11085 matches found
Astra Linux – Vulnerability in glibc
Before version 2.32, the GNU C Library also known as glibc or libc6 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contained a non-canonical bit pattern. This issue was observed when passing a value of 0x5d414141414141410000 to the sinl...
Astra Linux – Vulnerability in imagemagick
In ImageMagick, there is a value of the type 'unsigned int' that is outside the representable range in MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommufd/selftest: Overflow of uptr and length was caught. syzkaller generated a WARN when trying to have uptr close to UINTPTRMAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufdtest+0xb19/0x16f0 Modul...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fixed module PLTs with mcount Li Huafei reports that the ftrace with module PLTs based on mcount was broken by the commit: a6253579977e4c6f “arm64: ftrace: consistently handle PLTs.” When module PLTs are used and a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fixed ext2setsize when len is page-aligned. The PAGEALIGNx macro returns the next highest value that is a multiple of the page size. However, if x is already page-aligned, it simply returns x. Therefore, if x is passed ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/core: Fixed a reference count bug and a potential UAF in perfmmap. Syzkaller reported a refcountt issue where the increment of the reference count was set to 0; there was also a warning about a use-after-free when using...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevents ALIGN overflow. When allocating IOVA, the candidate range is aligned to the target alignment. If the range is close to ULONGMAX, the ALIGN function may wrap, resulting in a corrupted iova structure. The code use...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The lock-range check for files with equal size is skipped, to avoid underflow when size == 0. When size equals the current isize including 0, the code that calls checklockrangefilp, isize, size - 1, WRITE will compute size...
Astra Linux – Vulnerability in Squid
A issue was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. An integer overflow problem allows a remote server to cause a Denial of Service when delivering responses to HTTP Range requests. The issue is triggered by a header that is expected to exist in HTTP traffic, withou...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb3: Fixed temporary data corruption in the collapse range. The “collapse range” does not discard the affected cached regions; therefore, there is a risk of temporarily corrupting the file data. This fix corresponds to xfstest...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The code kfdprocessnotifierrelease flushes svmrangerestorework, which in turn calls svmrangelistlockandflushwork to flush...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...
Astra Linux – Vulnerability in Firefox, Thunderbird
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mm/gup: fixed guppudrange for dax For dax pud, pudhuge returns true on x86. Therefore, the function works as long as hugetlb is configured. However, dax does not depend on hugetlb. Commit 414fd080d125 “mm/gup: fixed guppmdrang...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Passing a u64 value to ocfs2truncateInline may lead to an overflow. Syzbot reported a kernel bug in ocfs2truncateInline. There are two reasons for this: first, the parameter value passed is greater than...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: A infinite loop occurs when replaying fastcommit. When performing a fastcommit replay, an infinite loop may occur due to an uninitialized extentstatus structure. The ext4extdetermineinserthole function does not detect this...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. Some SMB1 write requests were not properly range-checked to ensure that the client had sent enough data to complete the write operation. As a result, the contents of the server’s memory were written to the file or printer, rather than the data provided by the clien...
Astra Linux – Vulnerability in Vim
Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2.4440...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw involving a null pointer dereference was discovered in the Linux kernel’s UDF file system functionality. This flaw allows a malicious UDF image to trigger the udffilewriteiter function. A local user could exploit this flaw to crash the system. The flaw is present in the Linux kernel versio...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Do not call mmput from the MMU notifier callback. If the process exits, the mmput call within the MMU notifier callback from compactd, fork, or numa balancing may release the last reference to the mm struct. This coul...