3141 matches found
Astra Linux – Vulnerability in Python 3.11
The ‘zipfile’ module does not check the validity of the offset value specified in the ZIP64 End of Central Directory EOCD Locator record. Instead, the ZIP64 EOCD record is assumed to be the previous record in the ZIP archive. This behavior could be exploited to create ZIP archives that are...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validating the command header size against SVGACMDMAXDATASIZE This data originates from user space and is used in buffer offset calculations, which may potentially lead to an out-of-bounds access if the calculation...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: It is necessary to preserve the id of the register in the synclinked regs function. The synclinked regs function copies the id of knownreg to reg when propagating the bounds of knownreg to reg, using the offset of knownreg...
PT-2026-51863
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the kvm reset dirty gfn function within the Kernel-based Virtual Machine KVM component. A local attacker with access to /dev/kvm can manipulate dirty ring...
CVE-2026-49271
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: amdgpu: validate offsetinbo of drmamdgpugemva This issue arises due to OOB access in amdgpuvmupdaterange when offsetinbo + mapsize causes an overflow. Changes made in versions v2 and v3: - The validations were retained in...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, the checkflowkeysaccess function only uses a fixed offset for validation. However, the variable offset ptr isn’t prohibited for this type of pointer. Therefore,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed the behavior of the READ operation near OFFSETMAX. Dan Aloni reports: Due to commit 8cfb9015280d “NFS: Always provide aligned buffers to RPC read layers” on the client, a read of 0xfff is aligned up to the server’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for out-of-bounds punch offset Punching a hole with a start offset that exceeds maxend is not allowed. This will result in a negative length value in the truncateinodepartialfolio function when truncating the page cache...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel before version 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. A unhandled page fault may occur...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sfc: Fixed the TX channel offset when using legacy interrupts. In the legacy interrupt mode, the txchanneloffset was hardcoded to 1, but this is incorrect if efxsepparatetxChannels is set to false. In that case, the offset is 0...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed an incorrect offset in biotruncate The biotruncate function clears the buffer outside of the last block of bdev. However, the current implementation of biotruncate uses the wrong offset for the page. As a result, it...
Astra Linux – Vulnerability in Vim
Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2.4440...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset to be added to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue was...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: md/md-bitmap: corrected incorrect usage of sbindex The commit d7038f951828 "md-bitmap: do not use -index for pages backing the bitmap file" removed page-index from the bitmap code. However, incorrect code logic was retained fo...
Astra Linux – Vulnerability in OpenSSL
AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...
Astra Linux – Vulnerability in Vim
Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jbd2: fixed the potential buffer head reference count leak. In the case of jbd2fcwaitbufs, if the buffer is not up-to-date, it will return -EIO without updating journal-jfcoff. However, in jbd2fcreleasebufs, the buffer head will ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - svcrdma: The use of rcpageoff for the byte offset in memcpy was corrected. - svcrdmacopyInlinerange: The page index rccurpage was added to the page base instead of the byte offset rcpageoff. Use rcpageoff to ensure that copi...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: The offset and length are sanitized before calling skbchecksum. If the access to the sum of the offset and length exceeds the skbuff length, then skbchecksum triggers a BUGON. skbchecksum internally subtrac...