Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix listdel corruption If the ticsi2rxstartdma function fails in the ticsi2rxdmacallback, the buffer is marked as completed with VB2BUFSTATEERROR, but is not removed from the DMA queue. This causes the sa...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: rtl8187: Fixed a potential buffer underflow in rtl8187rxcb. The rtl8187rxcb function calculates the RX descriptor header address by subtracting its size from the skbtailptr. However, it does not validate whether th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: libertas – Fixed a possible reference count leak in ifusbprobe. The function usbgetdev will be called before lbsgetfirmwareasync. This means that the function usbputdev must be called when lbsgetfirmwareasync fails...

Astra Linux – Vulnerability in libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: Check that the server is running in unlockfilesystem. If we try to unlock the filesystem via an administrative interface, and nfsd is not running, it will cause the server to crash. This occurs currently because the...

Astra Linux – Vulnerability in Qemu

The vulnerability of the qxlsetmode function in the QEMU hardware emulation software is related to the insufficient use of the assert function. Exploiting this vulnerability allows a perpetrator to cause a system failure...

Astra Linux – Vulnerability in linux-astra-modules-5.4

The vulnerability of the initparsecsecid function in the linux-astra-modules kernel module is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause service failures...

Astra Linux – Vulnerability in Parsec

The vulnerability of the loadpath function in the PARSEC security subsystem is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in glib. This vulnerability allows for a heap buffer overflow and a denial-of-service attack through an integer overflow in GLib’s GIO GLib Input/Output escapebytestring function, when processing malicious file or remote filesystem attribute values...

Astra Linux – Vulnerability in Linux

A issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, also known as CID-5d069dbe8aaf. The fusedogetattr function calls makebadinode in inappropriate situations, causing a system crash. NOTE: The original fix for this vulnerability was incomplete, and its...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the Linux kernel before version 5.14.15. There is a flaw where the array index exceeds the bounds in the detachcapictr function located in drivers/isdn/capi/kcapi.c...

Astra Linux – Vulnerability in Linux, Linux 5.10

A vulnerability was discovered in the cgroupreleaseagentwrite function of the Linux kernel, within the kernel/cgroup/cgroup-v1.c file. Under certain circumstances, this flaw allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass namespace isolation unexpectedly...

Astra Linux – Vulnerability in Freetype

It was discovered that the FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f contains a heap buffer overflow issue through the sfntinitface function...

Astra Linux – Vulnerability in ncurses

ncurses 6.3 before patch 20220416 contains a buffer overflow vulnerability and segmentation violation in the convertstrings function in the tinfo/readentry.c file of the terminfo library...

Astra Linux – Vulnerability in Freetype

It was discovered that commit 53dfdcd8198d2b3201a23c4bad9190519ba918db of FreeType contains a segmentation violation due to the FNTSizeRequest function...

Astra Linux – Vulnerability in Freetype

It was discovered that commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 of FreeType contains a segmentation violation due to the FTRequestSize function...

Astra Linux – Vulnerability in glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

Astra Linux – Vulnerability in expat

In Expat also known as libexpat, before version 2.4.5, there is an integer overflow in the copyString function...

Astra Linux – Vulnerability in syslog-ng

syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: seg6: Fixed the iif in the IPv6 socket control block. When an IPv4 packet is received, the iprcvcore... function sets the receiving interface index into the IPv4 socket control block v5.16-rc4, net/ipv4/ipinput.c, line 510: c...