530189 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: kthread: Consolidated the exit paths of kthreads to prevent use-after-free situations. Guillaume reported crashes during KUnit testing due to corrupted RCU callback function pointers. The crash was traced back to the pidfs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networking: DSA: Microchip: Fixed the error path in PTP IRQ setup. If the requestthreadedirq function fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed of. In fact, the error path in...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xdp: fixed an invalid wait context in pagepoolDestroy If the driver uses a page pool, it creates a page pool using pagepoolcreate. The reference count of the page pool is 1 by default. A page pool will only be destroyed when its...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Do not perform the strip or remove function when the driver is built-in. Using exit for the remove function results in the remove callback being discarded when CONFIGMMCDAVINCI=y is enabled. When such a device becom...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If an TCATAPRIOATTRPRIOMAP attribute is provided, the taprioparsemqprioopt function must validate it. Otherwise, arbitrary data can be injected into the kernel when the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disabled the automatic enable of exclusive INTx/IRQs. Currently, for devices that require masking at the irqchip for INTx, i.e., devices without DisINTx support, the IRQ is enabled in the requestirq function, and then...
Astra Linux – Vulnerability in xorg-server
In the X.Org X Server versions 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, which is known as a race condition. Specifically, the AttachDevice function in...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: HID: cougar – fixed a slab-out-of-bounds read in cougarreportfixup. The reportfixup function for the Cougar 500k Gaming Keyboard did not verify that the size of the report descriptor was correct before accessing it...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: posix-timers: A potential memory leak was identified in dotimercreate. When creating a posix timer with allocation of a specific timer ID, if there are issues with accessing the value in the user space, the function terminates...
Astra Linux – Vulnerability in mbedtls
The use of a broken or risky cryptographic algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS for all versions prior to 3.0.0, 2.27.0, or 2.16.11 allows attackers with access to precise timing and memory access information typically from an untrusted operating system attacking a...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed an incorrect offset in biotruncate The biotruncate function clears the buffer outside of the last block of bdev. However, the current implementation of biotruncate uses the wrong offset for the page. As a result, it...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A flaw was discovered after the free function in the Linux kernel’s Xircom 16-bit PCMCIA PC-card Ethernet driver. A local user could exploit this flaw to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability in Tiff
A vulnerability has been discovered in LibTIFF. It has been classified as critical. This vulnerability affects the TIFFReadRGBATileExt function in the file libtiff/tifgetimage.c. Manipulation of this function can lead to integer overflow. The attack can be initiated remotely. The exploit has been...
Astra Linux – Vulnerability in GhostScript
A vulnerability was discovered in Artifex GhostPDL, specifically at the address 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. This vulnerability has been classified as problematic. It affects the pdfferror function in the devices/vector/gdevpdf.c file, within the component named “New Output File Open...
Astra Linux – Vulnerability in Tiff
A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can:mcan:mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jumps to the outfail label and returns without calling mcanreceiveskb. This means that the skb...
Astra Linux – Vulnerability in Linux 5.15
A use-after-free flaw was discovered in the Linux kernel. When a disk is removed, the bdiunregister function is called to stop further write-back operations, and the system waits for the associated delayed tasks to complete. However, the wb inodewritebackend function may schedule bandwidth...
Astra Linux – Vulnerability in libsdl1.2, libsdl2
The SDL Simple DirectMediaLayer versions from 1.2.15 up to 2.x, and from 2.0.9 up to 2.0.9, have a buffer over-reading issue in the IMAADPCMnibble function in the audio/SDLwave.c file...