1035123 matches found
Astra Linux - уязвимость в parsec
The vulnerability of the macid utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: hns3: Do not allow calling hns3nicnetopen repeatedly. The function hns3nicnetopen should not be called repeatedly, but there is no checking for this. When performing device reset and setting up traffic channels...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Fixed a stack-out-of-bounds memory access from ioapicwriteindirect. KASAN reports the following issue: BUG: In kvmmakevcpusrequestmask+0x174/0x440 kvm, there is a stack-out-of-bounds situation. A read of size 8 at...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: The existing SPTE is preserved even when creating an MMIO SPTE. When installing an emulated MMIO SPTE, do so after preserving the existing SPTE if it is shadow-present. However, the fix proposed in commit 54aa15c6bd...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: pm: in-kernel: always marking signal+subflow endp as used Syzkaller managed to find a combination of actions that caused this warning to occur: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Fixed the “kernel NULL pointer dereference” error. When the rxequeueinit function in the rxeqpinitreq function fails, both qp-req.task.func and qp-req.task.arg are not initialized. Due to the failure in creating the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: xtensa: xtfpga: Fixed a refcount leak bug in setup. In machinesetup, offindcompatiblenode will return a node pointer with the refcount incremented. We should use ofnodeput when it is no longer needed...
Astra Linux - уязвимость в openimageio
There is a heap out-of-bounds read vulnerability in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially crafted .psd file can cause a read of arbitrary memory addresses, leading to a denial of service attack. An attacker can provide a...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller, we encounter an out-of-bound error. The specific issue is “KASAN: slab-out-of-bounds Read in regcacheflatread”. The backtrace of the issue is as...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by dosubmiturb There are UAF bugs caused by dosubmiturb. One of the KASan reports is shown below: 36.403605 BUG: KASAN: use-after-free in workerthread+0x4a2/0x890 36.406105 Read o...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fixed memory corruption in sma1307settingloaded The sma1307-setheadersize field specifies the number of integers in the header there are 8 such integers. However, instead of allocating 8 integers’ worth of...
Astra Linux - уязвимость в parsec
The vulnerability of the pdp-ls utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: In the rose function, there is an issue where an invalid array index is used in the rosekillbydevice function. This function collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the assignment logic of iocb. Commit 18ae8d12991b “f2fs: shows more DIO information in tracepoints” introduced the iocb field in the ‘f2fsdirectIOenter’ trace event. It only assigns the pointer and then accesses it...
Astra Linux - уязвимость в sox
In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...
Astra Linux - уязвимость в linux-5.10
A race condition was detected in the Linux kernel’s RxRPC network protocol, during the processing of RxRPC bundles. This issue arises due to the lack of proper locking when performing operations on an object. This could allow an attacker to escalate privileges and execute arbitrary code within th...
Astra Linux - уязвимость в libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unregistering flowtable hooks upon netns exit. Unregistering flowtable hooks before they are released via nftablesflowtabledestroy. Otherwise, the hook code may report a Use-After-Free error. BUG: KASAN:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: It is enforced that teql can only be used as a root qdisc. The design intent of teql is that it is only supposed to be used as a root qdisc. We need to ensure that this constraint is respected. Although it’s not very...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: veth: Fixed the use of “free” after processing “XDPREDIRECT”. Commit 718a18a0c8a6 “veth: Reworked vethxdprcvskb to accept non-linear skb” introduced a bug where it tried to use “pkbsexpandhead” if the headroom was less than...