Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmarray: Fixed the issue where a faulty array block was released twice in dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output pointer...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The "buf" pointer is an array of u16 values. This code should be using ARRAYSIZE which is 256 instead of sizeof which is 512, otherwise it can the still got out of bounds...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: netlink: prevents potential Spectre v1 exploits Most netlink attributes are parsed and validated via nlavalidateparse or validatenla. c u16 type = nlatypenla; if type == 0 || type maxtype / Error or continue / The @type value is...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsiccgupdatesetnewcamcmd The "cmd" variable can be controlled by the user via debugfs. That means "newcam" can be as high as 255 while the size of the uc-updated array is UCSIMAXALTMODE...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmmtable as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmmtable: BUG: KASAN: slab-out-of-bounds in wilcwlanhandletxq+0x6ac/0xdb4 Write of size 4 at addr...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pdscore: handle unsupported PDSCORECMDFWCONTROL result If the FW doesn't support the PDSCORECMDFWCONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The function uapifinalize in drivers/infiniband/core/uverbsuapi.c lacks a check for the function kmallocarray...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: The zero-initialize of the eb.vma array in i915gemdoexecbuffer was corrected. The eb.vma array is initialized with values of 0 when the eb structure is first set up. Specifically, this sets the eb-vmai.vma pointers ...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter libavfilter/affirequalizer.c due to a missing check on the return value of avmallocarray in the configinput function. An attacker could exploit this by tricking a victim into processing a crafted media file with the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in dbAdjTree. Currently, there is a missing bounds check when accessing the dmtstree within dbAdjTree. To address this issue, a boolean variable named “isctl” was added. This variable...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was performed on curseg-alloctype. As Wenqing Liu reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview In the UBSAN library, an array-index-out-of-bounds exception occurred at li...

Astra Linux - уязвимость в php8.1, php7.3

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "storemodes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: The OOB issue in nilfssetdetype has been fixed. The size of the nilfstypebymode array in the fs/nilfs2/dir.c file is defined as “SIFMT SSHIFT”. However, the nilfssetdetype function, which uses this array, specifies the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssxdecoptionarray The creds and oa-data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw-unitnumber is initialized with -1 and then if init table walk fails...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: pciendpointtest: Fix array underflow in pciendpointtestioctl Commit eefb83790a0d "misc: pciendpointtest: Add doorbell test case" added NOBAR -1 to the pcibarno enum which, in practical terms, changes the enum from an unsign...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot reported a GPF in sgallocAppendTablefromPages. The problem arose from the condition ubuf-pages == ZEROPTR. ubuf-pagecount is calculated based on arguments passed from the user-space. If the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup Change the array size to follow parms size instead of a fixed value...