Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

The dotlsgetsockopt function in net/tls/tlsmain.c in the Linux kernel, as of version 6.2.6, lacks a call to locksock. This results in a race condition, which can lead to a use-after-free or NULL pointer dereferencing...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel through version 6.1-rc8. The function dpucrtcatomiccheck in the file drivers/gpu/drm/msm/disp/dpu1/dpucrtc.c lacks a check for the return value of kzalloc. This issue may lead to a NULL Pointer Dereference...

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the GitHub repository for vim/vim before version 9.0.0259...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsbmaplookupatlevel in the file fs/nilfs2/inode.c of the nilfs2 component. Manipulation of this function can lead to a null pointer dereference. The attack can be launched...

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable” to cause a NULL pointer dereference. Version 5.9.2 includes a patch to addres...

Astra Linux – Vulnerability in Vim

NULL pointer dereferencing in the function vimregexecstring at regexp.c:2729 in the GitHub repository vim/vim, prior to version 8.2.4901. NULL pointer dereferencing in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash through crafted inputs...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Prior to versions 6.2.7 and 7.0.0, an attacker who attempted to load a specially crafted Lua script could cause a NULL pointer dereference, resulting in a crash of the redis-server process. This issue was fixed in Redis versions 7.0.0 and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing WHAT IGT kmscursorlegacy’s long-nonblocking-modeset-vs-cursor-atomic fails with a NULL pointer dereference. This issue can be reproduced when both an eDP panel and a DP monitor are...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: A NULL pointer dereference has been fixed in tcpmpdsvdm. It is possible that typecregisterpartner returns ERRPTR upon failure. When port-partner results in an error, a NULL pointer dereference may occur, as show...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: fixed potential NULL pointer dereferencing in ncmbitrate In Google’s internal bug report 265639009, we received a crash report from a aarch64 GKI 5.10.149-android13 running device. This report is currently...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, there was a NULL pointer dereference vulnerability in rdpwritelogoninfov2. This vulnerability allowed a malicious RDP server to crash the FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix nullptrderef in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious dat...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996: fixed null pointer dereference in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store the updated queue settings in that case and apply them later...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fixed NULL pointer dereferencing in sanitycheck. If mockchain returns NULL due to a memory allocation failure, it is passed to dmafenceenableswsignaling, resulting in a NULL pointer dereferencing there. Call...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fixed NULL pointer dereferencing in ixgbexdpsetup The ixgbe driver currently causes a NULL pointer dereferencing with some machines online cpus ringfeatureRINGFFDIR.limit = count; This results in numqueues being set to 63...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fixed the issue of null pointer dereference on the pointer edp. The pointer dev is initialized, and the edp is dereferenced before edp is checked for being null. This could lead to a null pointer dereference issue. This...