Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible for this issue to occur when the mass storage function tries to queue requests from the main thread. However, other threads may already disable the endpoint when the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – Fixed RCU usage in the connect path. With lockdep enabled, calls to the connect function from the cfg802.11 layer lead to the following warning: ============================= WARNING: Suspicious RCU usage...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handling of actinetdevs allocation failures The kmallocarray function in nfpfllagdowork will return null if physical memory runs out. As a result, if we dereference actinetdevs, null pointer dereferencing bugs may...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: fncm: Fixed UAF Use-After-Free in the ncm object after re-binding after a USB EP transport error When the ncm function is working, the usb0 interface is stopped due to a link failure. In this case, the ethstop functi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – resolves a race condition during AER recovery During the error recovery process of the PCI AER system, the kernel driver may encounter a race condition related to the freeing of the resetdata structure’s memory. If...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed a deadlock in the usbdeauthorizeinterface function. Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore function is the only one that acquires a device lock on an...

Astra Linux – Vulnerability in Linux, Linux 5.10

A vulnerability was discovered in the drivers/usb/gadget/function/rndis.c file within the Linux kernel before version 5.16.10. The RNDIS USB gadget does not include validation for the size of the RNDISMSGSET command. Attackers can obtain sensitive information from the kernel memory...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The nextScaffoldPart function in xmlparse.c of Expat also known as libexpat, prior to version 2.4.3, has an integer overflow issue...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The lookup function in xmlparse.c within Expat also known as libexpat has an integer overflow before version 2.4.3...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/tls: Fixed the reversed sign in calls to tlserrabort. sk-skerr seems to expect a positive value. This convention is not always followed by ktls, which can lead to memory corruption in other code. For example: c kworker...

Astra Linux – Vulnerability in Qemu

The ethgetgsotype function in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process by sending packet data that lacks a valid Layer 3 protocol...

Astra Linux – Vulnerability found in libsdl1.2, libsdl2, and sdl-image1.2

In SDL Simple DirectMediaLayer, versions from 1.2.15 up to 2.x, and then from 2.0.9 onwards, there is a heap-based buffer over-read issue in the BlitNtoN function within the video/SDLblitN.c file, when it is called from the SDLSoftBlit function in the video/SDLblit.c file...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek – Fixed the omission of ofnodeput in mt2701wm8960machineprobe. This node pointer is returned by ofparsephandle, and the reference count is incremented in this function. Calling ofnodeput was performed to avoid the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: ar9331: Register the MDIobus under devres. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus under devres” - 5135e96a3dd2: “net: dsa: don’t allocate the slavemiibus using devres...

Astra Linux – Vulnerability in zlib, libz-mingw-w64

Zlib versions up to 1.2.12 have a heap-based buffer over-read or buffer overflow issue in the inflate function within inflate.c, due to a large gzip header extra field. NOTE: Only applications that call inflateGetHeader are affected. Some common applications bundle the affected Zlib source code,...

Astra Linux – Vulnerability in HAPProxy

There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel before 5.11.3 when a webcam device is present. The videousercopy function in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, identified as CID-fb18802a338b...

Astra Linux – Vulnerability in md4c

The mdanalyzeline function in md4c.c, within md4c 0.4.7, allows attackers to trigger the use of uninitialized memory, thereby causing a denial of service through a malformed Markdown document...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel before version 5.11.7. The function usbipsockfdstore in drivers/usb/usbip/stubdev.c allows attackers to cause a denial of service attack GPF. This vulnerability occurs due to race conditions during the update of the local and shared status,...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...