Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for the missing unmap operation when zerofsgetextentcompressedlen fails. Otherwise, meta buffers could be leaked...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed DMA mapping leaks During the reallocation of RX buffers, new DMA mappings are created for those buffers. Steps to reproduce the issue are as follows: While loop: Do For i=0; i=8160; i=i+32 Do ethtool -G enp130s0f0 ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fixed a buffer overflow in the liotargetnaclinfoshow function. The function liotargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checking the buffe...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: A BUG in ppskbexpandhead as part of calipsoskbuffsetattr. There exists a kernel oop caused by a BUGONnhead INTMAX parameter i.e., intskbheadroomskb + lendelta skbheadroomskb is intended to ensure that delta = headroom -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disabling INVLPGB on Zen2 AMD Cyan Skillfish Family 17h, Model 47h, Stepping 0h has a issue that causes system errors and panics when performing TLB flush using INVLPGB. However, the problem arises because the machin...

Astra Linux - уязвимость в c-ares

C-ares is an asynchronous resolver library. The aresinetnetpton function is vulnerable to a buffer underflow for certain IPv6 addresses. In particular, the address “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes, and an administrat...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a global-buffer-overflow issue was observed during FreeRDP’s Base64 decoding process. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char values are treated...

Astra Linux - уязвимость в freetype

It was discovered that the FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f contains a heap buffer overflow issue through the sfntinitface function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg only uses cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible, then calls kfreeso-tx.buf. If a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: fixed a potential out-of-bound write issue. The buffer is set to 20 characters. If a caller writes more characters, the count is truncated to the maximum available space in “simplewritetobuffer”. To prevent access by OoB,...

Astra Linux - уязвимость в cups

The vulnerability of the cupsSNMPStringToOID function in the CUPS printing server is related to the escape from the global buffer. Exploiting this vulnerability allows an attacker to access confidential data and also cause service failures...

Astra Linux - уязвимость в ofono

oFono CUSD stack-based buffer overflow code execution vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first gain the ability to execute code on the target modem in order to exploit this vulnerability. The...

Astra Linux - уязвимость в u-boot

The U-Boot 2022.01 has a Buffer Overflow issue...

Astra Linux - уязвимость в ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2, specifically in the filtervertically8 function within libavfilter/vfavgblur.c. This vulnerability could lead to a remote Denial of Service attack...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networking layer: Fixed a memory leak that occurred when uncloning an skb dst and its associated metadata. When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in t...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fixed the bulk-buffer overflow issue. The driver uses buffers sized equal to the endpoint size, but it should not assume that the tx and rx buffers have the same size. A malicious device could cause the...

Astra Linux - уязвимость в libcaca

A flaw was discovered in libcaca. A heap buffer overflow in the export.c file, specifically in the exporttga function, may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в texlive-bin

OpenDetex 2.8.5 has a Buffer Overflow issue in TexOpen, specifically in detex.l, due to an incorrect sprintf operation...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gro: fixed ownership transfer If packets are received using GRO, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a problem because...

Astra Linux - уязвимость в mdadm

A buffer overflow in some IntelR SSD Tools software prior to version mdadm-4.2-rc2 may allow a privileged user to potentially enable privilege escalation through local access...