Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Avoid out-of-bounds shifts. UBSAN encounters undefined behavior in blk-iocost, where sometimes iocg-delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. 186.5565...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid out-of-bounds access in f2fstruncateinodeblocks syzbot reports an UBSAN issue as follows: ------------ cut here --- UBSAN: Array-index out-of-bounds in fs/f2fs/node.h:381:10 Index 18446744073709550692 is out ...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...

Astra Linux – Vulnerability in imagemagick

A floating-point mathematical calculation within the ScaleAnyToQuantum function in /MagickCore/quantum-private.h could lead to undefined behavior, resulting in a value that falls outside the range of the type unsigned long long. This flaw can be triggered by a malicious input file under certain...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick in the coders/txt.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned long long. This likely leads to a disruption in the application’s...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned long. This likely leads to a disruption in t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fixed UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 Index -84 is out of range for type ‘s8341’ aka ‘signed char341’...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances occasionally reset. Once recently logged a UBSAN failure to console in the process: UBSAN: shift-out-of-bounds in...

Astra Linux – Vulnerability in Firefox, Thunderbird

Sandbox escape due to undefined behavior, invalid pointer in the Graphics:Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: added a range check for connrspepid in htcconnectservice. I have identified the following bugs in my fuzzer: UBSAN: Array index out of bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 Index 255 is out of range...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fixed an issue where UBSAN used an array-index that was out of bounds for SMU7. For pptable structures that use flexible array sizes, use flexible arrays instead...

Astra Linux – Vulnerability in imagemagick

In ImageMagick, there are many cases where the alignment of the double type is incorrect. The double type requires 8 bytes of alignment, while the float type requires 4 bytes of alignment. This issue is addressed in the MagickCore/property.c file. Whenever malicious or untrusted input is processe...

Astra Linux – Vulnerability in Thunderbird, Firefox

An invalid downcast from nsTextNode to SVGElement could result in undefined behavior. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux – Vulnerability in ffmpeg5

It was discovered that FFmpeg version n6.1 contains a heap buffer overflow vulnerability in the drawblockrectangle function of libavfilter/vfcodecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service DoS attack through crafted inputs...

RUSTSEC-2026-0133 Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

RUSTSEC-2026-0123 Out-of-bounds read in `bytes_helper` public safe functions

The byteshelper module contains multiple public functions intoarr4, intoarr2, u8fromlebytes that use slice.getuncheckedpos..pos + N without verifying that pos + N = slice.len. These are public safe API functions, allowing any caller to trigger undefined behavior by passing invalid positions. For...

Invalid pointer arithmetic in `iter()` and `iter_mut()`

The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...

Null-pointer dereference and double-free via safe APIs

Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked index mapping error in the ALSA ctxfi driver, which could lead to undefined behavior...