522980 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net: bridge section, for the mcast function, it was decided to always update the mdbnEntries value for VLAN contexts. The syzbot triggered a warning1 regarding the number of mdb entries in a context. It turns out that ther...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fix memory access flags in helper prototypes After the commit 37cce22dbd51 “bpf: verifier: Refactor helper access type tracking”, the verifier began relying on the access type flags in helper function prototypes to perfor...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed a memory leak in the GETDATADIRECTSYSFSPATH handler. The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The call to ksmbdvfskernpathendremoving is required on some error paths. There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system. In versions 2.4.2 and earlier, a heap buffer overflow vulnerability existed, which allowed a remote attacker to launch a Denial-of-Service DoS attack. This vulnerability was present in the formatlogline function. Exploitation of this...
Astra Linux – Vulnerability in imagemagick
In the IntensityCompare function in /magick/quantize.c, there are calls to PixelPacketIntensity, which may return overflowing values to the caller when ImageMagick processes a crafted input file. To address this issue, the patch introduces and utilizes the ConstrainPixelIntensity function. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Do not force clear the buffer if it is referenced. The patch series “nilfs2: Protect busy buffer heads from being forced to be cleared” addresses this issue. This patch fixes the inconsistency in buffer head states report...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: tipc: Fixed a use-after-free in the kernel socket during the cleanupbearer function. syzkaller reported a use-after-free of the UDP kernel socket in cleanupbearer. This issue occurred without any reprovisioning. When the...
Astra Linux – Vulnerability in binutils
A out-of-bounds read flaw was discovered in the parsemodule function in bfd/vms-alpha.c in Binutils...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Packet: Annotate data-races around ignoreoutgoing The function ignoreoutgoing is executed without a read lock, from devqueuexmitnit and packetgetsockopt. Add appropriate READONCE/WRITEONCE annotations. Syzbot reported: BUG: KCSAN...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...
Astra Linux – Vulnerability in libxml2
A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...
Astra Linux – Vulnerability in net-snmp
The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...
Astra Linux - Vulnerability in Golang-1.19
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fixed the null check for powersupplygetbyname. In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the mpls module, the function mplsrouteinputrcu uses rcudereferencertnl. As reported by syzbot 0, the mplsrouteinputrcu function can be called from mplsgetroute, which operates under RTNL. Additionally, the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: aacraid: Fixed a double-free on probe failure. The aacprobeone function calls hardware-specific initialization functions through the aacdriverident::init pointer. All of these functions ultimately call aacinitadapter. If...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fixed a reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routine has a clear reference leak in its error handling path. If the call to kernfsfindandget fails, kn will be NULL. As a result, th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fixed a null pointer crash in mtkdrmcrtcfinishpageflip. It is possible that mtkcrtc-event is NULL in mtkdrmcrtcfinishpageflip. The pendingneedsvblank value is set by mtkcrtc-event, but in mtkdrmcrtcatomicFlush, it...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...