530059 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: A potential NULL pointer dereferencing has been fixed in ocfs2setbufferuptodate. During cleanup, if flags do not include OCFS2BHREADAHEAD, it may trigger a NULL pointer dereferencing in the ocfs2setbufferuptodate function,...
Astra Linux – Vulnerability in libgit2
libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: The issue of a reference count leak in xgmiitorgmiiprobe has been fixed. The function of Phyfinddevice now returns a device node with the reference count incremented. The call to putdevice is used to relea...
Astra Linux – Vulnerability in binutils
The bfdgenericreadminisymbols function in syms.c within the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.31, contains a memory leak that can occur due to an improperly crafted ELF file. This leads to a denial of service condition due to excessive memory...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: meson-gx: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in mmcallochost may be leaked. 2. In the...
Astra Linux – Vulnerability in imagemagick
In MIFF image processing using ImageMagick, before version 7.1.1-44, the image depth is improperly handled after the SetQuantumFormat function is used...
Astra Linux – Vulnerability in netcdf
A issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxmlstr2utf8, when parsing a crafted XML file, performs zero-length reallocation in ezxml.c, resulting in a NULL pointer being returned in some compilers. After this, the function ezxmlparsestr does not check whether the s variabl...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: dropping logically empty buckets in mtypedel The mtypedel function counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This means that buckets whose live entries hav...
Astra Linux – Vulnerability in xwayland, xorg-server
A buffer overflow vulnerability was discovered in X.Org and Xwayland. If the XkbChangeTypesOfKey function is called with a value of 0 for the “groups” parameter, it will resize the key symbol table to 0, but leave the key actions unchanged. If the same function is called later with a non-zero val...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fixed the refcount leak in armsmmudevice when armsmmurpmget fails. The armsmmurpmget function invokes pmruntimegetsync, which increases the refcount of “smmu”. This occurs even though the return value is less than...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, for the dsa module, in the mv88e6xxx code path, there was a issue with the refcount leak in the mv88e6xxxmdiosregister function. The ofgetchildbyname function returns a node pointer whose refcount is...
Astra Linux – Vulnerability in sane-backends
A NULL pointer dereferencing in the saneiepsonnetread function in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, known as GHSL-2020-075...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: USB: Fixed various issues related to devices connected via 10Gbps cables. The function usbassigndescriptors is called with 5 parameters. The last 4 of these parameters represent USB descriptor headers for the following speeds: -...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprdiommuhwen In the sprdiommucleanup function, before calling the sprdiommuhwen function, dom-sdev is set to NULL, which leads to a null dereference. This issue was detected by the Linux...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/vma: Fixed an anonymous VMA UAF issue related to mremap, where faulty VMA was merged with unfaulted VMA. The patch series “mm/vma: Fix anonymous VMA UAF in mremap faulty/uncorrected merges”, version 2, addresses this issue...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fbdev: smscufx: Fixed several use-after-free bugs. Several types of UAFs Use-After-Free errors can occur when physically removing a USB device. The function ufxopsdestroy has been added to the .fbdestroy of the fbops structure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ntfs: Set a dummy block size to “read bootblock” when mounting. During mounting, sb-sblocksize is used to read the bootblock without being defined or validated. Set a dummy block size before attempting to read the bootblock. The...
Astra Linux – Vulnerability in faad2
A issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbrqmfanalysis32 located in sbrqmf.c. This allows an attacker to cause code execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Optimized module load time by optimizing PLT/GOT counting. When CONFIGKASAN, CONFIGPREEMPTVOLUNTARYBUILD, and CONFIGPREEMPTVOLUNTARY are enabled simultaneously, a soft deadlock may occur. The relevant logs are as...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write attack in the cleardecompressbandsdata function, where there is no offset validation. Abuse of this vulnerability could lead to an...