Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Added a length check to avoid buffer overflow. The buffer overflow occurs due to the use of snprintf to write data into the buffer “buf” in the targetlugpmembersshow function located in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace handle the interrupt mask. The logic for setting the interrupt mask by default in uiohvgeneric driver has been removed. The interrupt mask value should be completely controlled by the user space. If th...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fixed a memory leak in mt7615mcuwtblstaadd. In mt7615mcuwtblstaadd, an skb object named sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing the...

Astra Linux - уязвимость в qemu

A issue was discovered in QEMU versions 7.1.0 through 8.2.1. The registervfs function in hw/pci/pciesriov.c mishandles the situation where a guest writes a number of NumVFs that is greater than the total number of TotalVFs, resulting in a buffer overflow in VF implementations...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “vt: fix unicode buffer corruption when deleting characters” This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 “vt: fix memory overlapping when deleting chars in the buffer”. The solution is als...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevented a kernel bug in submitbhwbc A bug has been fixed where nilfsgetblock returns a successful status when searching for and inserting the specified block both times fail inconsistently. If this inconsistent behavior...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow. The buffer ‘afmtstatus’, which is sized 6, could overflow, as the index ‘afmtidx’ is checked after access...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed a race condition involving the unreferencing of the vram buffer in the svm code. The unreferencing of prange-svmbo can occur both in the mmu callback and in a callback after migrating to system RAM. Both are...

Astra Linux - уязвимость в zeromq3

There is a flaw in the zeromq server in versions before 4.3.3, located in src/decoderallocators.hpp. The decoder’s static allocator could have its size changed, but the buffer remains unchanged since it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zero...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to local application denial of service in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: Avoid a use-after-free when BO init fails. nouveauboinit is backed by ttmboinit and passes its return value back to the caller. In case of failures, ttmboinit invokes the provided destructor, which should...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca – A memory leak was fixed in the device probe, and the phy-pendingskb variable was properly freed after allocation. However, it was forgotten to be freed during the error handling and removal processes, resulting in...

Astra Linux - уязвимость в wireshark

A buffer overflow in the Bluetooth SDP dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or malicious capture files...

Astra Linux - уязвимость в pillow

In Pillow before 8.1.0, PcxDecode has a buffer over-reading issue when decoding a crafted PCX file, because the user-supplied stride value is trusted for buffer calculations...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block. It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend/resume testing. The following backtrace was extracted from...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...

Astra Linux - уязвимость в ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the configinput function at libavfilter/aftremolo.c, which could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в aspell

The libaspell.a module in GNU Aspell prior to version 0.60.8 has a stack-based buffer overflow issue in the common::unescape function within common/getdata.cpp, caused by an isolated \ character...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fixed transfer-buffer overflows The driver uses USB transfer buffers sized equal to the endpoint size. However, until recently, there were no sanity checks on these buffer sizes. The commit e1f13c879a7c “staging:...