446719 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: A potential dereference issue with RCU resources has been fixed in the wilcparsejoinbssparam function. In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side...
Astra Linux – Vulnerability in WebKit2GTK
A cookie management issue has been resolved through improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Bridge: MST: Fixed vlan use-after-free The syzbot reported a suspicious RCU usage1 in the MST code of the bridge. While fixing this issue, I noticed that nothing prevents vlan data from being freed while walking the list fro...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereferencing in v3djobupdatestats The following kernel error was recently reported by Mesa CI: 800.139824 Unable to handle NULL pointer dereferencing at virtual address 0000000000000588 800.148619...
Astra Linux – Vulnerability in docker.io
Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: stratix10-rsu: Fixed a NULL pointer dereference issue when RSU is disabled. When the Remote System Update RSU is not enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when...
Astra Linux – Vulnerability in Apache2
An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed missing xasretry calls during xarray iteration. netfslib has several places where it performs iteration of an xarray while being under the RCU read lock. It should call xasretry as the first step inside the loop. ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftexprtypeget. The function nftunregisterexpr can occur concurrently with nftexprtypeget. There is no protection when iterating over the nftablesexpressions list in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Corruption occurred when data start offsets were not applied. The commit 04d82a6d0881 “binfmtflat: Allow not offsetting data start” introduced a RISC-V-specific variant of the FLAT format. This variant does not alloca...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: Protect flwalk with rcu. The patch that refactored flwalk to use idrforeachentrycontinueul also removed the rcu protection for individual filters. This caused a use-after-free when the filter was deleted...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel through version 5.16-rc6. The ef100updatestats function in drivers/net/ethernet/sfc/ef100nic.c lacks a check for the return value of kmalloc...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – A memory leak occurred during the stateful object update. Stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function wa...
Astra Linux – Vulnerability in Vim
A vulnerability was discovered in Vim and is classified as problematic. The issue affects the qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. This manipulation leads to memory corruption after the function is called. The attack can be launched remotely. Upgrading ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: Timer – Setting a lower limit for the start tick time Currently, the ALSA timer does not have a lower limit for the start tick time. It allows a very small size, for example, 1 tick with a resolution of 1 ns for the hrtimer...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, do not delay the execution of dstentriesadd within dstrelease. - dstentriesadd uses data per-core that might be freed during the dismantling of ip6routenetexit, by calling dstentriesdestroy. Before...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fpga: bridge: Added a module owner field and used its pointer to count the reference count of the module. The current implementation of the fpgabridge assumes that the low-level module registers a driver for the parent device...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...
Astra Linux – Vulnerability in Firefox
A use-after-free crash could occur on macOS if a Firefox update was applied to a heavily utilized system. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...