Astra Linux - уязвимость в flac

A buffer overflow vulnerability exists in the function bitwritergrow in FLAC before version 1.4.0, allowing remote attackers to execute arbitrary code through crafted inputs to the encoder...

Astra Linux - уязвимость в libraw

A flaw was discovered in LibRaw. A heap-buffer-overflow in the raw2imageex function, caused by a maliciously crafted file, may lead to an application crash...

Astra Linux - уязвимость в tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the extractContigSamplesBytes function at /libtiff/tools/tiffcrop.c:3215...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel before version 5.19.16. Attackers who were able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in the net/mac80211/scan.c file...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in include/asm-generic/tlb.h in the Linux kernel before version 5.19. Due to a race condition between unmapmappingrange and munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations involving VMPFNMAP VMAs...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fixed a 1-byte out-of-bounds read in uvcparseformat. The check for the buffer length before calling uvcparseformat only ensured that the buffer contained at least 3 bytes buflen 2. However, the function accesses...

Astra Linux - уязвимость в liblouis

A buffer overflow vulnerability has been discovered in Liblouis v.3.24.0. This vulnerability allows a remote attacker to cause a denial of service through the loulogFile function at the logginc.c endpoint...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap the dmamapsg tracepoint arrays to prevent buffer overflows. The dmamapsg tracepoint can cause a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu that create large DRM...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nftseteleminit could be exploited by a local attacker to escalate privileges. This is a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an unprivileged...

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the core path resolution function allocates a buffer that is one byte too small. When resolving paths with lengths close to the system’s MAXPATHLEN setting, this may result in the byte after the allocated buffer being...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf, cpumap: Handle skb as well when cleaning up ptrring. The following warning was reported when running xdpredirectcpu with both skbmode and stressmode enabled: ------------ Cut here ------------ Incorrect XDP memory type...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fixed the nullptrderef bug in the buf prepare and finish steps. When the driver calls tw68riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer buf-cpu. Late...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed an issue identified by KASAN...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fixed memory leak in the fdt buffer This issue was reported by the kmemleak detector: Unreferenced object: 0xff60000082864000 size 9588 Command: “kexec”, PID: 146, Jiffies: 4294900634 age: 64.788 seconds Hex dump...

Astra Linux - уязвимость в bluez

BlueZ Audio Profile: Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected BlueZ installations. User interaction is required to exploit this vulnerability, as the target must...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Staging: gdm724x: fixed the use of a variable after it is freed in gdmlterx. The netifrxni function frees the skb, so we cannot dereference it to save the skb-len...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: pktgen: Fixed the issue where access occurs outside of the user-given buffer in pktgenthreadwrite. The size of the user-given buffer was respected for strnlen calls; otherwise, strnlen would access memory outside of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows for a word size to be less than 2. If this occurs, buffer overflows will occur, as reported by smatch. Add additional checks to prevent this. Additionally, remove...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Added a check for the value “plane”. The function dispcovlsetup is not intended to work with the value OMAPDSSWB of the plane enum parameter. The value of this parameter is initialized in dssinitoverlays, and in th...