530327 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rxrpc, afs: Fixing the issue where a missing error pointer check occurs after rxrpckernellookuppeer. The rxrpckernellookuppeer function can also return error pointers in addition to NULL. Therefore, simply checking for NULL is...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mfd: max77620: Fixed the refcount leak in max77620initialisefps. The ofgetchildbyname function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the missi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fixed invalid pointer dereferencing for v1 platforms The commit 3ef9f710efcb “pinctrl: mediatek: Added EINT support for multiple addresses” introduced an access to the ‘soc’ field of the struct mtkpinctrl...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: The issue of using NULL for folio handling in movepageshugepmd has been fixed. movepageshugepmd handles UFFDIOMOVE operations for both normal THPs and huge zero pages. For the huge zero page, srcfolio is explicitly...
Astra Linux – Vulnerability in cups-filters
CUPS is a standards-based, open-source printing system. libcupsfilters contains the code for the filters from the former cups-filters package, as library functions used for data format conversion tasks in Printer Applications. In CUPS-Filters versions up to and including 1.28.17, and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the crash that occurred during profile change rollback failure. The mlx5enetdevchangeprofile function may fail to attach a new profile and may fail to roll back to the old profile. In such cases, we might end ...
Astra Linux – Vulnerabilities in Firefox, LibWebP, Thunderbird
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free the best.bw file, assigning the best pointer to trial. The second loop will then return 0 due to a memory out-of-memory error in the VP8 encoder; the pointer remai...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
A use-after-free vulnerability was discovered in the nfs42sscopen function in the fs/nfs/nfs4file.c file within the Linux kernel. This flaw allows an attacker to perform remote denial-of-service attacks...
Astra Linux – Vulnerability in PHP 7.3
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hashes end up in the password database, it may allow an application to accept any password for that entry as valid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89: A use-after-free issue has been fixed in rtw89coretxkickoffandwait. There is a bug observed when rtw89coretxkickoffandwait attempts to access an skbdata that has already been freed: BUG: KFENCE: A use-after-free...
Astra Linux – Vulnerability in node-brace-expansion
A vulnerability was discovered in the juliangruber brace-expansion library, up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regula...
Astra Linux – Vulnerability in libtar
The thread function does not free the variable t-thbuf.gnulongname after allocating memory, which may lead to a memory leak...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A use-after-free flaw was discovered in the Linux kernel’s Atheros wireless adapter driver, where a user can cause the ath9khtcwaitfortarget function to fail with certain input messages. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux – Vulnerability in db5.3
SQLite3 versions from 3.6.0 through 3.27.2 are vulnerable to heap out-of-bound reads in the rtreenode function when handling invalid rtree tables...
Astra Linux – Vulnerability in glibc
A flaw was discovered in glibc. A “off-by-one” buffer overflow and underflow in the getcwd function may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and the size passed to getcwd in a setuid program could exploit this flaw t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/netfs/fscachecookie: added a check for the missing “naccesses” parameter. This fix addresses a NULL pointer dereference bug caused by a data race. The details of the bug are as follows: BUG: NULL pointer dereference in the...
Astra Linux - Vulnerability in linux-5.10
A vulnerability was discovered in the btrfsgetrootref function in fs/btrfs/disk-io.c within the Btrfs filesystem of the Linux kernel, caused by a double decrement of the reference count. This issue could allow a local attacker with user privileges to crash the system or lead to the disclosure of...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications for handling web communications. The issue arises when the library processes specially crafted multipart messages. Due to improper validation, an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an incorrect match in devargsmatchdevice. Syzkaller discovered a failed assertion: “Assertion failed: args-devid != u64-1 || args-missing”, in fs/btrfs/volumes.c:6921. This issue can occur when we set devid to u64-1...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rtrs: Ensure that the ‘ibsge list’ is accessible. Move the declaration of the ‘ibsge list’ variable outside the ‘alwaysinvalidate’ block to ensure that it remains accessible for use throughout the function. Previously, th...