supposed to perform later. This leads to an error when .allowlink fails, or when .droplink i...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup of FB if dpuformatpopulatelayout fails If dpuformatpopulatelayout fails, then FB is prepared, but not cleaned up. This results in the pincount being leaked from the GEM object, causing a crash during DRM file...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A use-after-free flaw was discovered in xen9pfsfrontremovet in net/9p/transxen.c within the Xen transport for 9pfs in the Linux kernel. This flaw could allow a local attacker to cause the system to crash due to a race condition, potentially leading to a kernel information leak...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A flaw was discovered in the Linux kernel’s Traffic Control TC subsystem. Using a specific networking configuration—redirecting egress packets to ingress using the TC “mirred” action—a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TCP or...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A race condition was detected in the Linux kernel’s watch queue due to a missing lock in the piperesizering function. The specific flaw lies in the handling of pipe buffers. The problem arises from the lack of proper locking when performing operations on an object. This flaw allows a local user t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/64s: Fixed the program check interrupt emergency stack path issue. The emergency stack path was jumping into a 3: label within the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A flaw was discovered in the Linux kernel. A denial-of-service attack may occur if a consecutive request for NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET is made through the device file of the driver, resulting in a disconnection of the PCIe link...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A use-after-free issue was discovered in the driver/firewire component, specifically in the outbound PhyPacketCallback function within the Linux kernel. In this flaw, a local attacker with special privileges could cause a use-after-free error when queueevent fails...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: exFat: Fix for improper checking of dentry.stream.validsize We identified a infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the...
Astra Linux – Vulnerability in Linux 5.10
A vulnerability was discovered in the net/tipc/crypto.c file within the Linux kernel before version 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit a lack of sufficient validation of the user-supplied sizes for the MSGCRYPTO message type...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid failures during online resizing due to an overly large flexbgsize. When we perform online resizing on an ext4 filesystem with an excessively large flexbgsize, the following warning is triggered:...