22263 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation. REASON The last LT automation update could cause a crash by referencing currentstate and calling dcupdateplanesandstream, which might corrupt...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: skb: Fixed the cross-cache free of KFENCE-alocated skb heads. The value of SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g., 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fixed a race condition when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swap the same entry at the same time, they may obtain different pages A, B. Before one thread T0 finishe...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: A NULL pointer dereferencing issue was addressed when splitting folio objects. The commit c010d47f107f “mm: thp: splitting huge pages into lower-order pages” introduced a preliminary check on the order of the folio...
Astra Linux - уязвимость в thunderbird
The encrypted subject of an email message may be incorrectly and permanently assigned to another arbitrary email message in Thunderbird’s local cache. As a result, when replying to the contaminated email message, the user may accidentally expose the confidential subject to a third party. While th...
Astra Linux - уязвимость в chromium
The use of BFCache in Google Chrome before version 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/nfs/read: fixed the double-unlock bug in nfsreturnemptyfolio Sometimes, when a file was read while it was being truncated by another NFS client, the kernel could become stuck in a deadlock situation because foliounlock was...
Astra Linux - уязвимость в chromium
Before version 91.0.4472.101, using BFCache in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux, linux-5.10
Certain Arm Cortex and Neoverse processors, as of 2022-03-08, do not properly prevent cache speculation, also known as Spectre-BHB. Attackers can exploit the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. As a result, cache allocation may allow attacker...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: calling btrfsremovefreespacecachelocked on cache load failure Now that lockdep is kept enabled throughout our CI processes, I noticed the following stack trace in generic/475: ------------ Cut here --- WARNING: CPU: 1 PID:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bcache: Reverting the change that replaced ISERRORNULL with ISERR. The commit 028ddcac477b “bcache: Removing unnecessary NULL-point checks in node allocations” causes a NULL pointer dereferencing in the cachesetFlush function...
Astra Linux - уязвимость в guava-libraries
There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...
Astra Linux – Vulnerability in Flask
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fixed the allocation of the cleanest CLOSID on platforms without monitors. Commit: 6eac36bb9eb0 “x86/resctrl: Allocate the cleanest CLOSID by searching for the CLOSID with the fewest dirty cache lines” Added logic th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fixed invalid dereferencing of indirect CCW data pointers. The issue involved fixing invalid dereferencing of indirect CCW data pointers in the dasdeckddumpsense function. This caused kernel panic in certain error case...
Astra Linux - уязвимость в symfony
Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. The Symfony HTTP cache system functions as a reverse proxy: it caches entire responses including headers and returns them to clients. In a recent change to the AbstractSessionListener,...
Astra Linux - уязвимость в unbound
NLnet Labs Unbound, including version 1.16.1, is vulnerable to a new type of “ghost domain name” attack. The vulnerability operates by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by the commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method". The code for this function was moved from...