Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Added a missing deinit call. A warning is triggered when repeatedly connecting and disconnecting the rnbd interface: The listadd structure is corrupted. prev-next should be set to next ffff88800b13e480, but it was set ...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fixed out-of-bounds accesses in RX fixup The ax88179rxfixup function contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device. Specifically: - The metadata array...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64: probes: Fixed the uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels because it does not convert the in-memory instruction encoding which is always little-endian into the kernel’s...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: betop: Check the shape of output reports The betopffinit function only checks that the total sum of the report counts for each report field is at least 4. However, hidbetopffplay expects 4 report fields. A device that sends ...

Astra Linux – Vulnerability in advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow issue through the leuint32read function in /lib/endianrw.h...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: tcp: Call skdataready after listener migration When inetcsklistenstop migrates an established child socket from a closing listener to another socket within the same SOREUSEPORT group, the target listener receives a new...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fix for out-of-bound access errors The Selfgen statistics are stored in a buffer using the printarraytobufindex function. The array length parameter passed to this function is too large, which may lead to an...

Astra Linux – Vulnerability in libgd2

The readheadertga function in gdtga.c within the GD Graphics Library also known as LibGD, as of 2.3.2, allows remote attackers to cause a denial of service out-of-bounds read through a crafted TGA file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: Fixed the race condition where tty-port wasn’t set. The commit bfc467db60b7 “serial: removed redundant ttyportlinkdevice” was reverted because ttyportlinkdevice isn’t redundant. We need to configure tty-port before callin...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed a crash that occurred during the transportportremove function, by using iocinfo. During this function, messages were logged via devprintk regarding &mpt3sasport-port-dev. At this point, the SAS transport devi...

Astra Linux – Vulnerability in ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fixed the issue where shmem xarray updates occur during migration. A shmem folio can be either in the page cache or in the swap cache, but not both at the same time. Specifically, once it is in the swap cache,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference to usbgetdev is not released during the gpiompsseprobe error paths. This issue was fixed by using device-managed helper functions. Additionally, the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a null check for the ‘afb’ variable in the amdgpudmplanehandlecursorupdate function v2. This commit moves the null check for the ‘afb’ variable to the line where it is actually used in the...

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xsk: Fixed a race condition in socket teardown Fixed a race condition in the xsk socket teardown code that could lead to a NULL pointer dereferencing. The current xskunbindcode in xskunbinddev starts by setting xs-state to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - ice: fixed the issue where calls to PF PTP cleanup iceptpcleanuppf function and the ‘pslock’ mutex deinitialization were missed during error paths involving driver removal. The cleanup process for releasing PTP resources...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm: Set the old handle to NULL before performing the prime swap in changehandle. There was a potential race condition in changehandle. The ioctl function briefly had a single object with two idir entries; a concurrent gemclos...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fixed null pointer access to epfile after ep enable. A race condition occurs when ffsfuncepsenable runs concurrently with ffsdatareset. The ffsdataclear function called in ffsdatareset sets ffs-epfiles to NULL...