1035126 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates the index root when initializing NTFS security. This improves the sanity check for $SDH and $SII during the initialization of NTFS security, ensuring that these index roots are legitimate. 162.459513 BUG:...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the struct ethtoollinkksettings...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: xsk: fixed the refcount underflow in the error path. This fix addresses a refcount underflow issue reported by syzbot, which can occur when the system runs out of memory. If xpalloctxdescs fails—and it can only fail due to...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: KVM: SVM: Do not generate errors if the user space injects an interrupt with GIF=0. Do not generate errors or warnings during interrupt injection when GIF is cleared. It is trivial for the user space to force this situation...
Astra Linux - уязвимость в exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A out-of-bounds read vulnerability was discovered in Exiv2 versions v0.27.3 and earlier. This vulnerability occurs when Exiv2 is used to write metadata into a specially craft...
Astra Linux - уязвимость в chromium
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: Fix VLAN traffic leaks The PCRMATRIX field was set to all 1’s when VLAN filtering is enabled, but it wasn’t reset when VLAN filtering was disabled. This could lead to traffic leaks: ip link add br0 type bridge...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf, cgroup: Fixed a kernel bug in purgeeffectiveprogs Syzkaller reported a triggered kernel bug as follows: ------------ cut here ------------ Kernel bug at kernel/bpf/cgroup.c:925! Invalid opcode: 0000 1 PREEMPT SMP NOPTI CP...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: spmi: In the tracing functions, there was an issue where access to memory was out of bounds. This issue was fixed by using a length of “len” instead of “len + 1”. The functions tracespmiwritebegin and tracespmireadend both use...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image can cause a heap-based buffer overflow in the ntfsmftrecalloc function within NTFS-3G from version 2021.8.22 onwards...
Astra Linux - уязвимость в thunderbird
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed, or both, Thunderbird may display incorrect encryption or signature statuses. After opening and viewing the attached message B, when returning to the display of message A, message A may...
Astra Linux - уязвимость в opensc
A vulnerability related to the “return issue” was discovered in Opensc before version 0.22.0. This vulnerability exists in the “insertpin” function, and it could potentially cause programs using the library to crash...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: Thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crashes. When CPU 0 is offline and intelpowerclamp is used to simulate idle state, it causes a kernel bug: Bug: Using smpprocessorid in preemptible 000000...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fixed the ordering in queuedwritelockslowpath While this code is executed with waitlock held, a reader can acquire the lock without holding waitlock. The writer checks the value using atomiccondreadacquire, but...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/mbox: The cxlpayloadfromuserallowed function now validates the size of the payload before accessing its contents. The cxlpayloadfromuserallowed function casts and dereferences the input payload without first verifying its...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: perf/x86/amd: Fixed a crash that occurred due to a race between amdpmuenableall, perf NMI, and throttling. amdpmuenableall does the following: if !testbitidx, cpuc-activemask continue; amdpmuenableeventcpuc-eventsidx; A perf N...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ubi: Ensure that the VID header offset + VID header size ≤ alloc, size. Ensure that the VID header offset + VID header size does not exceed the allocated area to avoid slab OOB. BUG: KASAN: Slab-out-of-bounds in...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQNone if no interrupts were detected Return IRQNone from the interrupt handler when no interrupt was detected. This is because an empty interrupt will cause a null pointer error. "Unable to handle...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Refreshing the inline data size before write operations The cached ei-iInlineSize can become stale between the initial size check and when ext4updateInlineData/ext4createInlineData use it. Although ext4getmaxInlineSize read...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ipv6: A bug in rt6getpcpuroute under PREEMPTRT has been fixed. On PREEMPTRT kernels, after rt6getpcpuroute returns NULL, the current task can be preempted. Another task running on the same CPU may then execute rt6makepcpuroute an...