Astra Linux - уязвимость в gpac

A heap-based buffer overflow vulnerability exists in gpac version 2.3-DEV-rev588-g7edc40fee-master, allowing remote attackers to execute arbitrary code and cause a denial of service DoS via the gffwrite component in atutils/osfile.c...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Added a length check to avoid buffer overflow. The buffer overflow occurs due to the use of snprintf to write data into the buffer “buf” in the targetlugpmembersshow function located in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: xfs: fixed a UAF Use-after-Allocation issue in xattr repair. The xchksetupxattrbuf function can allocate a new value buffer; therefore, any reference to ab-value before the call could become a dangling pointer. This issue was...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fixed the use of racyskbqueueempty The receive queues are protected by their respective spin-locks, not the socket lock. This could lead to skbpeek returning NULL or a pointer to a socket buffer that has already been...

Astra Linux - уязвимость в libsoup2.4

GNOME libsoup before version 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in the soupheaderparseparamliststrict function. There is a plausible way to exploit this vulnerability remotely through the soupmessageheadersgetcontenttype function for example, an...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters; if the array contains...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevented a kernel bug in submitbhwbc A bug has been fixed where nilfsgetblock returns a successful status when searching for and inserting the specified block both times fail inconsistently. If this inconsistent behavior...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks Reason The Coverity report indicates an OVERRUN warning. There are only maxlinks elements within dc-links. The number of links can reach...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fixed buffer overflow in transstatshow. The buffer overflow in transstatshow was corrected. The simple snprintf function was replaced with the safer scnprintf function, taking into account the PAGESIZE. Condition...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows for a word size to be less than 2. If this occurs, buffer overflows will occur, as reported by smatch. Add additional checks to prevent this. Additionally, remove...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a segmentation issue when upgrading gsosize. The skb was linearized during the upgrade of gsosize, as this might trigger a BUGON function later on, as described in 1,2...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bna: Ensure that the copied buffer is terminated with NUL characters. Currently, we allocate a kernel buffer of size nbytes and copy nbytes from user space to that buffer. Later, we use sscanf on this buffer, but we do not ensure...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: qca: fixed an issue where information was leaked when fetching the fw build id. Added missing sanity checks and moved the 255-byte build-id buffer off the stack to prevent the leakage of stack data through debugfs, ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firewire: nosy – Ensure that the userlength is taken into account when fetching packet contents. Ensure that packetbufferget respects the userlength provided. If the length of the head packet exceeds the userlength,...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: xattr: fixed buffer overflow for invalid xattr values. When the xattr size is not as expected, it is printed out to the kernel log in hexadecimal format as a form of debugging. However, when that xattr size is larger than...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fixed a memory leak in mt7615mcuwtblstaadd. In mt7615mcuwtblstaadd, an skb object named sskb is allocated. If the subsequent call to mt76connacmcuallocwtblreq fails, the function returns an error without freeing the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Limit access to parser-buffer when tracegetuser fails. When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: Slab-out-of-bounds in...

Astra Linux - уязвимость в memcached

A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...

Astra Linux - уязвимость в libxmp

Libxmp through version 4.6.2 has a stack-based buffer overflow in the depackpha function in the loaders/prowizard/pha.c file, due to a malformed Pha format tracker module in a .mod file...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failures related to netdevallocskbip-align. If the allocation fails, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch...