8415 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: A memory leak has been fixed in nfs4setsecuritylabel. We encounter a memory leak whenever we set a security xattr, which involves accessing nfsfattr and nfs4label...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4fattrargs.context is zeroed out If nfsd4encodefattr4 performs a “goto out” operation before checking the security label, then args.context will be set to uninitialized garbage on the stack. We will then...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: A reference leak of the device node occurred in the logicvcdrmconfigParse function. The logicvcdrmconfigParse function calls ogetchildbyname to find the “layers” node, but fails to release the reference, resulting in...
Astra Linux – Vulnerability in Jinja2
Jinja is an extensible templating engine. Prior to version 3.1.6, there was a flaw in how the Jinja sandbox environment interacted with the |attr filter, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If an TCATAPRIOATTRPRIOMAP attribute is provided, the taprioparsemqprioopt function must validate it. Otherwise, arbitrary data can be injected into the kernel when the...
Astra Linux – Vulnerability in libmysofa
LibMySOFA 0.9.1 has a stack-based buffer overflow issue in the readDataVar function in hdf/dataobject.c, during the reading of a header message attribute...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vdpa: Added a max vqp attr to vdpanlpolicy for checking nlattr lengths. The vdpanlpolicy structure is used to validate the nlattr during the parsing of incoming nlmsg. It ensures that the described attribute produces a valid nlat...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to out-of-bounds reads in ntfsattrfind and ntfsexternalattrfind in NTFS-3G 2021.8.22...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a kernel warning during topology setup This patch fixes the following kernel warning that occurred during driver loading by correctly initializing the p2plink attr before creating the sysfs file: +0.002865...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use the correct encap attribute during invalidation With the introduction of post-action infrastructure, most users of the encap attribute were modified to obtain the correct attribute by calling the mlx5etcgetencapatt...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Added bounds checking in getmaxinlinexattrvaluesize Normally, extended attributes within the inode body would be checked when the inode was first opened. However, if someone writes to the block device while the file system ...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can cause an integer overflow in the memmove function, resulting in a heap-based buffer overflow in the ntfsattrrecordresize function, as of NTFS-3G version 2021.8.22...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to heap exhaustion in ntfsgetattributevalue in NTFS-3G from version 2021.8.22 onwards...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed a potential deadlock in blkiarangesysfsshow When reading a sysfs attribute, the attribute is already protected against removal due to the active reference counter of the kobject node. As a result, in...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. The UserAttributeSimilarityValidator incurred significant overhead when evaluating a submitted password that was artificially large relative to the comparison values. In a situation where access to user...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr The commit 1f9ad21c3b38 “powerpc/mm: Implement setmemory routines” included a spinlock call in changepageattr in order to safely perform the three-step operations...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur...