Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: lltemac: Ensure that the skb is freed when it is completely used. By using the TX BD to track the skb pointer, we have a simple and efficient way to free the skb buffer after the frame has been transmitted. However, in order...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: serial: core: Fixed the issue where the transmit-buffer was not freed after closing the serial port. The commit 761ed4a94582 “tty: serialcore: changed uartclose to use ttyportclose” converted the serial core to use ttyportclos...

Astra Linux - уязвимость в openjpeg2

In OpenJPEG 2.3.1 through 2020-01-28, opjt1clbldecodeprocessor in openjp2/t1.c has a heap-based buffer overflow in the qmfbid==1 case. This is a different issue than CVE-2020-6851...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed a null pointer dereference in the btnxpuartflush function. A check was added before freeing the rx-skb in the flush and close functions to handle kernel crashes that occur when removing the driver...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a race condition in readextentbufferpages There are reports from tree-checker that detect corrupted nodes, without any obvious pattern; it’s possible that this is due to an overwrite in memory. After some debugging, ...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux - уязвимость в xorg-server

A out-of-bounds write flaw was discovered in the xorg-x11-server. This issue arises due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c, and in the RRChangeOutputProperty function in randr/rrproperty.c...

Astra Linux - уязвимость в linux-5.10, linux

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR in the function speculationctrlupdate, but the IBPB is only issued at the next schedul...

Astra Linux - уязвимость в xterm

With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login interface for accessing remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 of xrdp contains a buffer overflow in the audinsendopen function. There are no known solutions to this issue. Users are advised to...

Astra Linux - уязвимость в vim

Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protection against send buffer overflow in NFSv2 READ Since the time before the advent of Git, NFSD has managed the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array ...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. Additionally, add a number of comments to attempt to document the current state of knowledge regarding RSB attacks and what exactly is...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.1144...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Zoned: Do not flag “ZEROOUT” on non-dirty extent buffers. Btrfs clears the content of an extent buffer marked as EXTENTBUFFERZONEDZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole i...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Do not write dirty data after degrading to read-only mode. According to the syzbot report, the markbufferdirty function called from nilfssegctordoconstruct outputs a warning with certain patterns after Nilfs2 detects...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: mcp2221: prevented a buffer overflow in mcpsmbuswrite Match Warning: drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy ‘&mcp-txbuf5’ is too small 59 vs 255 drivers/hid/hid-mcp2221.c:388 mcpsmbuswrite error: memcpy...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Debug: Fixed a potential buffer overflow caused by snprintf. snprintf returns the size of the string that would be filled if it exceeds the given buffer size. Therefore, using this value may lead to a buffer overflow...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121 – Fixed invalid connector dereference. Fixed the issue of NULL pointer dereference when no monitor is connected, and when the sound card is opened from userspace. Instead, an empty buffer containing zeros is...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read issue due to a crafted reply from a DNS server...