522774 matches found
Astra Linux – Vulnerability in libxml2
It was discovered that Xmlsoft Libxml2 v2.11.0 contains an out-of-bounds read vulnerability through the xmlSAX2StartElement function located at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS by providing a crafted XML file. NOTE: the vendor’s position is tha...
Astra Linux – Vulnerability in gst-plugins-base1.0
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer value is read from the input file without proper validation. As a result, the value can exceed the fixed size of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Use IWLFWCHECK for link ID check The lookup function iwlmvmrcufwlinkidtolinkconf is typically called with inputs from the firmware. Therefore, it should use IWLFWCHECK instead of WARNON...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the bug: KASAN: null-ptr-deref in rxeqpdocleanup. The function rxecreateqp calls rxeqpfrominit. If an error occurs, the error handler for rxeqpfrominit will set both scq and rcq to NULL. Then, rxecreateqp calls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Fixed a use-after-free issue with the amdgpubolist mutex. If amdgpucsvmhandling returns a value other than 0, it will unlock the bolistmutex within the amdgpucsvmhandling function, and again in amdgpucsparserfini...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a kernel-infoleak in nilfsioctlwrapcopy The ioctl helper function nilfsioctlwrapcopy, which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space memory for read-only ioc...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet – Fix for potential use-after-free in ecbhfremove. The code static void ecbhfremovestructpcidev dev looks as follows: c ... struct ecbhfpriv priv = netdevprivnetdev; unregisternetdevnetdev; freenetdevnetdev;...
Astra Linux – Vulnerability in cjson
It has been discovered that cJSON v1.7.17 contains a segmentation violation, which can occur through the second parameter of the cJSONSetValuestring function in the cJSON.c library...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: A check for a null descriptor is performed before calling ptcmdcallback. This issue resolves a panic that can occur on AMD systems, typically during host shutdown, after the PTDMA driver has been exercised. The...
Astra Linux – Vulnerability in libde265
It was discovered that libde265 v1.0.10 contains a NULL pointer dereference in the putweightedpred8fallback function located in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...
Astra Linux – Vulnerability in libde265
Libde265 1.0.9 is vulnerable to Buffer Overflow in the function void putqpelfallback...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fscache: Fixed race condition related to invalidation/lookup operations If an NFS file is opened for writing and then closed, the fscacheinvalidate function will be called to invalidate the file. However, if the cookie is in t...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double calls to brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free a free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 … Call Trace:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: armmpam: Fixed null pointer dereference when restoring bandwidth counters When a MSC that supports memory bandwidth monitoring is brought offline and then brought back online, the mpamrestorembwustate function calls rismsmonread...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disabling trampoline for kernel module function tracing The current implementation of BPF trampoline in LoongArch is incompatible with tracing functions in kernel modules. This causes several serious and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: inet: frags: dropping fraglist and conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. The issue is reported as being triggered by this behavior...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm/vmemmap/devdax: fixed a kernel crash that occurred when probing devdax devices. The commit 4917f55b4ef9 “mm/sparse-vmemmap: improved memory savings for compound devmaps” added support for using optimized vmmemap for devdax...
Astra Linux – Vulnerability in python-pip
The pip package before version 19.2 for Python allows Directory Traversal when a URL is provided in an install command. This is possible because the Content-Disposition header can contain "../ in the filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This behavior occurs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7996: Avoid NULL pointer dereferencing in mt7996setmonitor The function mt7996setmonitor dereferences a pointer to phy before performing the NULL sanity check. This issue could lead to NULL pointer dereferencing. To...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure that there is sufficient space to access the protocol field of the PPPoE header. Validate this once before the flowtable lookup, and then use a helper function to access the...