Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr Subject: PATCH drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr If some of the page allocations fail, we should not release the previous references to tho...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: be2net: Buffer overflow has been fixed in begetmoduleeeprom. becmdreadporttransceiverdata assumes that it is given a buffer that is at least PAGEDATALEN long, or twice that if the module supports SFF 8472. However, this is not...

Astra Linux - уязвимость в openssl, openssl1.0

ASN.1 strings are internally represented within OpenSSL as an ASN1STRING structure, which contains a buffer for storing the string data and a field for storing the buffer length. This is different from regular C strings, which are represented as a buffer for the string data, terminated with a NUL...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/prime: Use dmabuf from GEM object instance’” This change is reflected in commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in the struct drmgemobject is not stable throughout the lifetime of the objec...

Astra Linux - уязвимость в htmldoc

A flaw was discovered in htmldoc in v1.9.12 and earlier versions. A stack buffer overflow in the parsetable function in ps-pdf.cxx may allow for the execution of arbitrary code and cause a denial of service attack...

Astra Linux - уязвимость в webkit2gtk

A buffer overflow issue has been addressed through improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: A NULL cpubuffer was checked in ringbufferwakewaiters. On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: preventing buffer overflow in hidhwrequest. Currently, the returned value is considered to be always valid. However, when working with HID-BPF, the returned value can be arbitrarily large, because it is the returned val...

Astra Linux - уязвимость в nasm

A buffer overflow vulnerability exists in the hashfindi function in hashtbl.c in nasm 2.15rc0, allowing remote attackers to cause a denial of service through a crafted ASM file...

Astra Linux - уязвимость в squid

A buffer overflow was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers were vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations were sent to a...

Astra Linux - уязвимость в libtasn1-6

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data, resulting in a buffer overflow in asn1expendoctetstring...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: A buffer overflow issue has been fixed in the configuration retrieval process. The scarlett2usbgetconfig function contains a logical error in the endianness conversion code. This can lead to buffer overflows when...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux - уязвимость в fribidi

A stack-based buffer overflow vulnerability was discovered in the Fribidi package. This vulnerability allows an attacker to deliver a specially crafted file to the Fribidi application, potentially leading to a memory leak or a denial of service...

Astra Linux - уязвимость в linux, linux-5.10

The FireWire subsystem in the Linux kernel up to version 5.14.13 has a buffer overflow issue related to the drivers/media/FireWire/firedtv-avc.c and drivers/media/FireWire/firedtv-ci.c files. This issue arises due to improper handling of bounds checking by the avccapmt function...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Handling too low values of dwNtbOutMaxSize Currently, in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated “minimum” value but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This value is...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: HID: cp2112: prevented a buffer overflow in cp2112xfer Match warnings: drivers/hid/hid-cp2112.c:793 cp2112xfer error: memcpy 'data-block1' is too small 33 vs 255 drivers/hid/hid-cp2112.c:793 cp2112xfer error: memcpy 'buf' is t...

Astra Linux - уязвимость в vim

Buffer over-reading in the GitHub repository vim/vim before version 8.2...

Astra Linux - уязвимость в vim

A classic buffer overflow vulnerability in the GitHub repository for vim/vim, prior to version 8.2.4969...

Astra Linux - уязвимость в systemd

A “off-by-one” error issue was discovered in Systemd within the formattimespan function of the time-util.c file. An attacker could provide specific values for time and accuracy, resulting in a buffer overflow in formattimespan, which can lead to a Denial of Service...