Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: The issue was fixed by correcting fbsetvar to prevent a null-ptr dereference in fbvideomodetovar. If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, it may lead to a null-ptr dereference in...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fixed the issue where the link state was exited during the removal of an upstream function. Before version 456d8aa37d0f “PCI/ASPM: Disabled ASPM during the removal of an MFD function to avoid use-after-free”, we only...

Astra Linux – Vulnerability in libtar

The thread function does not free the variable t-thbuf.gnulongname after allocating memory, which may lead to a memory leak...

Astra Linux – Vulnerability in libtar

The thread function does not free the variable t-thbuf.gnulonglink after allocating memory, which may lead to a memory leak...

Astra Linux - Vulnerability in Golang-1.19

A denial of service may occur due to excessive resource consumption in the net/http and mime/multipart libraries. Parsing multipart forms using mime/multipart.Reader.ReadForm can consume a largely unlimited amount of memory and disk space. This issue also affects form parsing in the net/http...

Astra Linux - Vulnerability in Golang-1.19

There is a path traversal vulnerability in the filepath.Clean function on Windows. On Windows, the filepath.Clean function could transform an invalid path such as “a/../c:/b” into the valid path “c:\b”. This transformation of a relative if invalid path into an absolute path could enable a directo...

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

Astra Linux – Vulnerability in binutils

In the GNU Binutils before version 2.40, there is a heap-buffer-overflow issue in the error function bfdgetl32 when called from the stripmain function in strip-new, through a specially crafted file...

Astra Linux – Vulnerability in binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Missing check for virtio Two missing checks in virtionethdrtoskb allowed syzbot to crash kernels again. 1. After the skbsegment function, the buffer may become non-linear nrfrags != 0. However, since the SKBTXSHAREDFRAG...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Validates nvmelocalport correctly The driver load failed with the following error message: qla2xxx 0000:04:00.0-ffff:0: registerlocalport failed: ret=ffffffef And there was a kernel crash: BUG: Unable to handle ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing inode number range checks The patch series “nilfs2: Fixing potential issues related to reserved inodes” addresses these issues. This series fixes a use-after-free issue reported by syzbot, which was caused by th...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs. The value of pdata-gpiounbanked is retrieved from the Device Tree. If the Device Tree is corrupted due to any error, this value can be arbitrary. Without this value validation,...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xdp: The WARN function has been removed from xdpregmemmodel. The syzkaller report indicates a warning in xdpregmemmodel. This warning only occurs if memidinithashtable returns an error. The error occurs in two cases: 1. Memory...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fixed the issue of duplicate endpoints by clearing the reserved bits in the descriptor. Syzbot has identified a bug in usbcore see the Closes tag below. The bug is caused by our assumption that the reserved bits in the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a buffer overflow issue when parsing NFS reparse points. ReparseDataLength is the sum of the InodeType size and the DataBuffer size. To obtain the DataBuffer size, it is necessary to subtract the InodeType size fro...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/stm: Avoid use-after-free issues with crtc and plane The function ltdcload calls the functions drmcrtcinitwithplanes, drmuniversalplaneinit, and drmencoderinit. These functions should not be called with parameters allocate...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Cancel dqisyncwork before freeing oinfo. The ocfs2globalreadinfo function will initialize and schedule dqisyncwork at the end. If an error occurs after successfully reading the global quota, the following warning will be...