529747 matches found
Astra Linux – Vulnerability in ntfs-3g
In NTFS-3G versions before 2021.8.22, when a specially crafted NTFS attribute is provided to the function ntfsgetattributevalue, a heap buffer overflow can occur, allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access, which can be...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a slab-use-after-free in ext4splitextentat. We encountered the following use-after-free issues: BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: An error will occur if pixclock equals zero. The user-space program can pass any values to the driver through the ioctl interface. If the driver does not check the value of pixclock, it may lead to a divide-by-zero...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fixed a refcount leak in ariesaudioprobe. The ofparsephandle function returns a node pointer with the refcount incremented; we should use ofnodeput on it when necessary. If extconfindedevbynode fails, it does not...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: udp: Fixed a data race around the sysctludpl3mdevaccept function. When reading sysctludpl3mdevaccept, it can be changed concurrently. Therefore, we need to add a READONCE call to its reader function...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipmi: fixed the use of a pointer after it is freed in ipmidestroyUser. The intffree function frees the “intf” pointer, so we cannot dereference it again in the next line...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: A potential NULL pointer dereferencing has been fixed in ocfs2setbufferuptodate. During cleanup, if flags do not include OCFS2BHREADAHEAD, it may trigger a NULL pointer dereferencing in the ocfs2setbufferuptodate function,...
Astra Linux – Vulnerability in libgit2
libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: The issue of a reference count leak in xgmiitorgmiiprobe has been fixed. The function of Phyfinddevice now returns a device node with the reference count incremented. The call to putdevice is used to relea...
Astra Linux – Vulnerability in binutils
The bfdgenericreadminisymbols function in syms.c within the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.31, contains a memory leak that can occur due to an improperly crafted ELF file. This leads to a denial of service condition due to excessive memory...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: meson-gx: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...
Astra Linux – Vulnerability in imagemagick
In MIFF image processing using ImageMagick, before version 7.1.1-44, the image depth is improperly handled after the SetQuantumFormat function is used...
Astra Linux – Vulnerability in netcdf
A issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxmlstr2utf8, when parsing a crafted XML file, performs zero-length reallocation in ezxml.c, resulting in a NULL pointer being returned in some compilers. After this, the function ezxmlparsestr does not check whether the s variabl...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: dropping logically empty buckets in mtypedel The mtypedel function counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This means that buckets whose live entries hav...
Astra Linux – Vulnerability in xwayland, xorg-server
A buffer overflow vulnerability was discovered in X.Org and Xwayland. If the XkbChangeTypesOfKey function is called with a value of 0 for the “groups” parameter, it will resize the key symbol table to 0, but leave the key actions unchanged. If the same function is called later with a non-zero val...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fixed the refcount leak in armsmmudevice when armsmmurpmget fails. The armsmmurpmget function invokes pmruntimegetsync, which increases the refcount of “smmu”. This occurs even though the return value is less than...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, for the dsa module, in the mv88e6xxx code path, there was a issue with the refcount leak in the mv88e6xxxmdiosregister function. The ofgetchildbyname function returns a node pointer whose refcount is...
Astra Linux – Vulnerability in sane-backends
A NULL pointer dereferencing in the saneiepsonnetread function in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, known as GHSL-2020-075...