446659 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Ensure that lastfence is always updated. Update lastfence in the vm-bind path, rather than the kernel-managed path. lastfence is used to wait for work to complete in vmbind contexts, but not in kernel-managed contexts...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A issue was discovered in the Linux kernel before version 5.19.16. Attackers who were able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in the net/mac80211/scan.c file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: This issue prevents vlag from going out of bounds in reweighteevdf. It was possible for pickeevdf to return NULL, which would lead to a NULL-deref. This issue was caused by entityeligible, which returned a falsely...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fixed buffer overflow issues for txbuf and ringxfer. The AD7923 was updated to support devices with 8 channels, but the sizes of txbuf and ringxfer were not adjusted accordingly, resulting in a potential buffer...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: afs: Increase the buffer size in afsupdatevolumestatus. The maximum length of the volume-vid value is 20 characters. Therefore, increase the size of idbuf to 24 to avoid overflow. Found by the Linux Verification Center...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the cleanup flow for mlx5eprivinit. When mlx5eprivinit fails, the cleanup flow calls mlx5eselqcleanup, which in turn calls mlx5eselqapply. This ensures that priv-statelock is held using lockdepisheld. The statelo...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: jbd2: Stop waiting for space when jbd2cleanupjournaltail returns an error. In jbd2logwaitforspace, we may call jbd2cleanupjournaltail to reclaim some journal space. However, if an error occurs during the execution of...
Astra Linux – Vulnerability in Apache Log4j2
Apache Log4j2 versions 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 have JNDI features that are used in configuration, log messages, and parameters. However, these features do not protect against attacks from controlled LDAP endpoints and other JNDI-related...
Astra Linux – Vulnerability in Firefox
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The use-of-free condition was fixed by using callrcu for oplockinfo. Currently, ksmbd immediately frees oplockinfo using kfree, even though it is accessed during critical sections of the RCU read-side, such as in functions...
Astra Linux – Vulnerability in PostgresSQL 11
An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: A potential dereference issue with RCU resources has been fixed in the wilcparsejoinbssparam function. In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side...
Astra Linux – Vulnerability in WebKit2GTK
A cookie management issue has been resolved through improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Bridge: MST: Fixed vlan use-after-free The syzbot reported a suspicious RCU usage1 in the MST code of the bridge. While fixing this issue, I noticed that nothing prevents vlan data from being freed while walking the list fro...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereferencing in v3djobupdatestats The following kernel error was recently reported by Mesa CI: 800.139824 Unable to handle NULL pointer dereferencing at virtual address 0000000000000588 800.148619...
Astra Linux – Vulnerability in docker.io
Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Corruption occurred when data start offsets were not applied. The commit 04d82a6d0881 “binfmtflat: Allow not offsetting data start” introduced a RISC-V-specific variant of the FLAT format. This variant does not alloca...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: Protect flwalk with rcu. The patch that refactored flwalk to use idrforeachentrycontinueul also removed the rcu protection for individual filters. This caused a use-after-free when the filter was deleted...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...