Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: Fixed a warning regarding memcpy operations that span fields in mwifiexconfigscan Replace a one-element array with a flexible-array member in the struct mwifiexietypeswildcardssidparams to fix the following warning...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbyport The if statement: if port = DSAFGENUM return; limits the value of port less than DSAFGENUM i.e., 8. However, if the value of port is 6 or...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTCENABLE. There will be array index overflow problem...

Astra Linux - уязвимость в cups

The vulnerability of the cupsArrayAddStrings function on CUPS printing servers stems from the operation that occurs outside of the buffer in memory. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 "scsi: pm80xx: Set phyattached to zero when device is gone" UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001sas.c:786:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Fixed a use-after-free issue due to an enslave failure after updating the slave array. A use-after-free occurs due to an enslave failure after adding a new slave to the array. Since the new slave can be used for...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpioid before used as array index WHY & HOW GPIOIDUNKNOWN -1 is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fixed the issue of reading from a negative array index. Avoid using negative values for clkidex as an index into the array pptable-DpmDescriptor. V2: Fixed the check for clkindex return Tim Huang...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibaacpi: Fix array out-of-bounds access In order to use toshibadmiquirks together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array...

Astra Linux - уязвимость в postgresql-11

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. The cmtpaddconnection function adds a CMTS session to a controller and runs a kernel thread to process CMTS operations. modulegetTHISMODULE; session-task =...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in nfspageioaddrequest Ensure that nfspageioerrorcleanup resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfspageiodoaddrequest...

Astra Linux - уязвимость в firefox, thunderbird

If an attacker were able to corrupt the methods of an Array object in JavaScript through prototype pollution, they could have executed JavaScript code under their control in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0, and...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array. BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline. BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline. BUGs: KMSAN:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws The commit f316cdff8d67 “clk: Annotate struct clkhwonecelldata with countedby annotated the hws member of struct clkhwonecelldata with countedby. This informs the bounds sanitizer ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmarray: Fixed the issue where a faulty array block was released twice in dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output pointer...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: netlink: prevents potential Spectre v1 exploits Most netlink attributes are parsed and validated via nlavalidateparse or validatenla. c u16 type = nlatypenla; if type == 0 || type maxtype / Error or continue / The @type value is...