Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: The handling of buffer mapping fails correctly in perfmmap. After a buffer is successfully allocated or an existing buffer is successfully attached, perfmmap attempts to map the buffer into the page table in read-only...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Soundwire: qcom: fix for storing port configuration beyond the bounds The value of qcomswrmctrl-pconfig is QCOMSDWMAXPORTS 14. However, we index it starting from 1, not 0, to match actual port numbers. This can lead to writing po...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fixed a nullptrderef issue in dw2102i2ctransfer In dw2102i2ctransfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue with memory leaks in orangefskernel,clientdebuginit was fixed. When the orangefs module is inserted or removed, memory leaks occur as follows: unreferenced object 0xffff88816b0cc000 size 2048: comm "insmod", p...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a data race between perfeventsetoutput and perfmmapclose. Yang Jihing reported a race between perfeventsetoutput and perfmmapclose: CPU1 CPU2 perfmmapclosee2 if atomicdecandtest&e2-rb-mmapcount // 1 - 0 detachres...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vhost-vdpa: fixed an iotlb memory leak Before committing 3d5698793897 “vhost-vdpa: introduced ASID-based IOTLB”, we called vhostvdpaiotlbunmapv, iotlb, 0ULL, 0ULL – 1 during the release phase to free all resources allocated wh...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: qrtr: Fixed a bug related to access to the uninit variable in qrtrtxresume. Syzbot reported the following bugs: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0...

Astra Linux - уязвимость в libcpanel-json-xs-perl

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow that causes a segfault when parsing crafted JSON, allowing for denial-of-service attacks or other unspecified impacts...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Make sure that fd closes completely. During the processing of BCFREEBUFFER, the BINDERTYPEFDA object cleanup may close one or more fds. The close operations are completed using the task work mechanism—which means that the...

Astra Linux - уязвимость в linux-5.10

A buffer overflow vulnerability was discovered in the Netfilter subsystem of the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially enable Local Privilege Escalation to the root user through arbitrary code execution...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putqpel00fallback16 in the fallback-motion.cc file. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes – Fix for buffer overreading in CTR mode When processing the last block, the s390 CTR code will always read a whole block, even if there is no data left in that block. This issue is fixed by using the actual...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through version 1.12.0. There is a heap-based buffer over-read in the function H5Olayoutdecode, located in H5Olayout.c. This allows an attacker to cause a Denial of Service attack...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLLoadWAVRW in the audio/SDLwave.c file, there is an issue of buffer over-reading for versions from 1.2.15 up to 2.x, and further up to 2.0.9...

Astra Linux - уязвимость в libsdl1.2, libsdl2

The SDL Simple DirectMediaLayer versions from 1.2.15 up to 2.x, and from 2.0.9 up to 2.0.9, have a buffer over-reading issue in the IMAADPCMnibble function in the audio/SDLwave.c file...

Astra Linux – Vulnerability in espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfc: fdp: Fixed a potential memory leak in fdpncisend. The fdpncisend function calls fdpncii2cwrite, which does not free the skb object after its execution. As a result, when fdpncii2cwrite is completed, the skb object will...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

Astra Linux - уязвимость в ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a heap buffer overflow when a specially crafted NTFS attribute is set up using the function ntfsattrsetupflag. This could allow code execution and an escalation of privileges...

Astra Linux - уязвимость в gst-plugins-bad1.0

GStreamer H265 Parsing: Stack-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors...