529989 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: Fix for a potential overflow in amufiesetup. The function cpufreqgetHWmaxfreq returns the maximum frequency in kHz as an unsigned int. However, the function freqinvsetmaxratio receives this frequency in Hz as an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree. If virtiogpuobjectshmeminit fails e.g., due to fault injection, as happened in the bug report by syzbot, virtiogpuarrayputfree might be called with objs being NUL...
Astra Linux – Vulnerability in Poppler
A vulnerability was discovered in the freedesktop Poppler version 20.12.1. This vulnerability allows remote attackers to trigger a Denial-of-Service DoS attack through a crafted .pdf file, targeting the FoFiType1C::cvtGlyph function...
Astra Linux – Vulnerability in gstreamer1.0, gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the issue where the fence was put before waiting in amdgpuamdkfdsubmitib. The amdgpuamdkfdsubmitib function submits a GPU job and obtains a fence from amdgpuibschedule. This fence is used to wait for the job to...
Astra Linux – Vulnerability in Node.js
A OS command injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check. This vulnerability can be easily exploited, as the IsIPAddress function does not properly check whether an IP address is invalid before making DBS requests, thereby...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...
Astra Linux – Vulnerability in opensc
OpenSC before version 0.20.0 has a double-free issue in coolkeyfreeprivatedata, because the coolkeyaddobject function in libopensc/card-coolkey.c lacks a uniqueness check...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: eth: sungem: Remove .ndopollcontroller to avoid deadlocks. Erhard reports netpoll warnings from sungem: netpollsendskbondev: eth0 enables interrupts during polling gemstartxmit+0x0/0x398. Warning: CPU: 1, PID: 1; at...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue occurs when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fixed a memory leak in the error path. In samsungdsimhostattach, the drmbridgeadd function is called to add the bridge. However, if samsungdsimregisterteirq or pdata-hostops-attach fails later, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mm: cachestat: fixed two shmem bugs When cachestat on shmem overlaps with swapping and invalidation, there are two possible bugs: 1 A swapin error may result in a corrupted swap entry in the shmem inode’s xarray. Calling...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ceph: Added initializers for the cephpathinfo structure when they were missing. The cephmdscbuildpath function must be called with a cephpathinfo parameter initialized to zero. Otherwise, the cephmdscfreepathinfo function migh...
Astra Linux – Vulnerability in Nasm
There is an illegal address access in asm/preproc.c function: ismmacro within Netwide Assembler NASM 2.14rc16. This issue may lead to a denial of service due to out-of-bounds array access, as a certain conversion can result in a negative integer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: PSR-SU should also be disabled for Parade 08-01 TCON. Stuart Hayhurst has found that both during bootup and when the fullscreen VA-API video mode is used, black screens occur for about 1 second, and a kernel...
Astra Linux – Vulnerability in ffmpeg5
FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: Do not attempt to NUMA-migrate COW pages that have other uses. Oded Gabbay reported that enabling NUMA balancing causes corruption in his Gaudi accelerator test. He described the situation as follows: “All the details are in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, issues with drop bad gso csumstart and offset in virtionethdr have been addressed. Additionally, the checks for csumstart and csumoffset in virtionethdrtoskb for GSO packets have been improved. The function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gpio: loongson-64bit: Fixed an incorrect NULL check after devmkcalloc Fixed an incorrect NULL check in loongsongpioinitirqchip. The function checks chip-parent instead of chip-irq.parents...