530244 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: orangefs: fixed xattr-related buffer overflow issues… Willy Tarreau forwarded me a message from Disclosure , containing the following warning: The helper function xattrkey uses the pointer variable in the loop condition, rather...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, resulting in a UAF and system crash. The driver does no...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: 6lowpan: resetting the link-local header in the IPv6 receive path The Bluetooth 6lowpan.c netdev module has the headerops function; therefore, it must set the link-local header for the RX skb packet. Otherwise, thin...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Added a hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion. This can lead to corrupted data or a system hanging i...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to not dirty the inode for a read-only filesystem. The syzbot reports the f2fs bug as follows: Kernel BUG at fs/f2fs/inode.c:933! RIP: 0010:f2fsevict inode+0x1576/0x1590 fs/f2fs/inode.c:933 Call Trace: evict+0x2a4/0x6...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improved patch ioctl data validation. In the loaddata function, the validation of the main information block is performed, while in loadguspatch, it skips certain checks. In loadguspatch, additional checks are added t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs. The value of pdata-gpiounbanked is retrieved from the Device Tree. If the Device Tree is corrupted due to any error, this value can be arbitrary. Without this value validation,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fpga: bridge: Added a module owner field and used its pointer to count the reference count of the module. The current implementation of the fpgabridge assumes that the low-level module registers a driver for the parent device...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10, Linux-6.1
A issue was discovered in the driver/bluetooth/hcildisc.c file within the Linux kernel 6.2. In hciuartttyioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. The HCIUARTPROTOSET function is called before hu-proto is set. A NULL pointer dereferencing may occur...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: Benchmark: Properly handling NUMANONODE. The cpumaskofnode function can be called within domapbenchmark when dealing with the NUMANONODE configuration. This results in the following issue reported by the sanitizer...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. This flaw occurs when dropping packets during a bulk transfer from a SPICE client, due to the packet queue being full. A malicious SPICE client could exploit this flaw to call the free function in...
Astra Linux – Vulnerability in libarchive
In libarchive versions 3.4.1 through 3.5.1, there is a use-after-free in the copystring function called from douncompressblock and processblock...
Astra Linux – Vulnerability in Linux, Linux 5.10
A flaw after-free usage in the function scosocksendmsg of the Linux kernel’s HCI subsystem was discovered. This flaw allows a privileged local user to exploit it to crash the system or escalate their privileges on the system. This flaw triggers a race condition when the user calls ioct...
Astra Linux – Vulnerability in DjVuLibre
A out-of-bounds write vulnerability was discovered in DjVuLibre, specifically in the function DjVU::DjVuTXT::decode in DjVuText.cpp. A crafted DjVU file can trigger this issue, leading to a crash or segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Thunderbolt: Do not double-dequeue a configuration request. Some of our devices may crash when calling tbcfgrequestdequeue: This issue is likely due to a general protection fault, possibly related to the non-canonical address...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: davicom: fixed a Use-after-Free error in dm9000drvremove. dm is private data for netdev, and it cannot be used after the freenetdev call. Using dm after freenetdev can cause a Use-after-Free bug. This issue was fixed by movi...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
A flaw was discovered in the ATA over Ethernet AoE driver within the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt field of the struct netdevice structure. A use-after-free condition may occur due to concurrent operations between the update of the refcnt and accesses...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: uio: Fixed a use-after-free in uioopen. core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. A bug related to incorrect checking of function return values makes Squid vulnerable to Denial of Service attacks targeting its helper process management. This bug has been fixed in Squid version 6.5. Users...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel before version 6.5.9, there is a NULL pointer dereferencing in the sendacknowledge function in net/nfc/nci/spi.c...