Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libbpf: Use of the OPTSSET macro in bpfxdpquery When the featureFlags and xdpzcmaxsegs fields were added to the libbpf bpfxdpQueryOpts structure, the code that wrote these fields did not use the OPTSSET macro. This causes libbpf ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...

Astra Linux - уязвимость в aom

It was discovered that AOM v2.0.1 contains a stack buffer overflow issue through the component stats/ratehist.c...

Astra Linux - уязвимость в gpac

Stack-based Buffer Overflow in the GitHub repository gpac/gpac before version 2.2.2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 Fixed a stack overflow issue in the debugfs read operation. The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments being passed to bin2hex. Currently, the functi...

Astra Linux - уязвимость в libde265

A stack-buffer-overflow exists in libde265 v1.0.8 through fallback-motion.cc in the putepelhvfallback function when running the dec265 program...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...

Astra Linux - уязвимость в qemu

A flaw was discovered in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, in order to reduce overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on th...

Astra Linux – Vulnerability in espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. Additionally, add a number of comments to attempt to document the current state of knowledge regarding RSB attacks and what exactly is...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. In versions starting from 7.0.0 up to before 8.0.2, there was a stack-based buffer overflow vulnerability in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-siz...

Astra Linux - уязвимость в c-ares

A flaw was discovered in the c-ares package. The aressetsortlist function lacks checks for the validity of the input string, which could lead to a stack overflow vulnerability with an arbitrary length. This issue may cause a denial of service or have a limited impact on confidentiality and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Fixed a stack-out-of-bounds memory access from ioapicwriteindirect. KASAN reports the following issue: BUG: In kvmmakevcpusrequestmask+0x174/0x440 kvm, there is a stack-out-of-bounds situation. A read of size 8 at...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10, linux-6.1

A flaw in memory leak prevention in the Linux kernel’s cpuentryarea mechanism for mapping X86 CPU data to memory was discovered. This flaw allows a local user to guess the locations of exception stacks or other important data. By exploiting this flaw, a local user can gain access to certain...

Astra Linux - уязвимость в linux, linux-5.10

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel versions 5.1 through 5.19.x, prior to 5.19.16, could be exploited by local attackers those capable of injecting WLAN frames to trigger use-after-free conditions, potentially allowing them to execute...

Astra Linux – Vulnerability in Netty

The Netty project is an event-driven, asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError could occur when parsing a malformed message due to infinite recursion. This issue has been fixed in version 4.1.86.Final. There is no workaround, except by...

Astra Linux - уязвимость в libjettison-java

An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...

Astra Linux - уязвимость в qemu

A stack-based buffer overflow was discovered in the virtio-net device of QEMU. This issue occurs when flushing the TX operation in the virtionetflushtx function, provided that the guest has enabled VIRTIONETFHASHREPORT, VIRTIOFVERSION1, and VIRTIONETFMRGRXBUF. This could allow a malicious user to...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...