Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A memory read flaw that is outside the safe bounds was discovered in receiveencryptedstandard in fs/smb/client/smb2ops.c, within the SMB Client sub-component of the Linux kernel. This issue arises due to an integer underflow occurring during the memcpy operation’s length calculation, resulting in...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the rdsrecvtracklatency function in net/rds/afrds.c in the Linux kernel, from version 6.7.1 onwards, there is an off-by-one error in the comparison of RDSMSGRXDGRAMTRACEMAX, which leads to out-of-bounds access...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

Transmitted requests in Xen’s virtual network protocol can consist of multiple parts. Although none of them are actually useful, except for the initial part, any of these parts can be of zero length, meaning they carry no data at all. In addition to the certain initial portion of the data to be...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the idx validation in config queues msg. Ensured that idx is within the range of active/initialized TC’s when iterating over vf-chidx in i40evcconfigqueuesmsg...

The vulnerability of the dev_replace_rwsem() function in the BTRFS file system of Linux kernels allows a attacker to cause a service failure.

The vulnerability of the devreplacerwsem function in the BTRFS file system of Linux operating systems is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the AMD KVM subsystem for supporting embedded virtualization in Linux kernel allows a hacker to induce a service failure.

The vulnerability of the AMD KVM subsystem for supporting embedded virtualization in Linux operating systems’ kernels is related to improper handling of embedded termination processes. Exploiting this vulnerability can allow attackers to cause service failures...

SUSE CVE-2005-3806

The IPv6 flow label handling code ip6flowlabel.c in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service crash by triggering a free of non-allocated memory...

The vulnerability of the queue insertion function sch_sfb in Linux operating system kernels allows a hacker to cause a service failure.

The vulnerability of the queue insertion function schsfb in Linux operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

UBUNTU-CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ...

USN-3521-1 nvidia-graphics-drivers-384 vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

security flaw

Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service CPU and memory consumption and bypass RLIMMEMLOCK limits via the mlockall call...