530110 matches found
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. A bug related to incorrect checking of function return values makes Squid vulnerable to Denial of Service attacks targeting its helper process management. This bug has been fixed in Squid version 6.5. Users...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel before version 6.5.9, there is a NULL pointer dereferencing in the sendacknowledge function in net/nfc/nci/spi.c...
Astra Linux – Vulnerability in binutils
A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It involves an attempt at excessive memory allocation in the bfdelfslurpversiontables function within elf.c...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fixed race condition in TTY wakeup A race condition occurs when gsstartio calls either gsstartrx or gsstarttx. These functions briefly release the portlock of usbepqueue. This allows gsclose and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: The vmwtranslateptr functions now return the correct value. Before this fix, these functions used a lookup function that returned a pointer. This has been changed to a new lookup function that returns an error code,...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2, where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub’s argument list. However, it does not check in case the memory allocation fails. Once the allocation fails, a NULL pointer will be processed by the parseoption function,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fixed a race condition between concurrent call paths that invoke dwc3removerequests. This patch addresses a race condition caused by unsynchronized execution of multiple call paths that invoke dwc3removerequests, leadi...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fixed type confusion in bondsetupbyslave Kernel bug at net/core/skbuff.c:2306! Oops: Invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0, net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760, EFLAGS:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, from version 5.19.9 onwards, the drivers/scsi/stex.c file allows local users to access sensitive information from kernel memory. This occurs because the stexqueuecommandlck function lacks a memset for the PASSTHRUCMD case...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fixed memory leakage This patch addresses potential memory leakage and segmentation faults in the gpuvmimportdmabuf function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: call -freefolio directly in foliounmapinvalidate. We can only call filemapfreefolio if we have a reference to or hold a lock on the mapping. Otherwise, we have already removed the folio from the mapping, so it no longer pinch...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to an Out-of-Bounds Write vulnerability in the progressivedecompress function. This issue is likely due to incorrect calculations of the nXSrc and nYSrc...
Astra Linux – Vulnerability in Parsec
The vulnerability of the freetree function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in GhostScript
Artifex Ghostscript version 10.05.1 has a stack-based buffer overflow issue in the pdfwritecmap function, located in the device/vector/gdevpdtw.c file...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fixed a possible NULL pointer dereferencing caused by driver concurrency. In dwc2hcdurbenqueue, the statement “urb-hcpriv = NULL” is executed without holding the lock “hsotg-lock”. In dwc2hcdurbdequeue: c...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Since acpiinstallfixedeventhandler automatically enables the event handling mechanism upon success, it is incorrect to call it before the handler routine is ready to handle...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in an atomic context. The following bug report occurred with the PREEMPTRT kernel: - Bug: A sleeping function was called from an invalid context at...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: rtmutex: The rtmutex::waitlock function is dropped before scheduling. The rtmutexhandledeadlock function is called with the rtmutex::waitlock lock still held. In the good case, it returns with the lock held; in the deadlock case,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: The NFSINOLAYOUTCOMMIT field was cleared in pnfsmarklayoutstateidInvalidial. This fix prevents a crash occurring when the layout is null during this call stack: write inode - nfs4write inode - pnfslayoutcommit inode...