21931 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fixed a possible double-free of kmemcache When running the slubdebug test, the kfence’s “testmemcachetypesafebyrcu” kunit test case caused a use-after-free error: BUG: KASAN: use-after-free in kobjectdel+0x14/0x30...
Astra Linux - уязвимость в wpa
Implementations of EAP-pwd in hostapd before version 2.10 and wpasupplicant before version 2.10 are vulnerable to side-channel attacks due to cache access patterns. NOTE: This issue exists because of an incomplete fix for CVE-2019-9495...
Astra Linux - уязвимость в wpa
Implementations of SAE in hostapd before version 2.10, and wpasupplicant before version 2.10, are vulnerable to side-channel attacks due to cache access patterns. NOTE: This issue exists due to an incomplete fix for CVE-2019-9494...
Astra Linux - уязвимость в firefox, thunderbird
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Astra Linux - уязвимость в firefox, thunderbird
Keyboard events reference strings like “KeyA” that are located at fixed, known, and widely-distributed addresses. Cache-based timing attacks, such as Prime+Probe, could potentially determine which keys were pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: The bug related to delayed allocation was fixed in ext4clumapped for bigalloc and inline scenarios. When converting files with inline data to extents, delayed allocations made on a file system created with both bigalloc and...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ACPICA: fixed cache leaks in “acpiparse” and “parseext” functions ACPICA commit: 8829e70e1360c81e7a5a901b5d4f48330e021ea5 The actual ACPI cache leak points are as follows: 0.360101 ACPI: Added OSIModule Device 0.360101 ACPI:...
Astra Linux - уязвимость в mariadb-10.3
A vulnerability in the Itemsubselect::initexprcachetracker component of MariaDB Server v10.6 and earlier was identified. This vulnerability allows attackers to trigger a Denial of Service DoS attack through specially crafted SQL statements...
Astra Linux - уязвимость в firefox
Due to unexpected data type conversions, a use-after-free might have occurred when interacting with the font cache. We assume that with sufficient effort, this vulnerability could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds acces...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmarray: Fixed the issue where a faulty array block was released twice in dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output pointer...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mm: Use memallocnofssave in pagecacheraorder See commit f2c817bed58d “mm: Use memallocnofssave in readahead path”. Ensure that pagecacheraorder does not attempt to reclaim file-backed pages too often, as this can lead to a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nfsd: move the initialization of the reply cache cache counters back into nfsdinitnet The commit f5f9d4a314da “nfsd: move the reply cache initialization into nfsd startup” moved the initialization of the reply cache into nfsd...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: skb: Fixed the cross-cache free of KFENCE-alocated skb heads. The value of SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g., 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: In the net:sock section, there is a fix for a panic that occurs during the sockrecverrqueue function when the hardenedusercopy feature is enabled. The skbufffclonecache structure was created without defining a usercopy region...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: A NULL pointer dereferencing issue was addressed when splitting folio objects. The commit c010d47f107f “mm: thp: splitting huge pages into lower-order pages” introduced a preliminary check on the order of the folio...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘f2fs: fix to do sanity check on extent cache correctly’” The syzbot reports a bug in f2fs as follows: UBSAN: Array-index-out-of-bounds in fs/f2fs/f2fs.h:3275:19 Index 1409 is out of range for type ‘le32923’ aka ‘unsigned...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...
Astra Linux - уязвимость в symfony
Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. The Symfony HTTP cache system functions as a reverse proxy: it caches entire responses including headers and returns them to clients. In a recent change to the AbstractSessionListener,...
Astra Linux - уязвимость в chromium
Before version 91.0.4472.101, using BFCache in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...