Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A issue was discovered in ksmbd within the Linux kernel before version 6.6.10. The smb2getdataarealen function in fs/smb/server/smb2misc.c can lead to an out-of-bounds access via smbstrndupfromutf16, due to improper handling of the relationship between the Name data and the CreateContexts data...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8, when using URL validation functionality via the filterVar function with the FILTERVALIDATEURL parameter, a URL with an invalid password field can be accepted as valid. This can cause the code to incorrectly parse the U...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: A stack-out-of-bounds read occurred in l2capecredconnreq. Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd, which is triggered by a malformed Enhanced Credit Based Connection Request. The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Atacade: Ahci: Matching EMMAXSLOTS with SATAPMPMAXPORTS UBSAN reports an array-index-out-of-bounds issue: 1.980703 Kernel: UBSAN: Array-index out of bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: arm64: probes: Fixed the uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels because it does not convert the in-memory instruction encoding which is always little-endian into the kernel’s...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: betop: Check the shape of output reports The betopffinit function only checks that the total sum of the report counts for each report field is at least 4. However, hidbetopffplay expects 4 report fields. A device that sends ...

Astra Linux – Vulnerability in advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow issue through the leuint32read function in /lib/endianrw.h...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fix for out-of-bound access errors The Selfgen statistics are stored in a buffer using the printarraytobufindex function. The array length parameter passed to this function is too large, which may lead to an...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: serial: Fixed the race condition where tty-port wasn’t set. The commit bfc467db60b7 “serial: removed redundant ttyportlinkdevice” was reverted because ttyportlinkdevice isn’t redundant. We need to configure tty-port before callin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer, which triggers the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Do not configure WoWlan in the shutdown hook if it is not enabled. If WoWlan was never configured during the operation of the system, hw-wiphy-wowlanconfig will be NULL. The rsiconfigwowlan function checks whether...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: i2c: acpi: fixed a resource leak in device addition during reconfiguration. The acpii2cfindadapterbyhandle function calls busfinddevice, which takes a reference to the adapter. This reference is never released, resulting in a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Return error for inconsistent extended attributes The ntfsreadea function is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Hash tables are only reset when supported. Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes in the ring buffer used for a channel. Recently,...

Astra Linux – Vulnerability in assimp

A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, resulting in an out-of-bounds read and potentially causing the application to crash...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fixed the refcount leak in the address translation for armsmmudevice. The reference counting issue occurs in several exception handling paths of armsmmuiovatophyshard. When these error scenarios occur, the functio...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fixed a refcount leak in croseccodecplatformprobe. The ofparsephandle function returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue with bitmap corruption when using CLOSERANGEUNSHARE in closerange has been fixed. The function copyfdbitmapsnew, old, count is expected to copy the first count/BITSPERLONG bits from old-fullfdsbits and fill the rest wit...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: A mistake of “one” was corrected in qlaedifappgetstats. The appreply-elem array is allocated earlier in this function, and it contains appreq.numports elements. Therefore, the comparison operator needs to be change...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig It was checked that the pointer to the swmodeconfig function is not NULL before calling it. Not all buses define this callback, which could lead to a NULL pointer being...