Astra Linux - уязвимость в apr-util

An integer overflow or wrap-around vulnerability in the aprbase64 functions of the Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net:mctp: taking ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of the skb when it succeeds. In some cases where mctplocaloutput fails, we might leak the skb. Ownership of the skb is not...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core from accessing an invalid event buffer address This commit addresses a issue where the USB core might access an invalid event buffer address during runtime suspension, potentially causing SMMU...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: kdb: Buffer overflow issue during tab-complete has been fixed. Currently, when a user attempts symbol completion using the Tab key, kdb uses strncpy to insert the completed symbol into the command buffer. Unfortunately, it passes...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: Fix bounds checking in stk1160copyvideo The subtraction in this context is reversed. -length represents the length of the buffer. -bytesused indicates the number of bytes that have been copied so far. When the...

Astra Linux - уязвимость в glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.0220...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/gem-framebuffer: Use dmabuf from GEM object instance” has been reverted. This reversion is associated with the commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in the struct drmgemobject is not stable...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emactxmemmap The DMA mappings were exposed due to mapping errors. These mappings can now be freed using the existing emacfreetxbuf function...

Astra Linux - уязвимость в glusterfs

In Gluster GlusterFS 11.0, there is a stack-based buffer over-read issue in xlators/mount/fuse/src/fuse-bridge.c...

Astra Linux - уязвимость в htmldoc

A buffer under-reading issue based on stacks in the htmldoc before version 1.9.12 allows attackers to cause a denial of service by using a crafted BMP image with the imageloadbmp function...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity reports a potential buffer overflow issue. However, given the ‘static’ scope of nvidiasetupi2cbus, it seems that this issue cannot occur after examining the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Issue: Skipping the reallocation of the Unicode buffer when resizing the alternate screen after exiting the alt screen mode. When the enteraltscreen function saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/edid: fixed an issue where information was leaked when attempting to obtain the panel ID. Be sure to clear the transfer buffer before retrieving the EDID, to avoid leaking slab data into logs in case of errors where the...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, a leak in the skbtstamptx function was fixed. Commit 50749f2dd685 “tcp/udp: Fixed memory leaks in sk and zerocopy skbs during TX timestamping” added a call to skborphanfragsrx to fix leaks related to zerocop...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194, where random system crashes have been observed 0. The problem occurs when the split header...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate the stack buffer Make sure to NULL terminate the buffer in iiobackend DebugfsWriteReg before passing it to sscan. It is a stack variable, so we should not assume that it will be initializ...

Astra Linux - уязвимость в libxmp

Libxmp through version 4.6.2 has a stack-based buffer overflow in the depackpha function in the loaders/prowizard/pha.c file, due to a malformed Pha format tracker module in a .mod file...