Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexcmd80211scanext Replace one-element array with a flexible-array member in struct hostcmdds80211scanext. With this, fix the following warning: elo 16 17:51:58...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in dbFindLeaf. Currently, when searching for dmtreet to find sufficient free blocks, there is a situation where an array index goes out of bounds during the retrieval of elements from...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibaacpi: Fix array out-of-bounds access In order to use toshibadmiquirks together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 "scsi: pm80xx: Set phyattached to zero when device is gone" UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001sas.c:786:...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. The cmtpaddconnection function adds a CMTS session to a controller and runs a kernel thread to process CMTS operations. modulegetTHISMODULE; session-task =...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential Spectre v1 gadget It appears that nr might be a Spectre v1 gadget, as it is provided by a user and used as an array index. This vulnerability allows for the contents of kernel memory to be leaked int...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the issue of reading from a negative array index. Avoid using negative values for clkidex as an index into the array pptable-DpmDescriptor. V2: Fixed the check for clkindex return Tim Huang...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws The commit f316cdff8d67 “clk: Annotate struct clkhwonecelldata with countedby annotated the hws member of struct clkhwonecelldata with countedby. This informs the bounds sanitizer ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Fixed a use-after-free issue due to an enslave failure after updating the slave array. A use-after-free occurs due to an enslave failure after adding a new slave to the array. Since the new slave can be used for...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array. BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline. BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline. BUGs: KMSAN:...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.16-rc6. The function netvscgetethtoolstats in the drivers/net/hyperv/netvscdrv.c file lacks a check on the return value of kvmallocarray, which can lead to a null pointer derefrence...

Astra Linux - уязвимость в postgresql-11

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTCENABLE. There will be array index overflow problem...

Astra Linux - уязвимость в firefox, thunderbird

If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...

Astra Linux - уязвимость в cups

The vulnerability of the cupsArrayAddStrings function on CUPS printing servers stems from the operation that occurs outside of the buffer in memory. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in nfspageioaddrequest Ensure that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfspageiodoaddrequest...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpioid before used as array index WHY & HOW GPIOIDUNKNOWN -1 is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmarray: Fixed the issue where a faulty array block was released twice in dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output pointer...