Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tipc: Improve size validations for received domain records The function tipcmonrcv allows a node to receive and process domainrecord structures from peer nodes to track their views of the network topology. This patch verifies tha...

Astra Linux - уязвимость в linux, linux-5.10

A stack overflow flaw was discovered in the Linux kernel’s SYSCTL subsystem regarding how a user modifies certain kernel parameters and variables. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux – Vulnerability in snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...

Astra Linux - уязвимость в htmldoc

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hdstrlcpy function in string.c when called from rendercontents in ps-pdf.cxx via a crafted HTML document...

Astra Linux - уязвимость в qemu

A potential stack overflow issue due to an infinite loop was identified in various NIC emulators of QEMU, in versions up to and including 5.2.0. The issue occurs in the loopback mode of a NIC, where reentrant DMA checks are bypassed. A guest user/process may exploit this flaw to consume CPU cycle...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISCV: Fixed a race condition when vmap stack overflow occurs. Currently, when detecting vmap stack overflow, RISCV first switches to the so-called shadow stack, and then uses this shadow stack to call getoverflowstack, in order ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...

Astra Linux - уязвимость в aom

It was discovered that AOM v2.0.1 contains a stack buffer overflow issue through the component stats/ratehist.c...

Astra Linux - уязвимость в firefox

The WebAudio OscillatorNode object was vulnerable to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox versions less than 122...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 Fixed a stack overflow issue in the debugfs read operation. The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments being passed to bin2hex. Currently, the functi...

Astra Linux – Vulnerability in opensc

The gemsafe GPK smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the scpkcs15emugemsafeGPKinit function...

Astra Linux - уязвимость в libde265

A stack-buffer-overflow exists in libde265 v1.0.8 through fallback-motion.cc in the putepelhvfallback function when running the dec265 program...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsmountreply...

Astra Linux - уязвимость в libjpeg-turbo

All versions of Libjpeg-turbo have a stack-based buffer overflow in the “transform” component. A remote attacker can send a malformed JPEG file to the service, causing arbitrary code execution or denial of service for the target service...

Astra Linux – Vulnerability in Netty

The Netty project is an event-driven, asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError could occur when parsing a malformed message due to infinite recursion. This issue has been fixed in version 4.1.86.Final. There is no workaround, except by...

Astra Linux - уязвимость в qemu

A stack-based buffer overflow was discovered in the virtio-net device of QEMU. This issue occurs when flushing the TX operation in the virtionetflushtx function, provided that the guest has enabled VIRTIONETFHASHREPORT, VIRTIOFVERSION1, and VIRTIONETFMRGRXBUF. This could allow a malicious user to...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Add a wrapper around the mlx5etxreporterdumpsq function to extract the SQ value from the struct mlx5etxtimeoutctx structure. In the TX-timeout-recovery flow, the argument passed to this function is actually of type...