523233 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fixed a resource leak in the error handling path. If iiodeviceregister fails, a previous ioremap call remains unbalanced. The error handling path has been updated, and the missing iounmap call has been added...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: cgroup: The cgroupgetfromid function must check that the looked-up key is a directory. The cgroup object must be a kernfs directory; otherwise, a kernel panic will occur, especially when the cgroup ID is provided from the user...
Astra Linux – Vulnerability in ffmpeg
A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ffframepoolget function in framepool.c...
Astra Linux – Vulnerability in libmysofa
Incorrect handling of input data in the verifyAttribute function in the libmysofa library version 0.5 to 1.1 may lead to NULL pointer dereferencing and segmentation faults in cases of restrictive memory protection. In cases without memory restrictions e.g., in embedded environments, it may also...
Astra Linux – Vulnerability in Linux 5.15
A issue was discovered in ksmbd within the Linux kernel versions 5.15 through 5.19, prior to 5.19.2. The file fs/ksmbd/smb2misc.c contains an out-of-bounds read and an OOPS error related to the SMB2TREECONNECT function...
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains an unknown vulnerability through the ffhevcputhevcqpelh3v3sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcm80211 – Handle PMKOP allocation failures The kzalloc function in brcm80211pmksav3op will return null if physical memory runs out. As a result, if we dereference the null value, a null pointer dereference bug will occur...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Input: sparcsspkr – fixed the refcount leak in bbcbeepprobe. The function offindnodebypath calls ofnodeoptsbypath, which returns a node pointer with a refcount incremented. We should use ofnodeput on it after processing. Add...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: Fixed a use-after-free bug by not setting udc-dev.driver. The syzbot fuzzer identified a use-after-free bug: BUG: KASAN: Use-after-free in devuevent+0x712/0x780 drivers/base/core.c:2320. A memory read of size 8 at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300 – ensure that the data length is within the supported range. A explicit check for the transfer length should be added to ‘rtl9300i2cconfigxfer’ to ensure that the data length is not within the supported range. In...
Astra Linux – Vulnerability in netcdf
A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files out-of-bounds read after a certain strcspn failure...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: A potential memory leak was fixed in qedrallocmr. The qedrallocmr function allocates a memory chunk for “mr-info.pbltable” using initmrinfo. When rdmaalloctid and rdmaregistertid fail, “mr” is released, but...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: clk: Fixed the issue where clkcoreget could dereference a NULL value. It is possible for clkcoreget to dereference a NULL value in the following sequence: c clkcoreget ofclkgetHWFromClkspec ofclkgetHWFromProvider clkgetHW clkgetH...
Astra Linux – Vulnerability in libwebp
An use of an uninitialized value was found in libwebp in versions before 1.0.1 in the ReadSymbol function...
Astra Linux – Vulnerability in libwebp
A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the GetLE24 function...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add a NULL check in udmaprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, resulting in a NULL pointer being dereferenced. Add a NULL chec...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save the CS register in cases of AMD Zen IF Poison errors. The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC for poison consumption errors. Therefore,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: hinic: fixed a memory leak when reading the function table. When the input parameter idx matches the expected case option in hinicdbggetfunctable, the readdata variable is not released properly. This issue has been addressed...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the rxrpclocal leak in rxrpclookuppeer. It is necessary to call rxrpcPutlocal for the peer candidate before kfree, as it holds a reference to rxrpclocal. DH: v2: The peer freeing code has been abstracted into a...
Astra Linux – Vulnerability in Thunderbird
The olmsessiondescribe function in Matrix libolm before version 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a...