Astra Linux – Vulnerability in DjVuLibre

In DjVuLibre 3.5.27, the DjVmDir.cpp file within the DJVU reader component allows attackers to cause a denial-of-service attack resulting in a crash of the application by creating a DJVU file that triggers a heap-based buffer overflow attack in the GStringRep::strdup function within...

Astra Linux – Vulnerability in libstb

It was discovered that stbimage.h v2.27 contains a heap-based use-after-free issue due to the stbijpeghuffdecode function...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: hwmon: In the readstring function, the sensor index is checked. This prevents potential invalid memory accesses when the requested sensor is not found. findecsensorindex may return a negative value e.g., -ENOENT, but its result w...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Issue: Skipping the reallocation of the Unicode buffer when the console size is resized after exiting the AltScreen mode. When the enteraltscreen function saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed the uninit-value access to imap allocated in the diMount function. The syzbot reports that hexdumptobuffer uses uninit-value: ===================================================== BUG: KMSAN: uninit-value in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The calltrace warning in amddrmbuddyfini has been fixed. The following call trace was observed when the amdgpu driver was removed. This issue arises because the BOs allocated for psp are not freed until the driver is...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereference in the ffhevcputhevcepelpixels8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: Deallocating the damoncall function fails, resulting in the damonctx object being leaked. The damonstatstart function always allocates the module’s damonctx object damonstatcontext. However, if the damoncall functi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. Add the missing ofnodeput cal...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue could occur when the index ‘i’ exceeds the number of transfer function points TRANSFERFUNCPOINTS. The fix includes a...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Stale pointers have been set to zero. The function crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if none of them are obtained...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: Fixed the possibility of a division-by-zero error in findhwthreadmask. The function divides the number of online CPUs by numcoresiblings, and then checks if the result is zero. This may lead to a division-by-zero...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: amdkfd: The gangctxbo memory is properly freed when attempting to initialize the user queue. The destructor of a gtt bo is declared as: void amdgpuamdkfdfreegttmemstruct amdgpudevice adev, void memobj; This function takes void as...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed a warning in ext4handleinodeextension We encountered the following issues: EXT4-fs error device loop0 in ext4reserveinodewrite:5741: Out of memory EXT4-fs error device loop0: ext4setattr:5462: inode 13: comm...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rvcv: fixed an oops caused by the irqsoff latency tracer. The tracehardirqson,off functions require the caller to properly set up the frame pointer. This is because these two functions use the macro CALLERADDR1 also known as...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: A resource leak has been fixed in the remove function. A call to tmiommchostfree is missing from the remove function. This is to balance the call to tmiommchostalloc in the probe. This issue occurs in the error...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs The kernel iterates over ATTRRECORDS in mft records in the ntfsattrfind function. Since ATTRRECORDS are adjacent to each other, the kernel can access the next ATTRRECORD from the en...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fixed potential use-after-free in hisifemacrx The skb object is passed to napigroreceive, which may free it. After calling this function, dereferencing the skb object may trigger a use-after-free...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xhci: A null pointer dereference was fixed in the remove function, especially when xHC has only one roothub. The remove function in the xhci platform driver attempts to remove both the main hcd and the shared hcd, even if only th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A memory leak was fixed in the parseleasestate function. The previous patch that added a bounds check for the create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without...