530208 matches found
Astra Linux – Vulnerability in binutils
Heap-based Buffer Overflow in the bfdgetl32 function in Binutils objdump 3.37...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Power: Supply: bq27xxx-i2c: Do not free non-existent IRQs. The bq27xxx i2c-client may not have an IRQ; in such cases, client-irq will be 0. The bq27xxxbatteryi2cprobe function already includes a check for client-irq, which wraps...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed the use-after-free issue in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RC...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-m2m: fixed a memory leak in v4l2m2mregisterentity. The entity-name i.e., the name field is allocated during the v4l2m2mregisterentity function, but it is not freed during subsequent error-handling processes. This patc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix for out-of-bounds access When the value of Output Resource dcb-or is assigned in fabricatedcboutput, there may be an out-of-bounds access to the dacusers array, especially when dcb-or is zero. This occurs because...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Packet: Annotate data-races around ignoreoutgoing The function ignoreoutgoing is executed without a read lock, from devqueuexmitnit and packetgetsockopt. Add appropriate READONCE/WRITEONCE annotations. Syzbot reported: BUG: KCSAN...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since calling WARNONCE does not...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1, Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: TLS: Fixed a race condition between the async notify and socket close operations. The thread that submitted the request the one that called recvmsg/sendmsg may exit as soon as the async crypto handler’s complete function is...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the rdsrecvtracklatency function in net/rds/afrds.c in the Linux kernel, from version 6.7.1 onwards, there is an off-by-one error in the comparison of RDSMSGRXDGRAMTRACEMAX, which leads to out-of-bounds access...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Media: BTTV – Fixed an issue where a use-after-free error occurred due to the btv-timeout timer. There may be a race condition between the btvirqtimeout timer function and bttvremove. The timer is set up in the probe phase, and...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fixed a possible out-of-bounds string access issue. Enabling -Wstringop-overflow globally exposes a warning for a common bug in the use of strncat. In the file drivers/edac/thunderxedac.c, in the function...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The roseioctl function in net/rose/afrose.c has a use-after-free issue due to a race condition involving roseaccept...
Astra Linux – Vulnerability in binutils
There is a flaw in the bfdpefscanstartaddress function of bfd/pef.c in binutils, which could allow an attacker who can submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils...
Astra Linux – Vulnerability in gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using HEADERSTRIP decompression. Integer overflow occurs in the matroskaparse element within the gstmatroskadecompressdata function, leading to a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, this overflow cannot ...
Astra Linux – Vulnerability in Node.js
There is an OS command injection vulnerability in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1, due to an insufficient IsAllowedHost check. This vulnerability can be easily bypassed because the IsIPAddress function does not properly check whether an IP address is invalid before making DBS...
Astra Linux – Vulnerability in Vim
A vulnerability was discovered in Vim and is classified as problematic. The issue affects the qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. This manipulation leads to memory corruption after the function is called. The attack can be launched remotely. Upgrading ...
Astra Linux – Vulnerability in Pixman
In libpixman in Pixman before version 0.42.2, there is an out-of-bounds write vulnerability also known as a heap-based buffer overflow in the rasterizeedges8 function, due to an integer overflow in the pixmansamplefloory function...
Astra Linux – Vulnerability in Heimdal, KRB5
PAC parsing in MIT Kerberos 5 also known as krb5 before versions 1.19.4 and 1.20.x before version 1.20.1 contains integer overflows that may lead to remote code execution in the KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms. This results in a heap-based buffer overflow...