Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel before 5.11.3 when a webcam device is present. The videousercopy function in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, identified as CID-fb18802a338b...

Astra Linux – Vulnerability in md4c

The mdanalyzeline function in md4c.c, within md4c 0.4.7, allows attackers to trigger the use of uninitialized memory, thereby causing a denial of service through a malformed Markdown document...

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel before version 5.11.7. The function usbipsockfdstore in drivers/usb/usbip/stubdev.c allows attackers to cause a denial of service attack GPF. This vulnerability occurs due to race conditions during the update of the local and shared status,...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...

Astra Linux – Vulnerability in ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the fffillrectangle function in libavfilter/drawutils.c. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: afunix: Do not leave consecutive consumed OOB skb’s in the recv queue. Jann Horn reported a use-after-free in the unixstreamreadgeneric function. The following sequences reproduce the issue: $ python3 from socket import s1, s2...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fixed possible out-of-boundary access issues. The at91gpioprobe function does not check whether the given OF alias is available, or if something went wrong during the attempt to use it. This could lead to problems...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: The reordering of clock handling and power management in the probe function. The initialization sequence in usbhsprobe was reordered to enable runtime PM before accessing registers. This prevents potential...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial: Fixed a potential nullptrderef in mlbusioprobe The devmioremap function can return NULL in case of an error. Currently, mlbusioprobe does not check for this case, which could lead to a NULL pointer dereference. A NULL che...

Astra Linux – Vulnerability in grub2

Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...

Astra Linux – Vulnerability in Linux, Linux 5.10

In socksocknested of sock.c, there is a potential exploit after the free function due to a race condition. This could lead to a local escalation of privileges, as the execution privileges required by the system are involved. User interaction is not required for this exploitation. Product: Android...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...

Astra Linux – Vulnerability in ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the deflate16 function within libavfilter/vfneighbor.c. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: The TOCTOU issue in skisreadable has been fixed. sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput call which usually occurs when a socket is removed from the sockma...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access The issue arises from calls to ofregulatormatch, where an array of struct ofregulatormatch is used as the argument for the matches parameter. This array is allocated on the stack. As...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netsched: The gsoskb list is also flushed during the -change operation. Previously, when reducing the limit of a qdisc using the -change operation, only the main skb queue was trimmed, potentially leaving packets in the gsoskb...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ceph: Stopping functions that attempt paths longer than PATHMAX If the full path to be built by cephmdscbuildpath is longer than PATHMAX, this function will enter an endless loop, effectively blocking the entire task. Most of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: uvc: Fixed a dereference of ERRPTR in uvcv4l2.c. Fixed the potential dereference of ERRPTR in findformatbypix and uvcv4l2enumformat. Also, fixed the following matching errors:...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A use-after-free vulnerability has been discovered, affecting the processing of CodecPrivate elements in Matroska streams. In the GSTMATROSKAIDCODECPRIVATE case, within the gstmatroskademuxparsestream function, a data...

Astra Linux – Vulnerability in TIF format

Libtiff 4.5.0 is vulnerable to a Buffer Overflow in the uvencode function when LibTiff reads a corrupted little-endian TIFF file and specifies that the output should be big-endian...